A SECURE RECOGNITION BASED ON GRAPHICAL PASSWORD
PRESENTED BY
Dhanshri Agashe
Guided By: Prof. S. Jain
CONTENTS
1. INTRODUCTION2. MOTIVATION3. LITERATURE SURVEY4. METHODOLOGY5. ISSUES6. ADVANTAGES OF GRAPHICAL PASSWORDS.7. APPLICATIONS8. CONCLUSION9. FUTURE SCOPE10. REFERENCES
INTRODUCTION
Graphical user authentication(GUA) system requires a user to select a memorable image.
Digital watermarking is the process of embedding information into a digital signal.
The purpose of digital watermarking is to provide copyright protection.
By using Cued click points users click on one point per image for a sequence of images.
Performance was very good in terms of speed, accuracy, and number of errors.
INTRODUCTION
Users preferred CCP to saying that selecting and remembering only one point per image was easier.
Seeing each image triggered their memory of where the corresponding point was located.
Cued click points provides greater security as the number of images increases the workload for attackers.
What ?
The term watermark is derived from the German term “Wessmark”
The basic idea of watermark is to embed some information in digital
images so that it can not be miss used or owned by others.
Watermarked imageImage without watermark
Watermark
FINAL REGISTRATION
PROCESS
MOTIVATION
There is a good security when using the text-based strong password schemes but often memorizing the password.
An alternative solution to the text-based authentication which is the GUA or simply Graphical Password .
However, one big issue that is plaguing GUA is shoulder surfing attack that can capture the users mouse clicks and image gallery.
Sr. No.
Paper Name Author Year Conclusion
1 Graphical User Authentication
A.H. Lashkari IEEE 2011
Resistance to common attacks of graphical password algorithms.
2 Persuasive cued click points
Stobert. E IEEE 2012
Influence user choice in click-based graphical passwords, encouraging users to select more random, and hence more difficult to guess, click-points.
LITERATURE SURVEY
LITERATURE SURVEY
If attacker want to attack to the image gallery as we hide the
copyright protection information in all images of the system.
In proposed algorithm all images has copyright information and
is difficult to change the image of gallery.
Focus on attacks of graphical password algorithms and evaluate
recognition based algorithms.
METHODOLOGY
PROPOSED GRAPHICAL PASSWORD ALGORITHM
A denotes the user A ID denotes the user identity of user A S denotes the server side operation C denotes the Client side operation UAI denotes User added some image for his/her password UI denotes the image(s) that user added to the system Ini denotes the image number of user’s password DI denotes set of the decoy images
continue
RCS denotes the random character set generated for each image in login page
DQ() denotes the data query from database DW()denotes the write the data pack in the database IMX()denotes matrix of images || denotes the concatenation process WCP() denotes the Copyright Protection technique of
Watermarking CWCP() denotes the checking process for copy right protection of
watermarking
continue
The workflow of registration phase is as below:
Step1. C: (A, ID) S [User A sends his ID to the server for login page]
Step2. S: DQ (ID)[in the server side the user’s information will find from data
base]
Step3. S: IMX (DI, INi) C [Server generate a from the decoy images and user’s
password images and sent to the client side]
Step4. C: CWCP (IMX (Di,INi)) [the algorithm check the copyright protection
in them image matrix]
continue
Step5: C: INi [user selects his/her password images by
write the related characters and algorithm fin the related
ID regarding to the users entered characters as INi]
Step6. C: ID || INi [in the client side the ID of user and selected images
INi will concatenate and make the data pack]
Step7. C: ID|| INi S [Client send the generated data pack to the server]
Step8. S: Success/Reject C[check the data pack and if the pack is
true reply successfully to the client side and If data pack is not
true then reject the user in login phase.
Graphical Password-what a concept!
Here you pick several icons to represent the password.
Then when you want to authenticate it, a screen is drawn as a challenge to which you must respond.
The screen has numerous icons, at some of which are your private password icons.
You must locate your icons visually on the screen and click on the screen to the password.
The survey : Two categories
Recognition Based Techniques– a user is presented with a set of images and the user passes the
authentication by recognizing and identifying the images he selected during the registration stage.
Recall Based Techniques– A user is asked to reproduce something that he created or
selected earlier during the registration stage.
Phases of Algorithm
Login phase Registration phase
Click point’s as passwordClick point’s as password
1st click 2nd click 3rd click 4th click 5th click …
Click point
DATABASE
Database contains saved pictures and points.
Correct username
First picture stored in database during registration
Correct click pointGives the next image
Verification of click point
System gives 3 chances to The user for incorrect password
If the user exists 3 chances then the password system displays another picture which will be unrelated to the picture selected by the user during password creation
Last picture
COMPARISION BETWEEN ALPHA-NUMERIC & GRAPHICAL PASSWORDS:
Commonly used guidelines for alpha-numeric passwords are: The password should be at least 8 characters long. The password should not be easy to relate to the user (e.g., last
name, birth date). Ideally, the user should combine upper and lower case letters and
digits and special characters.
Graphical passwords The password consists of some actions that the user performs on an
image. Such passwords are easier to remember & hard to guess.
APPLICATION OF THE PICTURE APPLICATION OF THE PICTURE PASSWORD SYSTEMPASSWORD SYSTEM
SYSTEM LOG IN AND LOG OUT PROCESSSYSTEM LOG IN AND LOG OUT PROCESS
FOLDER LOCKINGFOLDER LOCKING
WEB LOG-IN APLLICATIONWEB LOG-IN APLLICATION
ADVATAGES OF GRAPHICAL PASSWORDS
Graphical password schemes provide a way of making more human-friendly passwords .
Here the security of the system is very high.
Here we use a series of selectable images on successive screen pages.
Dictionary attacks are infeasible.
SOLUTION TO SHOULDER SURFING PROBLEM
(1) TRIANGLE SCHEME
FUTURE SCOPE
Shoulder surfing means watching over people's shoulders as they process information. Examples include observing the keyboard as a person types his or her password, enters a PIN number, or views personal information.
Because of their graphic nature, nearly all graphical password
schemes are quite vulnerable to shoulder surfing. It can be overwhelming by triangle scheme in further approach
CONCLUSION
More difficult to break the graphical passwords from traditional attack methods:
Brute Force Search
Dictionary Attack
Or Spyware
By implementing other special geometric configurations like triangle & movable frame ,one can achieve more security especially shoulder surfing and physical attacks.
REFERENCES
A.H. Lashkari, F.T., Graphical User Authentication (GUA).
2010: Lambert Academic Publisher.
Komanduri, S. and D.R. Hutchings, Order and Entropy in
Picture Passwords, in Canadian Information Processing
Society. 2008.
Hu , W., X. Wu, and G. Wei, The Security Analysis of
Graphical Passwords, in International Conference on
Communications and Intelligence Information Security. 2010.
ANY QURIES?