Graphical password authentication
Download as PPTX, PDF11 likes5,285 views
The document discusses various user authentication methods, focusing on graphical passwords, including recognition and recall-based techniques. It evaluates the effectiveness of methods like pass points, cued click points, persuasive cued click points, and improved versions, highlighting their advantages and disadvantages such as the hotspot and shoulder surfing problems. Usability metrics are also presented, showing success rates for different authentication methods.
Graphical password authentication
- 1. 1
- 2. 1. Password 2. Over view of authentication methods 3) Graphical passwords 3.1) recognition based technique. 3.2) Recall based technique- ○ Pass points ○ cued click point(CCP) ○ persuasive cued click point(PCCP) ○Improved PCCP (IPCCP) ○Comparison between IPCCP and PCCP 2
- 3. Most commonly used form of user authentication. It is used to prove identity or access approval to gain access to a resource. Two conflicting requirements of alphanumeric passwords- 1)Easy to remember 2) hard to guess Many people tend to ignore second requirement, which lead to weak passwords. So many solutions have been proposed one of them is graphical passwords. 3
- 4. 1) Token Based Authentication : Example : Smart cards , Key cards , ATM 2) Biomatrics: Example: Finger print, Iris scan ,face recognition 3) Knowledge based authentication: Example: picture based passwords , most widely used authentication techniques. . 4
- 5. 5 Two most commonly used techniques in picture passwords :
- 6. 1) Recognition Based Technique: A user is presented with a set of images ,for authentication he recognize and identify the images he selected during the registration stage. 2) Recall Based Technique: User is asked to reproduce something that he created or selected earlier during registration. 6
- 7. 1) Pass points: user click on any place on the image to create password. In order to be authenticated user must click with in the tolerances in correct sequence. Password space: N^K N= the number of pixels, K= number of points to be clicked on 7
- 8. 8 Click Point Values X-Cordinat es Y-Cordinat es a 2 3 b 3 2 c 5 9 d 6 8 e 9 6
- 9. Disadvantage: hotspot problem different users tend to select similar click points as a part of their passwords. Attackers who yield the knowledge of these hotspots through harvesting can build attack dictionaries. 2) Cued click point(CCP): It is designed to reduce hotspot problem, rather than five click points on a single image it takes five click points on five different images. user can select their images only to extent that their click point determines the next image, as it consist of different images, so it prevent guessing attacks. remembering the order of click points is no longer the requirement of user . 9
- 10. 10 Picture authentication using cued click points: modules User registration process Picture selection process System login process
- 11. 11
- 12. 12
- 13. 13
- 14. 14 There are two ways for selecting pictures as a password:
- 15. 15
- 16. 16
- 17. 17
- 18. Disadvantage: Although pattern based attack seems to be ineffective but hotspot problem remained same. 18 3)Persuasive technology : technology to motivate and impact people to behave in a desired manner.
- 19. 3.1)Persuasive Cued Click Point(PCCP): ● persuasive technology is added to CCP . ● It encourage users to select more secure passwords. ● here images are slightly shaded except for a viewport. ● when users created a password, the images were slightly shaded except for a randomly positioned viewport. The viewport is positioned randomly rather than specifically to avoid known hotspots. Disadvantage: shoulder surfing problem: watching over people’s shoulder as they process information. E.g.. Observing keyboard as person typing password like ATM password. 19
- 20. 3.2)Improved Persuasive Cued Click Point(IPCCP): It reduce both hotspot problem and shoulder surfing problem. Processing: ●By using x-y coordinates it divide image into blocks. ●Merge the blocks, after merging blur the complete image. ●Activate only one block to set click points during registration. 20
- 21. ● User create the ID and allocate the set of images to select password. ● It use double click method ,as in first click it take empty values ,and in second click it take the values. ● Double click method is used to prevent shoulder surfing problem, as most of the attackers focuses on single click method. 21
- 22. 1) USABILITY : measured by success rate and password generation time. 1.1) success rate : Login times for both IPCCP and PCCP Successful user password creation Successful user login IPCCP 38/40 (95%) 35/40 (87.5%) PCCP 36/40 (90%) 34/40 (85%) 96 94 92 90 88 86 84 82 80 IPCCP PCCP successful user password creation successful user login 22
- 23. 23
- 24. 24