NETWORK SECURITY - OVERCOME PASSWORD HACKING THROUGH GRAPHICAL PASSWORD AUTHENTICATION

Similar documents
Graphical Password or Graphical User Authentication as Effective Password Provider

Graphical User Authentication System An Overview P. Baby Maruthi 1, Dr. K. Sandhya Rani 2

Pixel Value Graphical Password Scheme-Graphical Password Scheme Literature Review

3LAS (Three Level Authentication Scheme)

MULTIPLE GRID BASED GRAPHICAL TEXT PASSWORD AUTHENTICATION

Authentication schemes for session password using color and special characters

Usable Privacy and Security, Fall 2011 Nov. 10, 2011

USER AUTHENTICATION USING NATIVE LANGUAGE PASSWORDS

Graphical password authentication using Pass faces

A STUDY OF GRAPHICAL PASSWORDS AND VARIOUS GRAPHICAL PASSWORD AUTHENTICATION SCHEMES

Graphical User Authentication

Image Password Based Authentication in an Android System

A Hybrid Password Authentication Scheme Based on Shape and Text

Graphical Password Authentication: Methods and Schemes

What is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource.

A Survey on Recall-Based Graphical User Authentications Algorithms

Graphical User Authentication Using Random Codes

Innovative Graphical Passwords using Sequencing and Shuffling Together

Novel Shoulder-Surfing Resistant Authentication Schemes using Text-Graphical Passwords

COMPARATIVE STUDY OF GRAPHICAL USER AUTHENTICATION APPROACHES

SHOULDER SURFING RESISTANT GRAPHICAL PASSWORD

A Multi-Grid Graphical Password Scheme

Recall Based Authentication System- An Overview

Passwords. EJ Jung. slide 1

DEFENSES AGAINST LARGE SCALE ONLINE PASSWORD GUESSING ATTACKS BY USING PERSUASIVE CLICK POINTS

A New Graphical Password: Combination of Recall & Recognition Based Approach

DEFENSES AGAINST LARGE SCALE ONLINE PASSWORD GUESSING ATTACKS BY USING PERSUASIVE CLICK POINTS

Towards Identifying Usability and Security Features of Graphical Password in Knowledge Based Authentication Technique

A New Hybrid Graphical User Authentication Technique based on Drag and Drop Method

A GRAPHICAL PASSWORD BASED AUTHENTICATION BASED SYSTEM FOR MOBILE DEVICES

An image edge based approach for image password encryption

An Ancient Indian Board Game as a Tool for Authentication

Presented By: Miss Samya Ashraf Want Student ID

Graphical Password to Increase the Capacity of Alphanumeric Password

USING EMOJI PICTURES TO STRENGTHEN THE IMMUNITY OF PASSWORDS AGAINST ATTACKERS

User Authentication. Daniel Halperin Tadayoshi Kohno

Divide and Conquer Approach for Solving Security and Usability Conflict in User Authentication

3D PASSWORD AUTHENTICATION FOR WEB SECURITY

Defenses against Large Scale Online Password Guessing by Using Persuasive Cued Click Points

CSE 565 Computer Security Fall 2018

Minimizing Shoulder Surfing Attack using Text and Color Based Graphical Password Scheme

Thematic Graphical User Authentication: Graphical User Authentication Using Themed Images on Mobile Devices

DESIGN, IMPLEMENTATION AND EVALUATION OF A KNOWLEDGE BASED AUTHENTICATION SCHEME UPON COMPELLING PLAIT CLICKS

Address for Correspondence 1 Associate Professor department o f Computer Engineering BVUCOE, Pune

Simple Text Based Colour Shuffling Graphical Password Scheme

SHOULDER SURFING ATTACK PREVENTION USING COLOR PASS METHOD

Authentication. Tadayoshi Kohno

In this unit we are continuing our discussion of IT security measures.

Authentication Using Grid-Based Authentication Scheme and Graphical Password

A Survey on Different Graphical Password Authentication Techniques

Journal of Global Research in Computer Science PASSWORD IN PRACTICE: AN USABILITY SURVEY

Graphical Password Authentication with Cloud Securing Method

HumanAUT Secure Human Identification Protocols

A Survey on Graphical Passwords in Providing Security

Cued Click Point Technique for Graphical Password Authentication

Lecture 9 User Authentication

MODULE NO.28: Password Cracking

New Era of authentication: 3-D Password

2. Access Control. 1. Introduction

International Journal of Pure and Applied Sciences and Technology

Lecture 14 Passwords and Authentication

Highly Secure Authentication Scheme: A Review

Keywords security model, online banking, authentication, biometric, variable tokens

The Design and Implementation of Background Pass-Go Scheme Towards Security Threats

KNOWLEDGE BASED AUTHENTICATION SYSTEM DESIGN BASED ON PERSUASIVE CUED CLICK POINTS

COMPUTER NETWORK SECURITY

SECURED PASSWORD MANAGEMENT TECHNIQUE USING ONE-TIME PASSWORD PROTOCOL IN SMARTPHONE

MULTI-FACTOR AUTHENTICATION USING GRAPHICAL PASSWORDS THROUGH HANDHELD DEVICE

5-899 / Usable Privacy and Security Text Passwords Lecture by Sasha Romanosky Scribe notes by Ponnurangam K March 30, 2006

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/1516/ Chapter 4: 1

AUTHENTICATION SCHEME USING ROTATING PATTERN PASSWORD MUHAMMAD FAISAL BIN DAUD

User Authentication. Tadayoshi Kohno

AN IMPROVED MAP BASED GRAPHICAL ANDROID AUTHENTICATION SYSTEM

ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification

ENHANCEMENT OF SECURITY FEATURE IN GRAPHICAL PASSWORD AUTHENTICATION

Sumy State University Department of Computer Science

A Novel Method for Graphical Password Mechanism

A Secure Graphical Password Authentication System

Securing Web Accounts Using Graphical Password Authentication through MD5 Algorithm

IJREAT International Journal of Research in Engineering & Advanced Technology, Volume 1, Issue 5, Oct-Nov, 2013 ISSN:

Computer Security: Principles and Practice

International Journal of Advances in Engineering Research

Outline Key Management CS 239 Computer Security February 9, 2004

Integrated Access Management Solutions. Access Televentures

ChoCD: Usable and Secure Graphical Password Authentication Scheme

Authentication Objectives People Authentication I

Survey on Various Techniques of User Authentication and Graphical Password

A Tabular Steganography Scheme for Graphical Password Authentication

Lecture 3 - Passwords and Authentication

Whitepaper on AuthShield Two Factor Authentication with SAP

Password. authentication through passwords

Secure Usable Authentication Using Strong Pass text Passwords

Security Awareness. Chapter 2 Personal Security

Design & Implementation of Online Security Using Graphical Password Systems Using Captcha Technique

ISSN: (Online) Volume 2, Issue 10, October 2014 International Journal of Advance Research in Computer Science and Management Studies

A Smart Card Based Authentication Protocol for Strong Passwords

Authentication. Chapter 2

Goals. Understand UNIX pw system. Understand Lamport s hash and its vulnerabilities. How it works How to attack

Authentication. Steven M. Bellovin September 26,

Authentication Methods

Transcription:

NETWORK SECURITY - OVERCOME PASSWORD HACKING THROUGH GRAPHICAL PASSWORD AUTHENTICATION P.Kiruthika R.Tamilarasi Department of Computer Applications, Dr.Mahalingam College Of Engineering and Technology, Pollachi. Abstract a graphical password is an authentication system that works by having the user select from images, in a specific order, presented in a Graphical User Interface (GUI). The most common computer authentication method is to use alphanumerical usernames and passwords. This method has been shown to have significant drawbacks. For example, user tends to pick a password that can be easily guessed.on the other hand, if a password is hard to guess, and then it is often hard to remember. In this paper, we conduct a comprehensive survey of the existing graphical password techniques and proposed a new technique. We discuss the strengths and limitations of each method and point out the future research directions in this area. And also major design and implementation issues are clearly explained. The main advantage of this method is it is difficult to hack. For example,.if there are 100 images on each of the 8 pages in a 8-image password, there are 100^8 or 10 quadrillion (10,000,000,000,000,000), possible combinations that could form the graphical password.if the system has the built-in delay of only 0.1 second following the selection of each image until the selection of the next page, it would take millions of years to break into the system by hitting it with random image sequences.therefore hacking by random combination is impossible. Keywords graphical password, authentication, hack, network security. INTRODUCTION Authentication is the process to allow users to confirm his or her identity to a Web application. Human factors are often considered the weakest link in a computer security system. Point out that there are three major areas where human-computer interaction is important: authentication, security operations, and developing secure systems. Here we focus on the authentication problem. A password is a form of secret authentication data that is used to control access to a resource. The password is kept secret from those not allowed access, and those wishing to gain access are tested on whether or not they know the password and are granted or denied access accordingly. The use of passwords goes back to ancient times. They would only allow a person in if they knew the password. In modern times, passwords are used to control access to protected computer operating systems, mobile phones, ATMs machines, etc. A typical computer user may require passwords for many purposes: logging in to computer accounts, retrieving email from servers, accessing files, databases, networks, web sites, and even reading the morning newspaper online. The password is a very good and strong authentication method still used up to now but because of the huge advance in the uses of computer in many applications as data transfer, sharing data, login to emails or internet, some drawbacks of conventional password appears like stolen the password, forgetting the password, week password, etc 11

so a big necessity to have a strong authentication way is needed to secure all our application as possible, so a researches come out with advanced password called graphical password where they tried to improve the security and avoid the weakness of conventional password. Graphical password have been proposed as a possible alternative to text based, motivated particularly by the fact that humans can remember pictures better than text. Psychological studies have shown that people can remember pictures better than text (R.N Shepard 1987). Pictures are generally easier to be remembered or recognized than text, especially photos, which are even easier to be remembered than random pictures (Xiaoyuav Suo 2009). OVERVIEW OF THE AUTHENTICATION METHODS Current authentication methods can be divided into three main areas: 1. Token based authentication 2. Biometric based authentication 3. Knowledge based authentication Token based techniques, such as key cards, bank cards and smart cards are widely used. Many token based authentication systems also use knowledge based techniques to enhance security. For example, ATM cards are generally used together with a PIN number. Biometric based authentication techniques, such as fingerprints, iris scan, or facial recognition, are not yet widely adopted. The major drawback of this approach is that such systems can be expensive, and the identification process can be slow and often unreliable. However, this type of technique provides the highest level of security. Knowledge based techniques are the most widely used authentication technique and include both text-based and picture-based passwords. The picture-based techniques can be further divided into two categories: recognition-based and recallbased graphical techniques. Using recognition-based techniques, a user is presented with a set of images and the user passes the authentication by recognizing and identifying the images he or she selected during the registration stage. Using recallbased techniques, a user is asked to reproduce something that he or she created or selected earlier during the registration stage. RECOGNITION BASED TECHNIQUES Dhamija and Perrig proposed a graphical authentication scheme based on thee Hash Visualization technique. In their system, the user is asked to select a certain number of images from a set of random pictures generated by a program. Later, the use r will be required to identify the pre selected images in order to be authenticated. The results showed that 90% of all participants succeeded in the authentication using this technique, while only 70% succeeded using text-based passwords and PINS. Fig 1 Random images used by Dhamij and Perrig The average log-in time, however, is longer than the traditional approach. A weakness of this system is that the server needs to store the seeds of the portfolio images of each 12

user in plain text. Also, the process of selecting a set of pictures from the picture database can be tedious and time consuming for the user. Sobrado and Birget developed graphical password technique that deals with the shoulder surfing problem. In the first scheme, the system will display a number of pass-objects (pre-selected by user) among many other objects. To be authenticated, a user needs to recognize pass-objects and click inside the convex hull formed by all the pass-objects. In order to make the password hard to guess, Sobrado and Birget suggested using 1000 objects, which makes the display very crowded and the objects almost indistinguishable, but using fewer objects may lead to a smaller password space, since the resulting convex hull can be large. In their second algorithm, a user moves a frame (and the objects within it) until the pass object on the frame lines up with the other two pass-objects. The authors also suggest repeating the process a few more times to minimize the likelihood of logging in by randomly clicking or rotating. The main drawback of these algorithms is that the log in process can be slow. a user selects a number of pictures as passobjects. Each pass-object has several variants and each variant is assigned a unique code. During authentication, the user is challenged with several scenes. Each scene contains several pass-objects (each in the form of a randomly chosen variant) and many decoy-objects. The user has to type in a string with the unique codes corresponding to the pass-object variants present in the scene as well as a code indicating the relative location of the pass-objects in reference to a pair of eyes. The argument is that it is very hard to crack this kind of password even if the whole authentication process is recorded on video because where is no mouse click to give away the passobject information. However, this method still requires users to memorize the alphanumeric code for each pass-object variant. Hong, et al. later extended this approach to allow the user to assign their own codes to pass-object variants. However, this method still forces the user to memorize many text strings and therefore suffer from the many drawbacks of text-based password. Fig 2 A shoulder-surfing resistant graphical password scheme Man, et al. proposed another shouldersurfing resistant algorithm. In this algorithm, 13

RECALL BASED A. Reproduce a drawing Fig 3(a) An example of pass faces, (b) Password mechanism Jansen et al proposed a graphical password mechanism for mobile device.during the enrollment stage, a user selects a theme (e.g. sea, cat, etc.) which consists of thumbnail photos and then registers a sequence of images as a password.during the authentication, the user must enter the registered images in the correct sequence. One drawback of this technique is that since the number of thumb nail images is limited to 30, the password space is small. Each thumbnail image is assigned a numerical value, and the sequence of selection will generate a numerical password. The result showed that the image sequence length was generally shorter than the textural password length. To address this problem, two pictures can be combined to compose a new alphabet element, thus expanding the image alphabet size. Fig 4 A graphical password scheme proposed by Jansen, et al Jermyn, et al. proposed a technique, called Draw - a -secret (DAS), which allows the user to draw their unique password.a user is asked to draw a simple picture on a 2D grid. The coordinates of the grids occupied by the picture are stored in the order of the drawing. During authentication, the user is asked to redraw the picture. If the drawing touches the same grids in the same sequence, then the user is authenticated. Jermyn, et al. suggested that given reasonable-length passwords in a 5 X 5 grid, the full password space of DAS is larger than that of the text based password. Fig 5 draw a-secret (das) technique proposed by Jermyn, et al 14

NEW TECHNIQUE FOR GRAPHICAL PASSWORD AUTHENTICATION Here we are proposing a new algorithm of authentication using graphical images. When a user tries to register over a network we will ask him or her to select a theme or sequence of pictures from already given image frame. The local host downloads an image frame which contains various themes of sequence of pictures which act as passwords, these are given by server. Since any image is made of pixels we have its gray level concentration. In this way the image will be distorted and can t be in original form. So it is not easy for hacker to reproduce the original form of image. For example, the user will select an image from database as a password, then encrypt the password and stored in the database for login user will again asked to pickup an image from database. Then s ever reproduces the encrypted image and the image compared to original if it matches user will allow surfing on website. DESIGN AND IMPLEMENTATION OF GRAPHICAL PASSWORD To make sure that this project will be done a Hardware and Software requirements are needed as follows. The Software needed to develop the new scheme is: 1. Delphi programming language. 2. Windows operating system (XP/7). The Hardware needed to develop the new scheme will have these specifications because the Graphical Password schemes need to deal with pictures or photos which need more memory and storing space where these requirements are: 1. PC with high performance processor 2. DDR Memory minimum 1GB. 3. HDD for large data stored For example we can implement authentication of graphical password method for our college TCENET. The login interface designed to login to the system for both the existing user and new user. Fig 7 login interface SECURITY Fig 8 Choosing password Very little research has been done to study the difficulty of cracking graphical passwords. Because graphical passwords are not widely used in practice, there is no report on real cases of breaking graphical passwords. Here we briefly exam some of 15

the possible techniques for breaking graphical passwords and try to do a comparison with text-based passwords. BRUTE FORCE SEARCH The main defense against brute force search is to have a sufficiently large password space. Text-based passwords have a password space of 94^N, where N is the length of the password, 94 is the number of Printable characters excluding SPACE. Some graphical password techniques have been shown to provide a password space similar to or larger than that of text-based passwords. Recognition based graphical passwords tend to have smaller password spaces than the recall based methods. It is more difficult to carry out a brute force attack against graphical passwords than textbased passwords. The attack programs need to automatically generate accurate mouse motion to imitate human input, which is particularly difficult for recall based graphical passwords. Overall, we believe a graphical password is less vulnerable to brute force attacks than a text-based password. DICTIONARY ATTACKS Since recognition based graphical passwords involve mouse input instead of keyboard input, it will be impractical to carry out dictionary attacks against this type of graphical passwords. For some recall based graphical passwords it is possible to use a dictionary attack but an automated dictionary attack will be much more complex than a text based dictionary attack. More research is needed in this area. Overall, we believe graphical passwords are less vulnerable to dictionary attacks than text-based passwords. SHOULDER SURFING PROBLEM AND ITS SOLUTIONS Like text based passwords, most of the graphical passwords are vulnerable to shoulder surfing. At this point, only a few recognition-based techniques are designed to resist shoulder-surfing. None of the recallbased based techniques are considered should-surfing resistant. To overcome this shoulder surfing problem, we implement a new idea when we move our mouse over the password selection area, then the mouse pointer becomes small dot point.and another method is to rearrange the images randomly in the password selection image so that shoulder surfing problem can be reduced. RELIABILITY The major design issue for recallbased methods is the reliability and accuracy of user input recognition. In this type of method, the error tolerances have to be set carefully overly high tolerances may lead to many false positives while overly low tolerances may lead to many false negatives. In addition, the more error tolerant the program, the more vulnerable it is to attacks. ADVANTAGE OF GRAPHICAL PASSWORD OVER TEXT BASED PASSWORDS Graphical passwords may offer better security than text based password because many people in attempt to memorize text based passwords, use plain words(rather than recommended jumble of characters).a dictionary search can often hit on a password and allow a hacker to gain entry into a system in seconds. But if a series of selectable images is used on successive screen pages, and if there are many images on each page, a hacker must 16

try every possible combination at random. If there are 100 images on each of the 8 pages in a 8-image password, there are 100^8 or 10 quadrillion (10,000,000,000,000,000), possible combinations that could form the graphical password if the system has the built-in delay of only 0.1 second following the selection of each image until the selection of the next page, it would take millions of years to break into the system by hitting it with random image sequences therefore hacking by random combination is impossible. [2] BOWER, G. H., KARLIN, M. B., AND DUECK, A. 1975. Comprehension and memory for pictures. Memory and Cognition 3, 216-220. [3] ATTNEAVE, F. 1955. Symmetry, Information and Memory Patterns. American Journal of Psychology 68, 209-222. [4] BLONDER, G. 1996. Graphical passwords. United States Patent 5559961. CONCLUSION The past decade has seen a growing interest in using graphical passwords as an alternative to the traditional text-based passwords.although the main argument for graphical passwords is that people are better at memorizing graphical passwords than text-based passwords, the existing user studies are very limited and there is not yet convincing evidence to support this argument. Our preliminary analysis suggests that it is more difficult to break graphical passwords using the traditional attack methods such as brute force search, dictionary attack, or spyware. However, since there is not yet wide deployment of graphical password systems, the vulnerabilities of graphical passwords are still not fully understood. Overall, the current graphical password techniques are still immature. Much more research and user studies are needed for graphical password techniques to achieve higher levels of maturity and usefulness [5] FELDMEIER, D. AND KARN, P. 1989. UNIX password security-ten years later. In Proceedings of the 19th International Conference on Advances in Cryptology (CRYPTO '89). REFERENCES [1] S. Patrick, A. C. Long, and S. Flinn, "HCI and Security Systems," presented at CHI, Extended Abstracts (Workshops). Ft. Lauderdale, Florida, USA., 2007. 17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback