ENHANCEMENT OF SECURITY FEATURE IN GRAPHICAL PASSWORD AUTHENTICATION

Similar documents
Graphical User Authentication System An Overview P. Baby Maruthi 1, Dr. K. Sandhya Rani 2

Novel Shoulder-Surfing Resistant Authentication Schemes using Text-Graphical Passwords

Recall Based Authentication System- An Overview

A Novel Approach for Software Implementation of Graphical Authentication Methodology

Graphical User Authentication Using Random Codes

A New Hybrid Graphical User Authentication Technique based on Drag and Drop Method

3LAS (Three Level Authentication Scheme)

A GRAPHICAL PASSWORD BASED AUTHENTICATION BASED SYSTEM FOR MOBILE DEVICES

MULTIPLE GRID BASED GRAPHICAL TEXT PASSWORD AUTHENTICATION

Cued Click Point Technique for Graphical Password Authentication

Innovative Graphical Passwords using Sequencing and Shuffling Together

Usable Privacy and Security, Fall 2011 Nov. 10, 2011

International Journal of Pure and Applied Sciences and Technology

A Survey on Recall-Based Graphical User Authentications Algorithms

Authentication schemes for session password using color and special characters

COMPARATIVE STUDY OF GRAPHICAL USER AUTHENTICATION APPROACHES

A STUDY OF GRAPHICAL PASSWORDS AND VARIOUS GRAPHICAL PASSWORD AUTHENTICATION SCHEMES

Pixel Value Graphical Password Scheme-Graphical Password Scheme Literature Review

Securing Web Accounts Using Graphical Password Authentication through MD5 Algorithm

A new algorithm on Graphical User Authentication (GUA) based on multi-line grids

Divide and Conquer Approach for Solving Security and Usability Conflict in User Authentication

A NEW ALGORITHM FOR GRAPHICAL USER AUTHENTICATION BASED ON ROTATION AND RESIZING ARASH HABIBI LASHKARI

Towards Identifying Usability and Security Features of Graphical Password in Knowledge Based Authentication Technique

A Multi-Grid Graphical Password Scheme

A New Graphical Password: Combination of Recall & Recognition Based Approach

Graphical password authentication using Pass faces

Defenses against Large Scale Online Password Guessing by Using Persuasive Cued Click Points

An image edge based approach for image password encryption

Graphical Password Authentication: Methods and Schemes

An Ancient Indian Board Game as a Tool for Authentication

CARP: CAPTCHA as A Graphical Password Based Authentication Scheme

Graphical Password to Increase the Capacity of Alphanumeric Password

A Survey on Different Graphical Password Authentication Techniques

Graphical Password Authentication with Cloud Securing Method

A Survey on Recognition-Based Graphical User Authentication Algorithms

Graphical Password or Graphical User Authentication as Effective Password Provider

International Journal of Advances in Engineering Research

Authentication Using Grid-Based Authentication Scheme and Graphical Password

NETWORK SECURITY - OVERCOME PASSWORD HACKING THROUGH GRAPHICAL PASSWORD AUTHENTICATION

ChoCD: Usable and Secure Graphical Password Authentication Scheme

SHOULDER SURFING RESISTANT GRAPHICAL PASSWORD

AN IMPROVED MAP BASED GRAPHICAL ANDROID AUTHENTICATION SYSTEM

Image Password Based Authentication in an Android System

USING EMOJI PICTURES TO STRENGTHEN THE IMMUNITY OF PASSWORDS AGAINST ATTACKERS

Graphical User Authentication

USER AUTHENTICATION USING NATIVE LANGUAGE PASSWORDS

A Hybrid Password Authentication Scheme Based on Shape and Text

Implementation and Design of Graphical Password System Using Image Fusion

SHOULDER SURFING ATTACK PREVENTION USING COLOR PASS METHOD

DEFENSES AGAINST LARGE SCALE ONLINE PASSWORD GUESSING ATTACKS BY USING PERSUASIVE CLICK POINTS

Computer security experts often tell us not to choose an easy to guess word as a password. For example, the user name or date of birth.

International Journal of Emerging Technology in Computer Science & Electronics (IJETCSE) ISSN: Volume 14 Issue 2 APRIL 2015

DESIGN, IMPLEMENTATION AND EVALUATION OF A KNOWLEDGE BASED AUTHENTICATION SCHEME UPON COMPELLING PLAIT CLICKS

International Journal of Scientific & Engineering Research, Volume 4, Issue 12, December ISSN

Pixel Value Graphical Password Scheme: Fake Passpix Attempt on Hexadecimal Password Style

Graphical Password Authentication using Images Sequence

DEFENSES AGAINST LARGE SCALE ONLINE PASSWORD GUESSING ATTACKS BY USING PERSUASIVE CLICK POINTS

A Text based Authentication Scheme for Improving Security of Textual Passwords

The Design and Implementation of Background Pass-Go Scheme Towards Security Threats

M.Ashwini 1,K.C.Sreedhar 2

Address for Correspondence 1 Associate Professor department o f Computer Engineering BVUCOE, Pune

Captcha as Textual Passwords with Click Points to Protect Information

A Tabular Steganography Scheme for Graphical Password Authentication

Presented By: Miss Samya Ashraf Want Student ID

Minimizing Shoulder Surfing Attack using Text and Color Based Graphical Password Scheme

Simple Text Based Colour Shuffling Graphical Password Scheme

Captcha Authenticated Unwanted Message Filtering Technique for Social Networking Services

Modeling user choice in the PassPoints graphical password scheme

3D PASSWORD AUTHENTICATION FOR WEB SECURITY

Randomized Image Passwords and A QR Code based Circumnavigation Mechanism for Secure Authentication

Keywords security model, online banking, authentication, biometric, variable tokens

Survey on Various Techniques of User Authentication and Graphical Password

Graphical Password Using Captcha

Issues, Threats and Future Trend for GSP

Graphical Authentication System

A Secure Graphical Password Authentication System

MIBA: Multitouch Image-Based Authentication on Smartphones

A Survey On Resisting Shoulder Surfing Attack Using Graphical. password

Order and Entropy in Picture Passwords

KNOWLEDGE BASED AUTHENTICATION MECHANISM FOR SECURED DATA TRANSFER

Security in Graphical Authentication

Available Online through

MULTI-FACTOR AUTHENTICATION USING GRAPHICAL PASSWORDS THROUGH HANDHELD DEVICE

Ray s Scheme: Graphical Password Based Hybrid Authentication System for Smart Hand Held Devices

CARP-A NEW SECURITY PRIMITIVE BASED ON HARD AI PROBLEMS

Enhancing CAPTCHA based Image Authentication for ID and Password

Secure Usable Authentication Using Strong Pass text Passwords

Novel Security Method Using Captcha as Graphical Password

Information Security Engineering

A Smart Card Based Authentication Protocol for Strong Passwords

A Novel Graphical Password Authentication Scheme

HumanAUT Secure Human Identification Protocols

Fuzzy Inference System based Edge Detection in Images

KNOWLEDGE BASED AUTHENTICATION SYSTEM DESIGN BASED ON PERSUASIVE CUED CLICK POINTS

SECURED PASSWORD MANAGEMENT TECHNIQUE USING ONE-TIME PASSWORD PROTOCOL IN SMARTPHONE

ISSN: (Online) Volume 2, Issue 10, October 2014 International Journal of Advance Research in Computer Science and Management Studies

Algorithm To Ensure And Enforce Brute-Force Attack-Resilient Password In Routers

Enhanced Textual Password Scheme for Better Security and Memorability

Content Based Image Retrieval: Survey and Comparison between RGB and HSV model

Global Journal of Computer Science and Technology: C Software & Data Engineering

Transcription:

International Journal of Computer Science Engineering and Information Technology Research (IJCSEITR) ISSN 2249-6831 Vol. 3, Issue 2, Jun 2013, 395-402 TJPRC Pvt. Ltd. ENHANCEMENT OF SECURITY FEATURE IN GRAPHICAL PASSWORD AUTHENTICATION LOVEY RANA 1 & OM PAL 2 1 Student, SOIT, Centre for Development of Advanced Computing (CDAC), Uttar Pradesh, India 2 Senior Lecturer, SOIT, Centre for Development of Advanced Computing (CDAC), Uttar Pradesh, India ABSTRACT The notion of the paper is to provide an efficient and secure graphical password system with the use of colour images. The images will be the base for the password scheme for the users. The two main features of graphical passwords are usability and security while designing any graphical approach. Hence we need to maintain a balance between both the features. On the basis of the study of the previous algorithms we have analyzed the security features of the algorithms, we added the concept of graining (adding noise to the image) and processed the image using variation in the RGB colour scheme of the image along with rotation and resizing scheme used earlier[1]. Here the images will be concatenated along with the text to enhance the security feature of the approach and this concatenation of the text will serve against shoulder surfing attack. KEYWORDS: Graphical Password, Graining, RGB Colour Scheme, Recognition Based, Password Entropy INTRODUCTION Graphical password is a sub domain of multifactor authentication the concept of multifactor authentication coins the theory of using more than one authentication scheme for a password scenario. Graphical password is the way to get out of the boundary of remembering the long textual password which has no relevance to the user. The graphical scheme can provide an easy way for the user to reduce the effort to remember the password. The graphical password scheme provides enhanced security and usability. The graphical password is categorised into two schemes recognition based and recall based. In recognition based the user recognised the password pattern he has set. In recall based the user recalls the password by looking at any relevant object. Graphical Password is more secure than textual password but its security must be further enhanced preventing it from major attacks. There are many ways to implement the concept of graphical authentication system. Like in Passpoint [7] Algorithm one need to click specific area in a particular sequence to authenticate the system. Other way is in Passface [1] [4] algorithm user select images from an image gird in a sequence. RELATED WORK Since last one decade lots of research work has been done on the concept of graphical password the first password scheme was introduced by Blonder [4] [8]. The balance is maintained between the security and usability features and the attacks are resisted to the maximum.

396 Lovey Rana & Om Pal Graphical Password scheme are categorized as follows:- Recall Based Graphical Password Scheme User has to recall the password he/she has selected earlier. Recall based can be further classified into Pure Recall Based In this scheme user is not provided any clue to recall the password scheme. The following works have been done under this scheme. Draw a secret(das) [5] Passdoodle Grid selection Syukri Qualitative DAS Cued Recall Based In this scheme user is provided the clue to recall the password registered earlier. Cued based provides more hints to user to memorize the passwords and hence easier than pure recall based scheme. The following works have been done under this scheme. Blonder Passpoint Pass-Go Passlogix v-go Background DAS Recognition Based Graphical Password Scheme User needs to recognise the correct images that will serve as password from the set of image. During authenticating themselves user needs to recognise the pictures that they have selected earlier. The following works have been done under this scheme. Dhamija and Perrig algorithm. Sobrado and Birget algorithm. Passface algorithm. Man, et al. algorithm. Arash Habibi Lashkari et al., [1,7] proposed a Graphical password scheme where the work has been done in accordance to the entropy and password space of the algorithm to increase security of graphical Authentication System (GUA).The password algorithm comprises of black and white images and alphanumeric text.

Enhancement of Security Feature in Graphical Password Authentication 397 The Proposed algorithm (GUABRR)[1] the concept of resizing and rotation of black and white images and along with random text embedded to the images. GUABRR is combination of both recognition based and cued recall based graphical password scheme. In accordance to this algorithm during the registration phase the user selects a combination of images from a grid of 25 black and white images. During the login phase the images in grid is a combination of some rotated and resized images and the positions of the rotated and resized images are randomly changed. Also three length texts are attached to each images which is a concatenation of alphabets, special characters and numerals. This algorithm resisted shoulder surfing attack to great extent. Comparative Study of Different Graphical Password Algorithms on Basis of Password Entropy Algorithm Formula Entropy(Bits) Textual (with 6 characters length include capital and small alphabets) Textual (with 6 characters length include capital and small alphabets and numbers) Image selection similar to Passface (4 runs, 9 pictures) 6 * Log2 (52) 34.32 6 * Log2 (62) 35.70 4 * Log2 (9) 12.74 Click based algorithm similar to Passpoint (4 loci and assuming 30 salient points) GUABRR (Graphical User Authentication By Rotation and Resizing) 4 * Log2 (30) 19.69 5 * Log2 (25*12*2) 46.37 Password Entropy is the measure of the effectiveness of a password in resisting guessing the password. The password entropy of graphical password can be calculated as follows:-[2] Entropy = N log 2 ( L O C ) Where, N is the length or number of runs, L is locus alphabet as the set of all Loci, O is an object alphabet and C is color of the alphabet now. This concluded that GUABRR has the highest Password Entropy and hence it is the most secure algorithm till PROPOSED APPROACH The approach works with colour images and using the attribute of the colour image the images has been chosen in such a manner that they are similar to each other in some attribute. Image processing has been applied to the image to change their appearance but keeping in mind the change should not make the processed image look very different from the original. The difference should be minimal so that user could identify them easily. In this approach four image processing scheme has been applied to make the images differ from the original image, these schemes are

398 Lovey Rana & Om Pal Rotation Resizing Graining (Embedding Noise to Image) Noise in digital photos consists of any undesirable flecks of random colour in a portion of an image that should consist of smooth colour. It is somewhat similar to the "snowy" appearance of a bad TV signal. Purpose of adding noise to image in proposed approach is just to change its appearance keeping its originality intact. Variation in Colour Scheme (RGB) Original Image Image after Graining The RGB colour scheme can produce different colours by the variation of Red(R),Green(G),Blue(B) intensity values between the range of 0-255 where 0 signifies black and 255 signifies white. We have selected eight different colours by the variation of RGB values. The selected colours intensity is kept nominal and also at most 8 colours are choosen so that the usability should not get hampered. Following is the colours scheme with its Hex Colour Code:- Red Green Blue HEX Equivalent 255 255 150 #FFFF96 255 200 255 #FFC8FF 100 100 255 #6464FF 200 100 255 #C864FF 200 200 50 #C8C832 255 150 10 #FF960A 190 100 100 #BE6464 255 255 170 #FFFFAA Proposed Algorithm The complete password scheme will comprise of two steps: Registration Login

Enhancement of Security Feature in Graphical Password Authentication 399 Registration Phase In registration Phase the user needs to provide all his details and then he needs to choose from the grid of picture which will be his password for future. Once the registration is completed the following work will be done The user name will be embedded with an User ID (UID) That will be unique for every user. Image grid of 25 images will be presented before the user. The images that user has selected will be named as PID (picture ID). 4. Select PID = (from(25^3)). PID will be provided to the 3 selected images out of 25 images The user s information and his chosen images will be associated with his ID and will be stored in the database. The registration phase will capture the details of the user provided by the user and then individual ids will be created to the images chosen by the user this will complete the complete information needed for the user during the login phase. Login Phase In the login phase the user will be provided with a login interface where the user needs to enter his login id and user need to recognize the picture he has selected during the registration phase. All pictures in the picture grid will be concatenated with three random characters which user needs to enter as his password. Once this is done the user will be logged on to his profile else a failure note will be shown. The picture grid will contain images that are rotated, resized, grained and colour variant along with images that are not processed at all. The login phase will run as follows. The user provides his user id (UID). Based on his UID the images which user has selected (PID) along with other images (A grid of rotated, resized, grained and RGB varied colour images will be presented to user.) are made into a matrix and is presented to the user to choose his password from. With every image a set of character will be generated below the image which user will be able to see. Store character set (from ((26*2+14)^3) into an array.3 character set is selected from 26 small alphabets and 26 capital alphabets plus 14 special characters. This set of text will be concatenated with each image at the time of Login phase. Randomdecoy(PID). Random decoy is the function that will produce the image randomly every time the user will login to the system. Newimage_ID= imageprocess(pid).image process helps in applying rotation, resizing and graining function, RGB color variant to the images. Once the user recognizes the images he selected at registration phase and writes down the character below those image in the password space.

400 Lovey Rana & Om Pal The user id (UID) and the image id (PID) are verified from the database. Once the verification is done the user gets the result as success/failure(output). COMPARATIVE ANALYSIS OF PASSWORD ENTROPY Calculated Entropy of Proposed Scheme Entropy of the password scheme can be calculated as Entropy= 5*Log 2 (25*12*2*2*8) = 66.144 Where 5 images are selected form grid of 25 images in which 12 images are rotated through different angles, 2 are resized, 2 are grained and 8 different RGB colours are used. Password entropy is a parameter to analyse the security feature. Our proposed approach has improved entropy value which in turn has positive impact on security. Comparison of Entropy with Other Schemes Algorithm Formula Entropy(Bits) Textual (with 6 characters length include capital and small alphabets) Textual (with 6 characters length include capital and small alphabets and numbers) Image selection similar to Passface (4 runs, 9 pictures) Click based algorithm similar to Passpoint (4 loci and assuming 30 salient points) GUABRR (Graphical User Authentication By Rotation and Resizing) Proposed Approach(Select 5 images 25 images and 12 degrees rotated and 2 resizing and 2 grained and 8 different colour patterns) 6 * Log 2 (52) 34.32 6 * Log 2 (62) 35.70 4 * Log 2 (9) 12.74 4 * Log 2 (30) 19.69 5 * Log 2 (25*12*2) 46.37 5* Log 2 (25*12*2*2*8) 66.144 The entropy calculated by the proposed approach is higher than the previous algorithm and hence proving a better result for the proposed algorithm than the previous algorithms CONCLUSIONS Pictures can be recognized better than text. Hence the concept of Graphical Password came into light. But security should be enhanced of Graphical Password scheme to make it more reliable. In this paper we have enhanced the security feature on the basis of previous algorithms already implemented. We took colour images into consideration as colour images are most commonly used. Earlier the researches on black and white images are done. The mathematical analysis of security parameter i.e. Password Entropy is done and positive results are found. Also proposed algorithm is resistant to shoulder surfing attack. REFERENCES 1. Arash Habibi Lashkari, Azizah Abdul Manaf, Maslin Masrom, A Secure Recognition Based Graphical Password by Watermarking in 11th IEEE International Conference on Computer and Information Technology 2011.

Enhancement of Security Feature in Graphical Password Authentication 401 2. A.H. Lashkari, A survey on usability and security features in graphical user authentication algorithms International Journal of Computer Science and Network Security (IJCSNS), 2009, Korea 3. Komanduri, S. and D.R. Hutchings, Order and Entropy in Picture Passwords, in Canadian Information Processing Society. 2008. 4. Ali Mohamed E (2008). Study and Develop a New Graphical Password System, University Technology Malaysia, Master Dissertation. 5. Hu, W., X. Wu, and G. Wei, The Security Analysis of Graphical Passwords, in International Conference on Communications and Intelligence Information Security. 2010. 6. Muhammad DH, Abdul HA, Norafida IT, Hazinah KM (2008). Towards Identifying Usability and Security Features of Graphical Password in Knowledge Based Authentication Technique; IEEE Explore, 2008 7. Lashkari A.H., S.F., Omar Bin Zakaria and Rosli Saleh, Shoulder Surfing attack in graphical password authentication.2009, International Journal of Computer Science and Information Security (IJCSIS). 8. Ahmet Emir Dirik, Nasir Memon, Jean-Camille Birget, Modeling user choice in the PassPoints graphical password scheme, in Symposium On Usable Privacy and Security (SOUPS) 2007. 9. BLONDER, G. 1996. Graphical passwords. United States Patent 5559961. 10. DHAMIJA, R. AND PERRIG, A. 2000. Déjà Vu: A User Study Using Images for Authentication. In Proceedings of the 9 th USENIX Security Symposium 11. Chiasson, S., et al., Multiple Password Interference in Text Passwords and Click-Based Graphical Passwords. ACM, 2009. 12. Mohammed Misbahuddin, P. Premchand, A. Govardhan, A User Friendly Password Authenticated Key Agreement for Multi Server Environment, in International Conference on Advances in Computing, Communication and Control (ICAC3 09)

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback