stage1 (4)
TRANSCRIPT
-
8/11/2019 Stage1 (4)
1/31
GRAPHICAL PASSWORD AUTHENTICATION
USING PERSUASIVE CUED CLICK POINT
Abstract
The main issues of knowledge-based authentication, usually text-based passwords,are well known. Users tend to choose memorable passwords that are easy for
attackers to guess, but strong system assigned passwords are difficult for users toremember. In this paper focuses on the integrated evaluation of the Persuasive
Cued Click Points graphical password authentication system, including usability
and security. An important usability goal for authentication systems is to support
users in selecting better passwords, thus increasing security by expanding theeffective password space. In click-based graphical passwords, poorly chosen
passwords lead to the emergence of hotspots (portions of the image where users aremore likely to select click-points, allowing attackers to mount more successful
dictionary attacks). We use persuasion to influence user choice is used in click-based graphical passwords, encouraging users to select more random, and hence
more difficult to guess, click-points.
-
8/11/2019 Stage1 (4)
2/31
INTRODUCTION
There are many things that are well know about passwords; such as that user
cant remember strong password and that the passwords they can remember are
easy to guess.
A password authentication system should encourage strong and less predictablepasswords while maintaining memo ability and security. This password
authentication system allows user choice while influencing users towards strongerpasswords. The task of selecting weak passwords (which are easy for attackers to
guess) is more tedious, avoids users from making such choices. In effect, this
authentication schemes makes choosing a more secure password the path-of-least-resistance. Rather than increasing the burden on users, it is easier to follow the
systems suggestionsfor a secure passworda feature absent in most schemes.
We applied this approach to create the first persuasive click-based graphical
password system, Persuasive Cued Click- Points (PCCP) and conducted an in lab-
lab usability study with 10 participants. Our results show that our Persuasive CuedClick Points scheme is effective at reducing the number of hotspots (areas of the
image where users are more likely to select click points) while still maintaining
usability. In this paper also analyze the efficiency of tolerance value and securityrate. While we are not arguing that graphical passwords are the best approach to
Authentication, we find that they offer an excellent environment for exploring
strategies for helping users select better passwords since it is easy to compare userchoices. Indeed, we also mention how our approach might be adapted to text-based
passwords.
-
8/11/2019 Stage1 (4)
3/31
Literature Survey
Text passwords are the most prevalent user authentication method, but havesecurity and usability problems. Replacements such as biometric systems and
tokens have their own drawbacks. Graphical passwords offer another alternative,and are the focus of this paper. Graphical passwords were originally defined by
Blonder (1996). In general, graphical passwords techniques are classified into twomain categories: recognition-based and recall based graphical techniques. In
recognition based, a user is presented with a set of images and the user passes the
authentication by recognizing and identifying the images he selected during theregistration stage. In recall based graphical password, a user is asked to reproduce
something that he created or selected earlier during the registration stage. This
project is based on recall based Technique.
A. Why Graphical Passwords?
Access to computer systems is most often based on the use of alphanumericpasswords. Though, users have difficulty remembering a password that is long and
random-appearing. Instead, they create short, simple, and insecure passwords.Graphical passwords have been designed to try to make passwords more
memorable and easier for people to use and, therefore, more secure. Using a
graphical password, users click on images rather than type alphanumeric
characters.
B. Click-Based Graphical PasswordsGraphical password systems are a type of knowledge-based authentication that
attempts to leverage the human memory for visual information. A complete reviewof graphical passwords is available elsewhere. Of interest herein are cued-recall
click-based graphical passwords (also known as locimetric). In such systems, usersidentify and target previously selected locations within one or more images. The
images act as memory cue to aid recall. Example systems include Pass Points andCued Click-Points (CCP).
C. Persuasive Technology
Persuasive Technology was first articulated by Fog as using technology tomotivate and influence people to behave in a desired manner. Persuasive
Technology is the emerging field of interactive computing systems designed tochange peoples attitudes and behaviors. An authentication system which applies
Persuasive Technology should guide and encourage users to select strongerpasswords, but not impose system-generated passwords. To be effective, the users
must not ignore the persuasive elements and the resulting passwords must be
https://www.cse.ust.hk/ct/FYP/content/literature_survey.htmlhttps://www.cse.ust.hk/ct/FYP/content/literature_survey.htmlhttps://www.cse.ust.hk/ct/FYP/content/literature_survey.html -
8/11/2019 Stage1 (4)
4/31
memorable. As detailed in the next section, our proposed system accomplishes this
by making the task of selecting a weak password more tedious and time-consuming. The path-of-least resistance for users is to select a stronger password
(not comprised entirely of known hotspots or following a predictable pattern). As a
result, the system also has the advantage of minimizing the formation of hotspotsacross users since click points are more randomly distributed.
-
8/11/2019 Stage1 (4)
5/31
Proposed System
Using CCP as a base system, we added a persuasive feature to encourage users to
select more secure passwords, and to make it more difficult to select passwords
where all five click-points are hotspots. Specifically, when users created apassword, the images were slightly shaded except for a randomly positionedviewport. The viewport is positioned randomly rather than specifically to avoid
known hotspots, since such information could be used by attackers to improveguesses and could also lead to the formation of new hotspots. The viewports size
was intended to offer a variety of distinct points but still cover only an acceptablysmall fraction of all possible points. Users were required to select a click-point
within this highlighted viewport and could not click outside of this viewport. If
they were unwilling or unable to select a click-point in this region, they could press
the shuffle button to randomly reposition the viewport. While users were
allowed to shuffle as often as they wanted, this significantly slowed the passwordcreation process. The viewport and shuffle buttons only appeared during passwordcreation. During password confirmation and login, the images were displayed
normally, without shading or the viewport and users were allowed to click
anywhere.
1. Users will be less likely to select click-points that fall into known hotspots.
2. The click-point distribution across users will be more randomly dispersed and
will not form new hotspots.
3. The login security success rates will be higher than to those of the original CCPsystem.4. The login security success rates will increase, when tolerance value is lower
value.5. Participants will feel that their passwords are more secure with PCCP than
participants of the original CCP system.
The theoretical password space for a password system is the total number of
unique passwords that could be generated according to the system specifications.Ideally, a larger theoretical password space lowers the likelihood that any
particular guess is correct for a given password. For PCCP, the theoreticalpassword space is ((w h)/t2)c where the size of the image in pixels (w * h) is
divided by the size of a tolerance square (t2), to get the total number of toleranceSquares per image, raised to the power of the number of click-points in a password
(c, usually set to 5 in our experiments).
-
8/11/2019 Stage1 (4)
6/31
SYSTEM DESIGN
The system designed consist of three modules such as user registration module,
picture selection module and system login module
In user registration module user enter the user name in user name field and alsosuitable tolerance value (tolerance value is use to compare registration profile
vector with login profile vector). When user entered the all user details inregistration phase, these user registration data stored in data base and used during
login phase for verification. In picture selection phase there are two ways forselecting picture password authentication.
1. User defines pictures: Pictures are selected by the user from the hard disk or anyother image supported devices.
2. System defines pictures: pictures are selected by the user from the database ofthe password system.
-
8/11/2019 Stage1 (4)
7/31
User registration flow chart
Below flowchart shows the user registration procedure, this procedure include bothregistration phase (user ID) and picture selection phase. The process flow starts
from registering user id and tolerance value. Once user completes all the userdetails then proceed to next stage, which is selecting click points on generated
images, which ranges from 1-5. After done with all these above procedure, userprofile vector will be created.
-
8/11/2019 Stage1 (4)
8/31
Login flow chart
In this login procedure (see figure 6), first user enters the unique user ID as sameas entered during registration. Then images are displayed normally, without
shading or the viewport, and repeat the sequence of clicks in the correct order,
within a system-defined tolerance square of the original click-points. After donewith all these above procedure, user profile vector will be opened.
-
8/11/2019 Stage1 (4)
9/31
1.6 Hardware and software requirements
HARDWARE REQUIREMENTS:
1 GB RAM.
200 GB HDD.
Intel 1.66 GHz Processor Pentium 4
SOFTWARE REQUIREMENTS:
Windows XP, Windows 7,8
Visual Studio 2010
MS SQL Server 2008
Windows Operating System
-
8/11/2019 Stage1 (4)
10/31
-
8/11/2019 Stage1 (4)
11/31
System Security
An authentication system must provide adequate security for its intended
environment; otherwise it fails to meet its primary goal. The classification of
attacks on knowledge-based authentication into two general categories: guessingand capture attacks.
A .Guessing AttacksIn successful guessing attacks, attackers are able to either exhaustively search
through the entire theoretical password space, or predict higher probabilitypasswords (i.e., create a dictionary of likely passwords) so as to obtain an
acceptable success rate within a manageable number of guesses. We now consider
how these could be leveraged in guessing attacks.
Pattern-Based Attack
One of the proposed attacks on Pass Points is an automated pattern-based
dictionary attack that prioritizes passwords consisting of click-points ordered in aconsistent horizontal and vertical direction (including straight lines in anydirection, arcs, and step patterns), but ignores any image-specific features such as
hotspots. The attack guesses approximately half of passwords collected in a fieldstudy on the Cars and Pool images (two of the 17 core images) with a dictionary
containing 235 entries, relative to a theoretical space of 243. Given that PCCP
passwords are essentially indistinguishable from random for click-point
distributions along the x- and y-axes, angles, slopes, and shapes (see technicalreport such pattern-based attacks would be ineffective
against PCCP passwords.Hotspot Attack with All Server-Side InformationPassPoints passwords from a small number of users can be used [21] to determine
likely hotspots on an image, which can then be used to form an attack dictionary.Up to 36 percent of passwords on the Pool image were correctly guessed with a
dictionary of 231 entries. To explore an offline version of this attack, assume in theworst case that attackers gain access to all serverside information: the username,
user-specific seed, image identifiers, images, hashed user password, andcorresponding grid identifiers .The attackers task is more difficult for PCCP
because not only is the popularity of hotspots reduced, but the sequence of images
must be determined and each relevant image collected, making a customized attackper user. An online attack could be thwarted by limiting the number of incorrect
guesses per account.
-
8/11/2019 Stage1 (4)
12/31
B .Capture Attacks
Password capture attacks occur when attackers directly obtain passwords (or parts
thereof) by intercepting user entered data, or by tricking users into revealing their
passwords. For systems like PCCP, CCP, and PassPoints (and many otherknowledge-based authentication schemes), capturing one login instance allows
fraudulent access by a simple replay attack. We summarize the main issues below.
Shoulder Surfing: All three cued-recall schemes discussed (PCCP, CCP, andPassPoints) are susceptible to shoulder surfing although no published empirical
study to date has examined the extent of the threat. Observing the approximate
location of clickpoints may reduce the number of guesses necessary to determinethe users password. User interfacemanipulations such as reducing the size of the
mouse cursor or dimming the image may offer some protection, but have not been
tested. A considerably more complicated alternative is to make user input invisibleto cameras, for example, by using eye tracking as an input mechanism.
Malware: Malware is a major concern for text and graphical passwords, since key
logger, mouse logger, and screen scraper malware could send captured dataremotely or otherwise make it available to an attacker.
-
8/11/2019 Stage1 (4)
13/31
Testing Technology
System testing is a critical phase implementation. Testing of the system involves
hardware devise and debugging of the computer programs and testing information
processing procedures. Testing can be done with text data, which attempts to stimulate
all possible conditions that may arise during processing. If structured programming
Methodologies have been adopted during coding the testing proceeds from higher level
to lower level of program module until the entire program is tested as unit. The testing
methods adopted during the testing of the system were unit testing and integrated
testing.
UNIT TESTING:
Unit testing focuses first on the modules, independently of one another, to locate
errors. This enables the tester to detect errors in coding and logical errors that is
contained within that module alone. Those resulting from the interaction between
modules are initially avoided.
INTEGRATION TESTING:
Integration testing is a systematic technique for constructing the program structure
while at the same time to uncover the errors associated with interfacing. The objective
-
8/11/2019 Stage1 (4)
14/31
is to take unit-tested module and build a program structure that has been detected by
designing. It also tests to find the discrepancies between the system and its original
objectives. Subordinate stubs are replaced one at time actual module. Tests were
conducted at each module was integrated. On completion of each set another stub was
replaced with the real module.
FUNCTIONAL TESTING:
Functional testing is a technique in which all the functionalities of the program are
tested to check whether all the functions that where proposed during the planning
phase are full filled.
This is also to check that if all the functions proposed are working properly.
This is further done in two phases:
- One before the integration to see if all the unit components work properly
- Second to see if they still work properly after they have been integrated to
check if some functional compatibility issues arise.
PERFORMANCE TESTING:
Expected Result
The client should be able to connect to the server properly without any
problems.
-
8/11/2019 Stage1 (4)
15/31
The connection establishment between the mobile device and the server
should take minimal time.
The mobile device should be able receive data from the server
uninterruptedly.
Information provided by the application should be correct and as per the
users need.
Observation
Connection can be established easily provided that the server is on.
The connection with the server takes time as it uses Internet connection.
Receiving data from the server takes time.
Information coming from the database is correct.
LOAD / STRESS TESTING :
Expected Result
Response time should be unaffected irrespective of the no of users.
-
8/11/2019 Stage1 (4)
16/31
The introduction of the newer clients should not make the server to work
hap hazardously.
Continuous use of the server by different clients should not result into the
server getting slowed down.
Response time should not be degraded if there is congestion in network.
Observation
The speed of transmission was fine even when the newer clients were
getting added. The response of the server was satisfying even with the
introduction of newer client.
ASP.NET
ASP.NET is more than the next version of Active Server Pages (ASP); it is a
unified Web development platform that provides the services necessary for developers to
build enterprise-class Web applications. While ASP.NET is largely syntax-compatible
with ASP, it also provides a new programming model and infrastructure that enables a
powerful new class of applications. You can migrate your existing ASP applications by
incrementally adding ASP.NET functionality to them.
ASP.NET is a compiled .NET Framework -based environment. You can author
applications in any .NET Framework compatible language, including Visual Basic and
Visual C#. Additionally, the entire .NET Framework platform is available to any
ASP.NET application. Developers can easily access the benefits of the .NET Framework,
which include a fully managed, protected, and feature-rich application execution
environment, simplified development and deployment, and seamless integration with a
wide variety of languages.
-
8/11/2019 Stage1 (4)
17/31
2.3 IDENTIFICATION OF THE PROJECT FROM THE STUDY
FEASIBILITY STUDY :
The very first phase in any system developing life cycle is preliminary
investigation. The feasibility study is a major part of this phase. A measure of how
beneficial or practical the development of any information system would be to the
organization is the feasibility study.
The feasibility of the development software can be studied in terms of the
following aspects:
1.Operational Feasibility.
2.Technical Feasibility.
3.Economical feasibility.
4.Motivational Feasibility.
5.Legal Feasibility
OPERATIONAL FEASIBILITY :
The site will reduce the time consumed to maintain manual records and is not
tiresome and cumbersome to maintain the records. Hence operational feasibility is
assured.
-
8/11/2019 Stage1 (4)
18/31
TECHNICAL FEASIBILITY :
At least 166 MHz Pentium Processor or Intel compatible processor.
At least 512 MB RAM.
14.4 kbps or higher modem.
A mouse or other pointing device.
At least 50 GB free hard disk space.
Microsoft Internet Explorer 4.0 or higher.
ECONOMICAL FEASIBILTY :
Once the hardware and software requirements get fulfilled, there is no need for the
user of our system to spend for any additional overhead.
For the user, the web site will be economically feasible in the following aspects:
The web site will reduce a lot of paper work. Hence the cost will be reduced.
Our web site will reduce the time that is wasted in manual processes.
The storage and handling problems of the registers will be solved.
LEGAL FEASIBILITY :
The licensed copy of the required software is quite cheap and easy to get. So
from legal point of view the proposed system is legally feasible.
-
8/11/2019 Stage1 (4)
19/31
Steps Towards Implementation
System Development Life Cycle:
The System Development Life Cycle is the process of developing information
systems through investigation, analysis, design, implementation, and maintenance. The
System Development Life Cycle (SDLC) is also known as Information Systems
Development or Application Development.
-
8/11/2019 Stage1 (4)
20/31
Steps involved in the System Development Life Cycle :
Below are the steps involved in the System Development Life Cycle. Each phase within
the overall cycle may be made up of several steps.
Step 1:Software Concept
The first step is to identify a need for the new system. This will include
determining whether a business problem or opportunity exists, conducting a feasibility
study to determine if the proposed solution is cost effective, and developing a project
plan.
This process may involve end users who come up with an idea for improving their
work. Ideally, the process occurs in tandem with a review of the organization's strategic
plan to ensure that IT is being used to help the organization achieve its strategic
objectives. Management may need to approve concept ideas before any money is
budgeted for its development.
Step 2:Requirements Analysis
Requirements analysis is the process of analyzing the information needs of the
end users, the organizational environment, and any system presently being used,
developing the functional requirements of a system that can meet the needs of the
users. Also, the requirements should be recorded in a document, email, user interface
storyboard, executable prototype, or some other form. The requirements
-
8/11/2019 Stage1 (4)
21/31
documentation should be referred to throughout the rest of the system development
process to ensure the developing project aligns with user needs and requirements.
Professionals must involve end users in this process to ensure that the new
system will function adequately and meets their needs and expectations.
Step 3:Architectural Design
After the requirements have been determined, the necessary specifications for the
hardware, software, people, and data resources, and the information products that will
satisfy the functional requirements of the proposed system
can be determined. The design will serve as a blueprint for the system and helps detect
problems before these errors or problems are built into the final system. Professionals
create the system design, but must review their work with the users to ensure the
design meets users' needs.
Step 4:Coding and Debugging
Coding and debugging is the act of creating the final system. This step is done by
software developer.
Step 5:System Testing The
system must be tested to evaluate its actual functionality in relation to expected or
intended functionality. Some other issues to consider during this stage would be
converting old data into the new system and training employees to use the new system.
End users will be key in determining whether the developed system meets the intended
requirements, and the extent to which the system is actually used.
Step 6:Maintenance
-
8/11/2019 Stage1 (4)
22/31
Inevitably the system will need maintenance. Software will definitely undergo change
once it is delivered to the customer. There are many reasons for the change. Change
could happen because of some unexpected input values into the system. In addition, the
changes in the system could directly affect the software operations. The software shouldbe developed to accommodate changes that could happen during the post implementation
period.
There are various software process models like:-
Prototyping Model
RAD Model
The Spiral Model
The Waterfall Model
The Iterative Model
Of all these process models weve used the Iterative model(The Linear Sequential Model)
for the development of our project.
The Iterative model
The waterfall model derives its name due to the cascading effect from one phase to
the other as is illustrated in Figure1.1. In this model each phase well defined starting and
ending point, with identifiable deliveries to the next phase.
-
8/11/2019 Stage1 (4)
23/31
This model is sometimes referred to as the linear sequential model or the software
life cycle.
The model consists of six distinct stages, namely:
1. In the requirements analysisphase
(a) The problem is specified along with the desired service objectives (goals)
(b) The constraints are identified
-
8/11/2019 Stage1 (4)
24/31
2. In the specification phase the system specification is produced from the
detailed definitions of (a) and (b) above. This document should clearly define the
product function.
3. In the system and software design phase, the system specifications are
translated into a software representation. The software engineer at this stage is
concerned with:
Data structure
Software architecture
Algorithmic detail
Interface representations
The hardware requirements are also determined at this stage along with a picture
of the overall system architecture. By the end of this stage should the software
engineer should be able to identify the relationship between the hardware,
software and the associated interfaces. Any faults in the specification should
ideally not be passed down stream.
4. In the implementation and testingphase stage the designs are translated into
the software domain
Detailed documentation from the design phase can significantly reduce
the coding effort.
Testing at this stage focuses on making sure that any errors are
identified and that the software meets its required specification.
5. In the integration and system testingphase all the program units are integrated
and tested to ensure that the complete system meets the software requirements.
After this stage the software is delivered to the customer [Deliverable The
software product is delivered to the client for acceptance testing.]
-
8/11/2019 Stage1 (4)
25/31
6. The maintenance phase the usually the longest stage of the software. In this
phase the software is updated to:
Meet the changing customer needs
Adapted to accommodate changes in the external environment
Correct errors and oversights previously undetected in the testing phases
Enhancing the efficiency of the software
Observe that feed back loops allow for corrections to be incorporated into the
model. For example a problem/update in the design phase requires a revisit to the
specifications phase. When changes are made at any phase, the relevant documentation
should be updated to reflect that change.
Advantages of the Iterative Model:-
Testing is inherent to every phase of the Iterative model
It is an enforced disciplined approach
It is documentation driven, that is, documentation is produced at every stage
Disadvantages of the Iterative Model:-
The waterfall model is the oldest and the most widely used paradigm. However,
many projects rarely follow its sequential flow. This is due to the inherent problems
associated with its rigid format. Namely:
It only incorporates iteration indirectly, thus changes may cause
considerable confusion as the project progresses.
-
8/11/2019 Stage1 (4)
26/31
As The client usually only has a vague idea of exactly what is required
from the software product, this IM has difficulty accommodating the natural
uncertainty that exists at the beginning of the project.
The customer only sees a working version of the product after it has been
coded. This may result in disaster any undetected problems are precipitated to
this stage.
4.User Manual
.net Framework:
The .NET Framework is Microsoft's Managed Code programming model for building
applications on Windows clients, servers, and mobile or embedded devices.
Microsoft's .NET Framework is a software technology that is available with several
Microsoft Windows operating systems. In the following sections describes , the
basics of Microsoft .Net Frame work Technology and its related programming
models.
C# is a language for professional programming. C# (pronounced C sharp) is a
programming language designed for building a wide range of enterprise applications
that run on the .NET Framework. The goal of C# is to provide a simple, safe,
modern, object-oriented, highperformance , robust and durable language for .NET
development. Also it enables developers to build solutions for the broadest range of
clients, including Web applications, Microsoft Windows Forms-based applications,
and thin- and smart-client devices.
-
8/11/2019 Stage1 (4)
27/31
Microsoft SQL Server 2008
Business today demands a different kind of data management solution.
Performance scalability, and reliability are essential, but businesses now expect more
from their key IT investment.
SQL Server 2008 exceeds dependability requirements and provides innovative
capabilities that increase employee effectiveness, integrate heterogeneous IT
ecosystems,and maximize capital and operating budgets. SQL Server 2008 provides the
enterprise data management platform your organization needs to adapt quickly in a fast
changing environment.
Benchmarked for scalability, speed, and performance, SQL Server 2008 is a fully
enterprise-class database product, providing core support for Extensible Markup
Language (XML) and Internet queries.
Easy-to-use Business Intelligence(BI) Tools
Through rich data analysis and data mining capabilities that integrate with
familiar applications such as Microsoft Office, SQL Server 2008 enables you to provide
all of your employees with critical, timely business information
tailored to their specific information needs. Every copy of SQL Server 2008 ships
with a suite of BI services.
Self-Tuning and Management Capabilities
Revolutionary self-tuning and dynamic self-configuring features optimize
database performance, while management tools automate standard activities. Graphical
tools and performance, wizards simplify setup, database design, and performance
-
8/11/2019 Stage1 (4)
28/31
monitoring, allowing database administrators to focus on meeting strategic business
needs.
Data Management Application and Services
Unlike its competitors, SQL Server 2008 provides a powerful and comprehensive
data management platform. Every software license includes extensive management and
development tools, a powerful extraction, transformation, and loading (ETL) tool,
business intelligence and analysis services such as Notification Service. The result is the
best overall business value available.
Enterprise Edition includes the complete set of SQL Server data management andanalysis features are and is uniquely characterized by several features that makes it the
most scalable and available edition of SQL Server 2008 .It scales to the performance
levels required to support the largest Web sites, Enterprise Online Transaction Processing
(OLTP) system and Data Warehousing systems. Its support for failover clustering also
makes it ideal for any mission critical line-of-business application.
-
8/11/2019 Stage1 (4)
29/31
CONCLUSION
An important usability and security goal in authentication systems is to help usersselect better passwords and thus increase the effective password space. We believe
that users can be persuaded to select stronger passwords through better userinterface design. As an example, we designed Persuasive Cued Click-Points
(PCCP) and conducted a usability study to evaluate its effectiveness. We obtained
favorable results both for usability and security.
PCCP encourages and guides users in selecting more random click-based graphicalpasswords. A key feature in PCCP is that creating a secure password is the path-
of-least-resistance, making it likely to be more effective than schemes where
behaving securely adds an extra burden on users. The approach has proveneffective at reducing the formation of hotspots, avoid shoulder surfing problem and
also provide high security success rate, while still maintaining usability.
-
8/11/2019 Stage1 (4)
30/31
REFERENCES
[1] S. Chiasson, R. Biddle, and P. van Oorschot, A Second Look at the Usability of Click-Based
Graphical Passwords, Proc. ACMSymp. Usable Privacy
and Security (SOUPS), July 2007.
[2] S. Chiasson, A. Forget, R. Biddle, and P. van Oorschot, Influencing Users towards BetterPasswords: Persuasive Cued Click- Points, Proc. British HCIGroup Ann. Conf. People and Computers: Culture, Creativity, Interaction, Sept. 2008.
[3] S. Chiasson, A. Forget, E. Stobert, P. van Oorschot, and R. Bddle, Multiple Password
Interference in Text and Click-Based Graphical Passwords, Proc.ACM Conf. Computer and Comm. Security CCS), Nov. 2009.
[4] E. Stobert, A. Forget, S. Chiasson, P. van Oorschot, and R.Biddle, Exploring Usability
Effects of Increasing Security in Click-Based Graphical Passwords,
Proc. Ann. Computer Security Applications Conf. (ACSAC), 2010.[5] S. Chiasson, A. Forget, R. Biddle, and P.C. van Oorschot, User Interface Design Affects
Security: Patterns in Click-Based Graphical Passwords, Intl J.
Information Security, vol. 8, no. 6, pp. 387- 398, 2009.[6] J. Yan, A. Blackwell, R. Anderson, and A. Grant, The Memorability and Securi ty of
Passwords, Security and Usability: Designing Secure Systems That
People Can Use, L. Cranor and S. Garfinkel, eds., ch. 7, pp. 129-142, OReilly Media, 2005.
[7] S. Chiasson, P. van Oorschot, and R. Biddle, Graphical Password Authentication UsingCued Click Points, Proc. European Symp. Research in Computer
Security (ESORICS), pp. 359-374, Sept. 2007.
[8] L. Jones, A. Anton, and J. Earp, Towards Understanding User Perceptions of AuthenticationTechnologies, Proc. ACM Workshop Privacy in Electronic
Soc., 2007.
[9] L. OGorman, Comparing Passwords, Tokens, and Biometrics for User Authentication,
Proc. IEEE, vol. 91, no. 12, pp. 2019-2020, Dec. 2003.[10] A. Jain, A. Ross, and S. Pankanti, Biometrics: A Tool for Information Security, IEEE
Trans. Information Forensics and Security (TIFS), vol. 1, no. 2, pp.
125-143, June 2006.[11] R. Biddle, S. Chiasson, and P. van Oorschot, Graphical Passwords: Learning from the First
Twelve Years, to be published in ACM Computing Surveys,
vol. 44, no. 4, 2012.[12] A. De Angeli, L. Coventry, G. Johnson, and K. Renaud, Is a Picture Really Worth a
Thousand Words? Exploring the Feasibility of Graphical
Authentication Systems, Intl J. Human-Computer Studies, vol. 63, nos. 1/2, pp. 128-152, 2005.
[13] E. Tulving and Z. Pearlstone, Availability versus Accessibility of Information in Memoryfor Words, J. Verbal Learning and Verbal Behavior, vol. 5, pp.
381-391, 1966.
[14] S. Wiedenbeck, J. Waters, J. Birget, A. Brodskiy, and N. Memon, PassPoints: Design and
Longitudinal Evaluation of a Graphical Password System,Intl J. Human-Computer Studies, vol. 63, nos. 1/2, pp. 102-127, 2005.
[15] S. Wiedenbeck, J. Waters, J. Birget, A. Brodskiy, and N. Memon, Authentication Using
Graphical Passwords: Effects of Tolerance and Image Choice,Proc. First Symp. Usable Privacy and Security (SOUPS), July 2005.
-
8/11/2019 Stage1 (4)
31/31