Authentication Session Schemes for Session Passwords using Color and Images

Under the guidance of P. NAVA BHANU LECTURER CSE DEPT

PRESENTED BY

P.KRANTHID.USHASRI

B.DEEPTHI

WHAT IS AUTHENTICATION?

• Process by which a system verifies the identity of a user wishes to access it.

• Authentication is essential for effective security

ABSTRACT

• Methods used for authentication

oTextual passwords

oGraphical passwords

oSession passwords

INTRODUCTION

• Common Method:o textual passwords

• Alternative techniques:ographical passwordsobiometrics

• New authentication schemes:o session passwords

• Dhamija and perig proposed a graphical authentication schema to identify the predefined images.

• User selects a random number of pictures.

• Identify the pre selected images for authentication.

EXISTING SYSTEM

Passface technique:-

• The user has to choose four images of human faces from a face database as

their future password.

• User selects a human face.

• In the authentication stage, the user gets a grid of ninefaces, consisting of one face previously chosen by theuser and eight decoy faces.

• Jermyn proposed a new technique called

“Draw-a-secret”(DAS)

• At the phase of registration user required to draw a picture on a 2D grid.

• At login phase the user is required to re-draw the pre-defined picture in the same sequence then the authentication is provided

• Syukir developed a technique where the authentication is done by drawing user signature using mouse.

» Registration phage» Verification phage

• At the time of registration

the user draw his signature with the mouse.

• In the verification stage it takes the user signature as the input and verify it.

DISADVANTAGES

» Dictionary attacks

» Shoulder surfing

» Forgery

PROPOSED SYSTEM

• New authentication schemes:

o Pair based

o Hybrid textual

Authentication technique consist of 3 phases:

Registration phase: user enters his password

Login phase: the user has enter the password based on the interface displayed on the screen

Verification phase

PAIR-BASED AUTHENTICATION SCHEME

Login interface

Intersection letter for the pair AN

HYBRID TEXTUAL AUTHENTICATION SCHEME

Rating of colors by the user

Password:3573

Depending on the rating given to colors, we get session password

Login interface

SECURITY ANALYSIS

Dictionary attack

A simple dictionary attack is by far the fastest way to break into a

machine.

A dictionary file (a text file full of dictionary words) is loaded into a

cracking application(such as L0phtCrack), which is run against user

accounts located by the application.

Because the majority of passwords are often simplistic, running

a dictionary attack is often sufficient to the job.

Brute Force Attack

Brute Force Attack is the most widely known password cracking

method. It based on attempts to use every possible character

combination as a potential password. The number of possible

combinations (and therefore required time) grows rapidly as the length

of the password increases.

Phishing :-

It is typically carried out by e-mail spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies.

REQUIREMENTS

• HARDWARE SPECIFICATION– Processor : Intel Pentium IV, 2GHz – RAM : 512MB– Hard Disk Capacity : 40GB– Keyboard : Standard 104 keys– Mouse : Standard 3 Button– DVD/CD ROM : LG DVD RAM

• SOFTWARE SPECIFICATION– Operating System : Win XP and Above– Database : SQL Server 2008– System Architecture : .NET Framework Programming Language : PHP

•  •  

CONCLUSION

• Two authentication techniques based on text and colors are proposed.

• Techniques generate session passwords and are resistant to dictionary attack, shoulder surfing.

• In Pair based during login time on the grid displayed a session password is generated.

• In hybrid textual scheme rating should be given to colors.

• Schemes are completely new to the users and the proposed authentication techniques should be verified extensively for usability and effectiveness.

REFERENCES

• [1] R. Dhamija, and A. Perrig. “Déjà Vu: A User Study Using Images for Authentication”. In 9th

USENIX Security Symposium, 2000.• [2] Real User Corporation: Passfaces. www.passfaces.com• [3] X. Suo, Y. Zhu and G. Owen, “Graphical Passwords: A Survey”.

In Proc. ACSAC'05.• [4] Z. Zheng, X. Liu, L. Yin, Z. Liu “A Hybrid password

authentication scheme based on shape and• Text” Journal of Computers, vol.5, no.5 May 2010.