process by which a system verifies the identity of a user wishes to access it. authentication is...
TRANSCRIPT
Authentication Session Schemes for Session Passwords using Color and Images
Under the guidance of P. NAVA BHANU LECTURER CSE DEPT
PRESENTED BY
P.KRANTHID.USHASRI
B.DEEPTHI
WHAT IS AUTHENTICATION?
• Process by which a system verifies the identity of a user wishes to access it.
• Authentication is essential for effective security
ABSTRACT
• Methods used for authentication
oTextual passwords
oGraphical passwords
oSession passwords
INTRODUCTION
• Common Method:o textual passwords
• Alternative techniques:ographical passwordsobiometrics
• New authentication schemes:o session passwords
• Dhamija and perig proposed a graphical authentication schema to identify the predefined images.
• User selects a random number of pictures.
• Identify the pre selected images for authentication.
EXISTING SYSTEM
Passface technique:-
• The user has to choose four images of human faces from a face database as
their future password.
• User selects a human face.
• In the authentication stage, the user gets a grid of ninefaces, consisting of one face previously chosen by theuser and eight decoy faces.
• Jermyn proposed a new technique called
“Draw-a-secret”(DAS)
• At the phase of registration user required to draw a picture on a 2D grid.
• At login phase the user is required to re-draw the pre-defined picture in the same sequence then the authentication is provided
• Syukir developed a technique where the authentication is done by drawing user signature using mouse.
» Registration phage» Verification phage
• At the time of registration
the user draw his signature with the mouse.
• In the verification stage it takes the user signature as the input and verify it.
DISADVANTAGES
» Dictionary attacks
» Shoulder surfing
» Forgery
PROPOSED SYSTEM
• New authentication schemes:
o Pair based
o Hybrid textual
Authentication technique consist of 3 phases:
Registration phase: user enters his password
Login phase: the user has enter the password based on the interface displayed on the screen
Verification phase
PAIR-BASED AUTHENTICATION SCHEME
Login interface
Intersection letter for the pair AN
HYBRID TEXTUAL AUTHENTICATION SCHEME
Rating of colors by the user
Password:3573
Depending on the rating given to colors, we get session password
Login interface
SECURITY ANALYSIS
Dictionary attack
A simple dictionary attack is by far the fastest way to break into a
machine.
A dictionary file (a text file full of dictionary words) is loaded into a
cracking application(such as L0phtCrack), which is run against user
accounts located by the application.
Because the majority of passwords are often simplistic, running
a dictionary attack is often sufficient to the job.
Brute Force Attack
Brute Force Attack is the most widely known password cracking
method. It based on attempts to use every possible character
combination as a potential password. The number of possible
combinations (and therefore required time) grows rapidly as the length
of the password increases.
Phishing :-
It is typically carried out by e-mail spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies.
REQUIREMENTS
• HARDWARE SPECIFICATION– Processor : Intel Pentium IV, 2GHz – RAM : 512MB– Hard Disk Capacity : 40GB– Keyboard : Standard 104 keys– Mouse : Standard 3 Button– DVD/CD ROM : LG DVD RAM
• SOFTWARE SPECIFICATION– Operating System : Win XP and Above– Database : SQL Server 2008– System Architecture : .NET Framework Programming Language : PHP
• •
CONCLUSION
• Two authentication techniques based on text and colors are proposed.
• Techniques generate session passwords and are resistant to dictionary attack, shoulder surfing.
• In Pair based during login time on the grid displayed a session password is generated.
• In hybrid textual scheme rating should be given to colors.
• Schemes are completely new to the users and the proposed authentication techniques should be verified extensively for usability and effectiveness.
REFERENCES
• [1] R. Dhamija, and A. Perrig. “Déjà Vu: A User Study Using Images for Authentication”. In 9th
USENIX Security Symposium, 2000.• [2] Real User Corporation: Passfaces. www.passfaces.com• [3] X. Suo, Y. Zhu and G. Owen, “Graphical Passwords: A Survey”.
In Proc. ACSAC'05.• [4] Z. Zheng, X. Liu, L. Yin, Z. Liu “A Hybrid password
authentication scheme based on shape and• Text” Journal of Computers, vol.5, no.5 May 2010.