1 / 26

Graphical Password A Survey

Graphical Password A Survey. Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen. Presented by: Lin Jie. Outline. Introduction Overview of the Authentication Methods The survey Recognition Based Techniques Recall Based Techniques Discusssion Security Usability Conclusion. Outline.

hamannm
Download Presentation

Graphical Password A Survey

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Graphical PasswordA Survey Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen Presented by: Lin Jie

  2. Outline • Introduction • Overview of the Authentication Methods • The survey • Recognition Based Techniques • Recall Based Techniques • Discusssion • Security • Usability • Conclusion

  3. Outline • Introduction • Overview of the Authentication Methods • The survey • Recognition Based Techniques • Recall Based Techniques • Discusssion • Security • Usability • Conclusion

  4. Introduction • How about text-based passwords ? • Difficulty of remembering passwords • easy to remember -> easy to guess • hard to guess -> hard to remember • Users tend to write passwords down or use the same passwords for different accounts • An alternative: Graphical Passwords • Psychological studies: Human can remember pictures better than text

  5. Graphical Password Scheme • If the number of possible pictures is sufficiently large, the possible password space may exceed that of text-based schemes, thus offer better resistance to dictionary attacks. • can be used to: • workstation • web log-in application • ATM machines • mobile devices

  6. In this paper • Conduct a comprehensive survey of the existing graphical password techniques • Discuss the strengths and limitations of each method • Point out future research directions

  7. Outline • Introduction • Overview of the Authentication Methods • The survey • Recognition Based Techniques • Recall Based Techniques • Discusssion • Security • Usability • Conclusion

  8. Overview of the Authentication Methods • Token based authentication • key cards, band cards, smart card, … • Biometric based authentication • Fingerprints, iris scan, facial recognition, … • Knowledge based authentication • text-based passwords, picture-based passwords, … • most widely used authentication techeniques

  9. Outline • Introduction • Overview of the Authentication Methods • The survey • Recognition Based Techniques • Recall Based Techniques • Discusssion • Security • Usability • Conclusion

  10. The survey : two categories • Recognition Based Techniques • a user is presented with a set of images and the user passes the authentication by recognizing and identifying the images he selected during the registration stage • Recall Based Techniques • A user is asked to reproduce something that he created or selected earlier during the registration stage

  11. Outline • Introduction • Overview of the Authentication Methods • The survey • Recognition Based Techniques • Recall Based Techniques • Discusssion • Security • Usability • Conclusion

  12. Recognition Based Techniques • Dhamija and Perrig Scheme Pick several pictures out of many choices, identify them later in authentication. • using Hash Visualization, which, given a seed, automatically generate a set of pictures • take longer to create graphical passwords password space: N!/K! (N-K)! ( N-total number of pictures; K-number of pictures selected as passwords)

  13. Recognition Based Techniques • Sobrado and Birget Scheme System display a number of pass-objects (pre-selected by user) among many other objects, user click inside the convex hull bounded by pass-objects. • authors suggeated using 1000 objects, which makes the display very crowed and the objects almost indistinguishable. password space: N!/K! (N-K)! ( N-total number of picture objects; K-number of pre-registered objects)

  14. Recognition Based Techniques • Other Schemes Using human faces as password • Select a sequence of images as password

  15. Outline • Introduction • Overview of the Authentication Methods • The survey • Recognition Based Techniques • Recall Based Techniques • Discusssion • Security • Usability • Conclusion

  16. Recall Based Techniques • Draw-A-Secret (DAS) Scheme User draws a simple picture on a 2D grid, the coordinates of the grids occupied by the picture are stored in the order of drawing • redrawing has to touch the same grids in the same sequence in authentication • user studies showed the drawing sequences is hard to Remember

  17. Recall Based Techniques • “PassPoint” Scheme User click on any place on an image to create a password. A tolerance around each chosen pixel is calculated. In order to be authenticated, user must click within the tolerances in correct sequence. • can be hard to remember the sequences Password Space: N^K ( N -the number of pixels or smallest units of a picture, K - the number of Point to be clicked on )

  18. Recall Based Techniques • Other Schemes Grid Selection Scheme Signature Scheme

  19. Schemes Not In This Paper Using images with random tracks of geometric graphical shapes Using distorted images to prevent revealing of passwords

  20. Outline • Introduction • Overview of the Authentication Methods • The survey • Recognition Based Techniques • Recall Based Techniques • Discusssion • Security • Usability • Conclusion

  21. Security • Is a graphical password as secure as text-based passwords? • text-based passwords have a password space of 94^N (94 – number of printable characters, N- length of passwords). Some graphical password techniques can compete: Draw-A-Secret Scheme, PassPoint Scheme. • Brute force search / Dictionary attacks The attack programs need to automatically generate accurate mouse motion to imitate human input, which is more difficult compared to text passwords. • Guessing • Social engineering • …

  22. Outline • Introduction • Overview of the Authentication Methods • The survey • Recognition Based Techniques • Recall Based Techniques • Discusssion • Security • Usability • Conclusion

  23. Usability • Pictures are easier to remember than text strings • Password registration and log-in process take too long • Require much more storage space than text based passwords

  24. Outline • Introduction • Overview of the Authentication Methods • The survey • Recognition Based Techniques • Recall Based Techniques • Discusssion • Security • Usability • Conclusion

  25. Conclusion • main argument for graphical passwords: people are better at memorizing graphical passwords than text-based passwords • It is more difficult to break graphical passwords using the traditional attack methods such as:burte force search, dictionary attack or spyware. • Not yet widely used, current graphical password techniques are still immature

  26. Thanks • Questions?

More Related