picture password authentication

1. PRESENTED BY:-
UMESH KUMAR
1120161

2. Outline
 Introduction
 Overview of the Authentication Methods
 Techniques of GPA
◦ Recognition Based Techniques
◦ Recall Based Techniques
 Discussion
◦ Security
◦ Usability
 Conclusion

3. Introduction

4. Overview of authentication method

5. In this presentation what we have
 A comprehensive study of the existing
graphical password techniques
 Discuss the strengths and limitations of
each method
 Point out future research directions

6. The two most commonly used techniques in picture password authentication

7. RECOGNITIONBASED TECHNIQUES
A user is presented with a set of images and the user passes the authentication by recognizing and
identifying the images he selected during the registration stage
RECALL BASED TECHNIQUES
A user is asked to reproduce/recreate something that he created or selected earlier during
the registration stage

8. Recognition Based Techniques
 Dhamija and Perrig Scheme
Pick several pictures out of many choices, identify them later
in authentication.
◦ using Hash Visualization, which,
given a seed, automatically
generate a set of pictures
◦ take longer to create graphical
passwords
password space: N!/K! (N-K)!
( N-total number of pictures; K-number of pictures selected as passwords)

9. Recognition Based Techniques
 Triangle Scheme
System display a number of pass-objects (pre-selected by
user) among many other objects, user click inside the
convex hull bounded by pass-objects.
◦ authors suggest using 1000
objects, which makes the display
very crowed and the objects almost
indistinguishable.
password space: N!/K! (N-K)!
( N-total number of picture objects; K-number of pre-registered objects)

10. Recognition Based Techniques
Pass face scheme
In this technique human
faces are used as password.

11. Recall Based Techniques
 Draw-A-Secret (DAS) Scheme
User draws a simple picture on a 2D grid, the
coordinates of the
grids occupied by the picture are stored in the order of
drawing
 redrawing has to touch the
same grids in the same
sequence in authentication
 user studies showed the
drawing sequences is hard to
Remember

12. Recall Based Techniques
 “Pass Point/ Click Point ” Scheme
User click on any place on an image to create a password. A
tolerance
around each chosen pixel is calculated. In order to be authenticated,
user must click within the tolerances in correct sequence.
 can be hard to remember the
sequences
Password Space: N^K
( N -the number of pixels or smallest
units of a picture, K - the number of
Point to be clicked on )

13. Click point’s as password
1st click 2nd click 3rd click 4th click 5th click …
Click point

14. Recall Based Techniques
 Other Schemes
Grid Selection Scheme Signature Scheme

15. Security
 Is a graphical password as secure as
text-based passwords?
◦ text-based passwords have a password space of
94^N
(94 – number of printable characters, N- length of passwords).
Some graphical password techniques can compete: Draw-A-Secret
Scheme, Pass Point Scheme.
Text passwords are Vulnerable/prone to
attacks like Dictionary attack, Brute
force attack, spyware .

16. ◦ Brute force search / Dictionary attacks
The attack programs need to automatically generate accurate mouse motion
to imitate human input, which is more difficult compared to text passwords.
◦ Guessing
◦ Social engineering
 If the number of possible pictures is sufficiently
large, the possible password space may exceed that
of text-based schemes, thus offer better resistance
to dictionary attacks.
 can be used to:
◦ workstation
◦ web log-in application
◦ ATM machines
◦ mobile devices
◦ databases

17. Advantages of picture password authentication
Graphical password schemes provide a way of making more human-friendly
passwords .
Here the security of the system is very high.
Here we use a series of selectable images on successive screen pages.
 Dictionary attacks and brute force searches are infeasible.

18. Drawback's of picture password
 Password registration and log-in process take too long.
 Require much more storage space than textual/character passwords.
SHOULDER SURFING
It means watching over people's shoulders as they process information.
Examples include observing the keyboard as a person types his or her password,
enters a PIN number, or views personal information.
Because of their graphic nature, nearly all graphical password schemes are quite
vulnerable/unsafe to shoulder surfing.

19. SOLUTION TO SHOULDER
SURFING PROBLEM
(1) TRIANGLE SCHEME

20. (2) MOVABLE FRAME SCHEME

21. CONCLUSION
 Picture passwords are an alternative to textual alphanumeric password.
 It satisfies both conflicting requirements i.e. it is easy to remember & it is
hard to guess.
 By the solution of the shoulder surfing problem, it becomes more secure &
easier password scheme.
 By implementing encryption algorithms and hash algorithms for storing and
retrieving pictures and points, one can achieve more security
 Picture password is still immature, more research is required in this field.

22. BY :-
UMESH KUMAR