You are on page 1of 31

Graphical Passwords

Submitted By:
Joju P
Antony
R7A 41
Guided By :
Contents
 Introduction
 Authentication Methods
 Requirements Of A Password
 Text Based Passwords
 Vulnerabilities
 An Alternative : Graphical Passwords
 Techniques Used For Graphical Password
 Recognition Based Techniques
 Dhamija And Perrig Scheme
 Sobrado And Birget Scheme
 Recall Based Techniques
 Pass Faces
 Pass Clicks
 Advantages
 Disadvantages
 References
Introduction
 Now a days, Information Security is
the most describing problem
 Informations stored in the databases
are much precious for the user
 To cop up with the security of the
Informations, the passwords were
introduced
 Thus the password is the benchmark
that checks the authentication/role of
the user in that database
Authentication Methods
 Token based authentication
 Key cards, band cards, smart card, …
 Biometric based authentication
 Fingerprints, iris scan, facial recognition, …
 Knowledge based authentication
 Text-based passwords, picture-based
passwords, …
 Most widely used authentication
techniques
Requirements of a password
 Passwords should be easy to
remember
 Should be quickly and easily
executable
 Should be secure
 Should look random and should be
hard to guess
 Should be changeable
Text Based Passwords
 What about text-based passwords ?
Difficulty of remembering passwords
If easy to remember -> Easy to guess
If hard to guess -> Hard to remember

Users tend to write passwords down or


use the same passwords for different
accounts
Vulnerabilities
 Shoulder surfing (watching a user log on
as they type their password).

 Dictionary attacks (using L0phtCrack or


Jack the Ripper).

 User may forget the password if it is too


long and complicated.
Contd…
 Key logging software records all the
keystrokes input from the keyboard
and stores it for the hacker to look
through and find what could be a
password.
 So the user need to ensure that
computer systems are secure which
is practically infeasible for an
untrained user.
An alternative: Graphical
Passwords
 Graphical passwords may be a solution to
the text based password vulnerabilities.
 The idea of graphical passwords was
pioneered by Greg Blonder who also holds
the US patent 5559961
 A graphical password is a secret that a
human user inputs to a computer with the
aid of the computers’ graphical input (e.g.,
mouse, stylus, or touch screen) and output
devices.
Contd…
 Psychological studies: Human can
remember pictures better than text

 Here the user uses visual recollection


in order to gain authentication to a
system

 Therefore the human factor in


securing information is limited
Four techniques used for
Graphical Passwords

 Recognition Based Techniques


 Recall Based Techniques
 Pass Faces
 Pass Clicks
Recognition Based
 A user Techniques
is presented with a set of images and the
user passes the authentication by recognizing
and identifying the images he selected during the
registration stage
Recognition Based
Techniques
 Dhamija and Perrig Scheme
Pick several pictures out of many choices, identify
them later
in authentication.
using Hash Visualization, which,
given a seed, automatically
generate a set of pictures
Recognition Based
Techniques
 Sobrado and Birget Scheme
System display a number of pass-objects (pre-
selected by user) among many other objects,
user click inside the convex hull bounded by pass-
objects.
Suggested using 1000 objects,
which makes the display
very crowed and the objects
Almost indistinguishable.
Recall Based Techniques
A user is asked to reproduce something
that he created or selected earlier during
the registration stage
Recall Based Techniques
 Draw-A-Secret (DAS) Scheme : User draws a
simple picture on a 2D grid, the coordinates of
the grids occupied by the picture are stored in the
order of drawing
 Redrawing has to touch the
same grids in the same
sequence in authentication
user studies showed the
drawing sequences is hard to
remember
PASS FACES
PASS FACES
 Passfaces (formerly known as Real
User Corporation) is an information
security technology company based
in Annapolis, Maryland.
 Commercial application leverages
the brain’s innate cognitive ability to
recognize human faces.
PASS FACES
PASS FACES
 Logon Process:
– Users are asked to pick their assigned
Passfaces from a 3 x 3 grids containing
one Passface and 8 decoys.
– The faces appear in random positions
within the grid each time.
– This process is repeated until each of
the assigned Passfaces is identified.
PASS FACES
PASS CLICK
PASS CLICK
 PassClick Scheme:
User click on any place on an
image to create a password.
A tolerance around each chosen
pixel is calculated. In order to be
authenticated, user must click
within the tolerances in correct
sequence.
PASS CLICK
PASS CLICK
 In the above example, the PassClicks are the
points that are circled. The first was the light on
the light post, then the headlight on the streetcar,
followed by the middle of the clock tower, the
face of the street clock, and the P on the parking
sign.
 By looking at this picture, you can see that there
are an extreme number of places you could set as
PassClicks and still remember where they are.
 An individual could easily choose a face,
something on the side of a building, or even the
dashes on the street.
Advantages of Graphical
Passwords
 Human brains can process graphical
images easily.
 Examples include places we visited,
faces of people and things we have
seen.
 Difficult to implement automated
attacks (such as dictionary attacks)
against graphical passwords.
Disadvantages
 Shoulder surfing problem.
(watching a user log on as they type
their password).

 More storage space required

 Hard to implement when compared to text


passwords
Conclusion
 Main argument for graphical
passwords:
people are better at memorizing graphical
passwords than text-based passwords
 It is more difficult to break graphical
passwords using the traditional
attack methods such as : brute force
search, dictionary attack or spyware.
 Not yet widely used, current
graphical password techniques are
References
• [01] Fabian Monrose and Michael Reiter
• Chapter 9 - Security and Usability
• [02] The Graphical Passwords Project
• Funded by the NSF CyberTrust Project
• Co-PIs: J.C. Birget (Rutgers-Camden), D. Hong (Rutgers-Camden), N. Memon
(Brooklyn Polytechnic), S.Man (SW Minn. State), S. Wiedenbeck (Drexel)
• [03] The Graphical Passwords Project
• Funded by the NSF CyberTrust Project
• Co-PIs: J.C. Birget (Rutgers-Camden), D. Hong (Rutgers-Camden), N. Memon
(Brooklyn Polytechnic), S.Man (SW Minn. State), S. Wiedenbeck (Drexel)
• [04] Graphical Passwords
• Leonardo Sobrado and Jean-Camille Birget
• Department of Computer Science, Rutgers University
• [05] Graphical Passwords
• Leonardo Sobrado and Jean-Camille Birget
• Department of Computer Science, Rutgers University
• [06] Graphical Passwords
• Leonardo Sobrado and Jean-Camille Birget
• Department of Computer Science, Rutgers University
• [07] Graphical Passwords
• Leonardo Sobrado and Jean-Camille Birget
• Department of Computer Science, Rutgers University
• [08] A Password Scheme Strongly Resistant to Spyware

You might also like