Author : Mrs.Sindhu M.R 1
Date of Publication :30th November 2017
Abstract: Image based password schemes are constructed to authenticate users. Graphical passwords are composed of images and sketches with human memory for visual information. Improved password memorability and strength against guessing attacks are the key benefits of graphical password schemes. Graphical passwords are classified into three main categories. They are recall, recognition and cued-recall methods. Recall based graphical password systems are drawn metric systems. Recognition based systems, also known as cogno metric systems or search metric systems. Cued recall systems typically require that users remember and target specific locations within an image. Graphical passwords and Captcha schemes are integrated to perform the user authentication with improved security mechanism. Captcha as graphical passwords (CaRP) is a graphical password scheme used for user authentication. Online guessing attacks, relay attacks and shoulder surfing attacks are handled in CaRP. CaRP is click-based graphical passwords where a sequence of clicks on an image is used to derive a password. Dynamic captcha challenge image is used for each login attempt in CaRP. Text Captcha and image-recognition Captcha are used in CaRP scheme. Text CaRP scheme constructs the password by clicking the right character sequence on CaRP images. CaRP schemes can be classified into two categories recognition based CaRP and recognition-recall based CaRP. Recognition-based CaRP seems to have access to an infinite number of different visual objects. Recognition-recall based CaRP requires recognizing an image and using the recognized objects as cues to enter a password. Recognition-recall combines the tasks of both recognition and cued-recall. Password information is transferred and verified using hash codes. Secure channels between clients and the authentication server through Transport Layer Security (TLS). The system is improved with distribution analysis and transmission security features. Pattern based attacks are handled with Color and Spatial patterns. Pixel colors in click points are considered in the color pattern analysis model. Pixel location patterns are considered in the spatial pattern analysis model.
Reference :
-
- J. Thorpe. On the Predictability and Security of User Choice in Passwords. PhD thesis, Carleton University, 2008
- S. Chiasson, A. Forget, R. Biddle and P.C. van Oorschot. Influencing Users Towards Better Passwords: Persuasive Cued Click-Points. In Proceedings of HCI, British Computer Society, 2008.
- S. Chiasson, A. Forget, R. Biddle and P.C. van Oorschot. User Interface Design Affects Security: Patterns in Click-Based Graphical Passwords. International Journal of Information Security, 8(5), 2009.
- S. Chiasson, A. Forget, E. Stobert, P.C. van Oorschot and R. Biddle. Multiple Password Interference in Text Passwords and Click-Based Graphical Passwords. In 16th ACM Conference on Computer and Communications Security (CCS), 2009.
- P.C. van Oorschot and J. Thorpe. On Predicting and Exploiting Hot-Spots in Click-Based Graphical Passwords, 2008.
- K. Renaud. Guidelines for designing graphical authentication mechanism interfaces . International Journal of Information and Computer Security, 3(1):60– 85, 2009
- A. Salehi-Abari, J. Thorpe and P.C. van Oorschot. On Purely Automated Attacks and Click- Based Graphical Passwords. In Proceedings of the 24th Annual Computer Security Applications Conference (ACSAC), 2008.
- Mun-Kyu Lee, ―Security Notions and Advanced Method for Human Shoulder-Surfing Resistant PINEntry‖ IEEE Transactions On Information Forensics And Security, Vol. 9, No. 4, April 2014
- B. B. Zhu et al., ―Attacks And Design Of Image Recognition CAPTCHAs,‖ in Proc. ACM CCS, 2010.
- E. Stobert, A. Forget, S. Chiasson, P. van Oorschot and R. Biddle, ―Exploring Usability Effects of Increasing Security in Click-Based Graphical Passwords,‖ Proc. Ann. Computer Security Applications Conf. (ACSAC), 2010.
- S. Chiasson, A. Forget, E. Stobert, P. van Oorschot and R. Biddle, ―Multiple Password Interference in Text and Click-Based Graphical Passwords,‖ Proc. ACM Conf. Computer and Comm. Security (CCS), Nov. 2009.
- Sonia Chiasson, Alain Forget, Robert Biddle and Paul C. van Oorschot, ―Persuasive Cued Click-Points.Design, Implementation and Evaluation of a KnowledgeBased Authentication Mechanism‖ IEEE Transactions On Dependable And Secure Computing, Vol. 9, No. 2, March/April 2012
- P.C. van Oorschot and J. Thorpe. On Predictive Models and User-Drawn Graphical Passwords. ACM Transactions on Information and System Security, 10(4):1–33, January 2008.