Shoulder Surfing Resistant Graphical Password Schemes

Top PDF Shoulder Surfing Resistant Graphical Password Schemes:

A Survey on Shoulder Surfing Resistant Graphical Authentication Systems

A Survey on Shoulder Surfing Resistant Graphical Authentication Systems

The shoulder surfing attack in an attack that can be performed by the adversary to obtain the user's password by watching over the user's shoulder as he enters his password. As conventional password schemes are vulnerable to shoulder surfing, Sobrado and Birget proposed three shoulder surfing resistant graphical password schemes. Since then, many graphical password schemes with different degrees of resistance to shoulder surfing have been proposed, and each has its pros and cons. seeing that most users are more familiar with textual passwords than pure graphical passwords.
Show more

5 Read more

REVIEW ON COLOR PASSWORD TO RESIST SHOULDER SURFING ATTACK

REVIEW ON COLOR PASSWORD TO RESIST SHOULDER SURFING ATTACK

Abstract- Since conventional password schemes are vulnerable to shoulder surfing, many shoulder surfing resistant graphical password schemes have been proposed. However, as most users are more familiar with textual passwords than pure graphical passwords, text-based graphical password schemes have been proposed. Unfortunately, both the text-based password schemes and graphical password schemes are not secure and efficient enough and not adopted. Textual passwords are the most common method used for authentication. But textual passwords are vulnerable to eves dropping, dictionary attacks, social engineering and shoulder surfing. Graphical passwords are introduced as alternative techniques to textual passwords. Most of the graphical schemes are vulnerable to shoulder surfing. To address this problem, text can be combined with colors to generate secure passwords for authentication. The user passwords can be used only once and every time a new password is generated. In this paper, the user propose an improved text-based shoulder surfing resistant graphical password scheme by using color PIN entry mechanism which are resistant to shoulder surfing. In the proposed scheme, the user can easily and efficiently log in into the system. This proposed work gives more security over the password from shoulder surfing and accidental log in.
Show more

7 Read more

DIGITAL LOCK: A HYBRID AUTHENTICAIONMr. Dipak P. Umbarkar1, Prof. Megha singh2

DIGITAL LOCK: A HYBRID AUTHENTICAIONMr. Dipak P. Umbarkar1, Prof. Megha singh2

Textual password is the most common technique used for authentication. The weaknesses of this technique likely produce eves dropping, social engineering, dictionary attack and shoulder surfing are well-known. Unpredicted and long passwords can make the system protected. On the other hand the main problem is the trouble of memorizing those passwords. Studies have uncovered that users have a tendency to choice small and stress-free password to recall. Fatefully, these passwords can be easily predicted or broken. Other techniques uses are graphical passwords and biometrics. On the other hand these methods have their particular drawback. In Biometrics password techniques such as facial recognition, finger prints etc. have been offered but not yet generally adopted. The main disadvantage of this method is that such systems can be valuable and slow. There are numerous graphical password methods that are planned in the past years. On the other hand most methods are suffered from shoulder surfing attack which is becoming relatively a large problem. There are some graphical passwords patterns that are resistant to shoulder- surfing but they have their particular weaknesses like usability problems or takes large time for login or it has tolerance levels The shoulder surfing attack in an attack that can be performed by the adversary to obtain the user’s password by watching over the user’s shoulder as he enters his password. From the time many graphical password methods with different degrees of resistance to shoulder surfing has estimated, e.g., [2] [3] [4] [5][6][7][8][9], and each has its pros and cons. As expected password schemes are vulnerable to shoulder surfing, Sobrado and Birget [2] proposed three shoulder surfing resistant graphical password methods. Maximum users are using text-based passwords than graphical passwords, Zhao et al. [10] proposed S3APS text-based shoulder surfing resistant graphical password methods. In S3PAS, the user has to combine his textual password on the login screen to catch the session password but the login procedure of Zhao et al.’s methods is hard and boring. And then, a number of text-based shoulder surfing resistant graphical password methods have been proposed, such as [11][12][13][14][15]. Undesirably, none of present textual based shoulder surfing resistant graphical password schemes is both protected and effectual adequate. In this paper, we will suggest a better text-based shoulder surfing resistant graphical password structure by with colors and session. The process of the proposed methods is simple and easy to study for users aware with word-based passwords. The user can easily and efficiently to login the system without using any physical keyboard.
Show more

7 Read more

HoneyPass: A Shoulder Surfing Resistant Graphical Authentication System using Honeypot

HoneyPass: A Shoulder Surfing Resistant Graphical Authentication System using Honeypot

Password-based authentication schemes have been most commonly used on many smart devices when compared to other authentication schemes. The lower complexities in implementation, computation, processing requirements and so forth have led to the use of a password-based authentication system. Again, text-based passwords are more commonly used when compared to other existing authentication systems. However, various vulnerabilities were discovered by several cryptanalysts in text-based systems like brute force attack, guessing attack, dictionary attack, social engineering attack etc. In smart phones, the tiny screen size imposes some more constraints such as limited password length, implementation of easier authentication systems to increase performance etc. Moreover, the small on-screen keyboard makes typing inefficient and less precise. Consequently, the users tend to use a smaller password which makes it even more vulnerable. Since the size of smart devices is getting smaller and smaller; few authentication systems cannot be implemented in it due to its size [11].
Show more

11 Read more

Secured Hybrid Authentication Schemes using Session Password and Steganography

Secured Hybrid Authentication Schemes using Session Password and Steganography

1. Advanced Scalable Shoulder-Surfing Resistant Graphical Password Authentication Scheme (AS3PAS): In the proposed system the user has to create its own region in AS3PAS. The smaller the region the security is more. Clicking on three times on a given complicated image. During registration process the user is provided with the complicated images. What user has to do is, he has to click on image three times creating a triangular region.

7 Read more

Advanced Scalable Shoulder Surfing Resistance Password Authentication Scheme

Advanced Scalable Shoulder Surfing Resistance Password Authentication Scheme

4 Haichang Proposed a new shoulder-surfing resistant scheme where the user is required to draw a curve across their password images orderly rather than clicking on them directly.[7] This graphical scheme combines DAS and Story schemes to provide authenticity to the user

7 Read more

Graphical password schemes design: enhancing memorability features using autobiographical memories

Graphical password schemes design: enhancing memorability features using autobiographical memories

Shoulder- surfing problem is an attack in which the intruder can observe the passwords, PINs or other protected information by observing the owner or victim through his/her shoulder or other spying devices such as binoculars and video camera while the password is being used on the computer or at the terminal for authentication . The main aim of the intruder for this attack is to use the observed credentials for illicit transactions in order to impersonate the real owner (the victim) afterwards. The root cause of this drawback is due the fact that users enter their secrets directly to some poorly designed user interface in a way that is easy for intruder to gain knowledge of the secret via observation. To surmount this problem during authentication, a number of shoulder-surfing resistant techniques were proposed as helpful solutions to protect the user’s secret from being observed for illicit usage. To protect recall-based graphical password systems such Draw-A-Secret and Background Draw-A-Secret DAS from shoulder surfing, three techniques which include decoy Strokes defense, disappearing Strokes, and line Snaking were proposed [10]. These techniques are used during a login procedure as a means of distracting shoulder surfer away from capturing the correct password drawn by the user for security reason. Decoy Strokes defense technique allows user to draw many passwords of which only one is authentic user’s password. In disappearing stroke defense, the user stroke is being removed from the screen after it has been drawn. The idea behind is to make it difficult for attacker to store the image to memory. While line Snaking technique is based on the disappearing stroke solution but was intended to leave the vital
Show more

7 Read more

A SHOULDER SURFING RESISTANT GRAPHICAL AUTHENTICATION SYSTEM

A SHOULDER SURFING RESISTANT GRAPHICAL AUTHENTICATION SYSTEM

There are lot of research on password based on authentication has been done in the literature. Among all of these proposed schemes, from this paper focuses mainly on the graphical-based authentication systems along with a virtual keyboard shuffling. It defines that the keys will be hidden and shuffled after we pressed a password key by using fisher Yates shuffling algorithm. To avoid the shoulder surfing and key logger attack, we introduced the above concepts. We need to choose image. After the image is accepted to split into 7*11 matrixes, we need to specify the cell to set as password. After the cell is selected as password, login indicator will be generated based on cell which is selected. At initial stage we need to create with a username. To avoid key loggers attack while we typing username and other authentication based, keys are shuffled by using above mentioned algorithm.
Show more

8 Read more

S3PAS:A Scalable Shoulder-Surfing Resistant Textual-Graphical Password Authentication Scheme

S3PAS:A Scalable Shoulder-Surfing Resistant Textual-Graphical Password Authentication Scheme

The vulnerabilities of the textual password have been well known. Users tend to pick short passwords or pass-words that are easy to remember, which makes the pass-words vulnerable for attackers to break. Furthermore, tex-tual password is vulnerable to shoulder-surfing, hidden-camera and spyware attacks. Graphical password schemes have been proposed as a possible alternative to text-based scheme. However, they are mostly vulnerable to shoulder-surfing. In this paper, we propose a Scalable Shoulder- Surfing Resistant Textual-Graphical Password Authentica-tion Scheme (S3PAS). S3PAS seamlessly integrates both graphical and textual password schemes and provides nearly perfect resistant to shoulder-surfing, hidden-came ra and spyware attacks. It can replace or coexist with con-ventional textual password systems without changing ex-isting user password profiles. Moreover, it is immune to brute-force attacks through dynamic and volatile session passwords. S3PAS shows significant potential bridging the gap between conventional textual password and graphical password. Further enhancements of S3PAS scheme are pro-posed and briefly discussed. Theoretical analysis of the se-curity level using S3PAS is also investigated.
Show more

6 Read more

A Survey On Resisting Shoulder Surfing Attack Using Graphical Password

A Survey On Resisting Shoulder Surfing Attack Using Graphical Password

resistant graphical password scheme, TI-IBA, in which icons are presented not only spatially but also temporally. TI-IBA is less constrained by the screen size and easier for the user to find his pass-icons. Unfortunately, TI-IBA’s resistance to accidental login is not strong. And, it may be difficult for some users to find his pass-icons temporally displayed on the login screen. As most users are familiar with textual passwords and conventional textual password authentication schemes have no shoulder surfing resistance, Zhao et al. [13], in 2007, proposed a text-based shoulder surfing resistant graphical password scheme, S3PAS, in which the user has to find his textual password and then follow special rule to mix his textual password to get a session password to login the system. However, the login process of Zhao et al.’s scheme is complex and tedious [11].
Show more

5 Read more

DIGITAL PASSWORD SURVEYMr. Dipak P. Umbarkar1, Prof. Megha singh2

DIGITAL PASSWORD SURVEYMr. Dipak P. Umbarkar1, Prof. Megha singh2

The most general technique used for authentication is text-based password. Due to that it is exposing to well-known attack like eves dropping, social engineering, dictionary attack and shoulder surfing attack. Unpredicted and lengthy passwords can make the system secure. On the other hand this may create problem i.e. the trouble of memorizing those passwords. Studies have showing that End-users have a trend to choice small passwords or passwords that are easy to recall. Fatefully, these passwords can be simply cracked. The different types of methods are present today like graphical passwords and biometrics with some disadvantages. In Biometrics password techniques such as finger prints, facial recognition etc. have been offered but not yet commonly adopted. The main disadvantage of this method is that such systems can be expensive and the overall procedure of identification can be slow. The number of graphical password methods that are planned in the past years. On the other hand most methods are suffered from shoulder surfing attack which is becoming somewhat a big problem. There are graphical passwords patterns that have been predicted which are resistant to shoulder-surfing and they have their particular limitation like usability problems or takes large time for login. The shoulder surfing attack in an attack that can be did by the enemy to get the user’s password by watching above the user’s shoulder as he enters his password. From last some year the numerous hybrid graphical password methods with different degrees of resistance to shoulder surfing has projected, e.g., [2] [3] [4] [5][6][7][8][9], and each has its pros and cons. As expected password schemes are disposed to shoulder surfing, Sobrado and Birget [1] proposed three shoulder surfing resistant graphical password methods.
Show more

6 Read more

Text Based Shoulder Surfing Resistant Using Graphical Password (CAPTCHA)

Text Based Shoulder Surfing Resistant Using Graphical Password (CAPTCHA)

ABSTRACT: A Lot of security primitives are depend on more challenges and it will be resolved by some mathematical formulations. For security using high AI Problems and it’s become an evaluation for new pattern of security, but not explored well. In our studies we define Captcha as graphically password, graphically password system build on captcha technology mainly on hard AI problems we will present new security primitives. Captcha is combination of captcha and graphical password. CaRP is address multiple security issue like shoulder surfing attack, if combined with dual view technology, relay attack and online guessing attack. CaRP alone becomes inefficient to prevent all security, hence this paper makes a survey of the various security measures for secure password schemes and gives a clear picture of the efficiencies of the different techniques. For improving online security highly secure password offers usability and reasonable security and appears suit well with practical applications.
Show more

6 Read more

3D SECURE PASSWORD

3D SECURE PASSWORD

Textual passwords are the most common method used for authentication. But textual passwords are vulnerable to eves dropping, dictionary attacks, social engineering and shoulder surfing. Graphical passwords are introduced as alternative techniques to textual passwords. Most of the graphical schemes are vulnerable to shoulder surfing. To address this problem, text can be combined with images or colors to generate session passwords for authentication. Session passwords can be used only once and every time a new password is generated. In this paper, a technique is proposed to generate session passwords using colors which are resistant to shoulder surfing. This method is suitable for Personal Digital Assistants.
Show more

5 Read more

A Shoulder Surfing Resistant Image Augmented Multi Password Authentication System with Key Store Time Log in & Coordination Comparison

A Shoulder Surfing Resistant Image Augmented Multi Password Authentication System with Key Store Time Log in & Coordination Comparison

Graphical password schemes have been proposed as a possible alternative to text-based schemes, the psychological studies which supports the fact that humans can remember pictures better than text. Pictures are generally easier to be remembered or recognized than text. Input devices such as mouse, stylus and touch screen that permit make the appearance of graphical user technique possible. Graphical passwords are applied to workstations, web log-in applications, TM machines and mobile devices. Shoulder surfing refers to using direct observation techniques, such as looking over someone’s shoulder, to get information. Shoulder surfing is effective in public places because standing near someone and watch them entering a PIN number at ATM machine is nearly very easy. This attack is also possible at long distance using binoculars or vision enhancing devices like miniature closed circuit cameras
Show more

5 Read more

Shoulder Surfing Resistance Graphical
Password Autentication


     V.D.Janani, V.Anwar, M .Ravi Sankar Abstract PDF  IJIRMET160204008

Shoulder Surfing Resistance Graphical Password Autentication V.D.Janani, V.Anwar, M .Ravi Sankar Abstract PDF IJIRMET160204008

We have proposed CaRP, a new security primitive relying on unsolved hard AI problems. CaRP is both a Captcha and a graphical password scheme. The notion of CaRP introduces a new family of graphical passwords, which adopts a new approach to counter online guessing attacks: a new CaRP image, which is also a Captcha challenge, is used for every login attempt to make trials of an online guessing attack computationally independent of each other. A password of CaRP can be found only probabilistically by automatic online guessing attacks including brute-force attacks, a desired security property that other graphical password schemes lack. Hotspots in CaRP images can no longer be exploited to mount automatic online guessing attacks, an inherent vulnerability in many graphical password systems. CaRP forces adversaries to resort to significantly less efficient and much more costly human-based attacks. In addition to offering protection from online guessing attacks, CaRP is also resistant to Captcha relay attacks, and, if combined with dual-view technologies, shoulder-surfing attacks. CaRP can also help reduce spam emails sent from a Web email service. Our usability study of two CaRP schemes we have implemented is encouraging. For example, more participants considered Animal Grid and Click Text easier to use than PassPoints and a combination of text password and Captcha. Both Animal Grid and Click Text had better password memo ability than the conventional text passwords. On the other hand, the usability of CaRP can be further improved by using images of different levels of difficulty based on the login history of the user and the machine used to log in. The optimal tradeoff between security and usability remains an open question for CaRP, and further studies are needed to refine CaRP for actual deployments.
Show more

11 Read more

A New Security Primitive Based On Hard Ai Problems- Captcha As A Graphical Password (Carp)

A New Security Primitive Based On Hard Ai Problems- Captcha As A Graphical Password (Carp)

We have proposed CaRP, a new security primitive relying on unsolved hard AI problems. CaRP is both a Captcha and a graphical password scheme. The notion of CaRP introduces a new family of graphical passwords, which adopts a new approach to counter online guessing attacks: a new CaRP image, which is also a Captcha challenge, is used for every login attempt to make trials of an online guessing attack computationally independent of each other. A password of CaRP can be found only probabilistically by automatic online guessing attacks including brute-force attacks, a desired security property that other graphical password schemes lack. Hotspots in CaRP images can no longer be exploited to mount automatic online guessing attacks, an inherent vulnerability in many graphical password systems. CaRP forces adversaries to resort to significantly less efficient and much more costly human-based attacks. In addition to offering protection from online guessing attacks, CaRP is also resistant to Captcha relay attacks, and, if combined with dual- view technologies, shoulder-surfing attacks. CaRP can also help reduce spam emails sent from a Web email service. Our usability study of two CaRP schemes we have implemented is encouraging. For example, more participants considered AnimalGrid and ClickText easier to use than PassPoints and a combination of text password and Captcha.
Show more

10 Read more

Safe validation of shoulder surfing using the concept of secret password with PassMatrix

Safe validation of shoulder surfing using the concept of secret password with PassMatrix

In registration phase, user has to register by giving his information such as userid, user name, password, valid e-mail id etc., and after giving this information, randomly three images will be assigned to the user, in those images he has to select the coordinate squares

5 Read more

NAVI: Novel authentication with visual information

NAVI: Novel authentication with visual information

Abstract— Text-based passwords, despite their well-known drawbacks, remain the dominant user authentication scheme implemented. Graphical password systems, based on visual information such as the recognition of photographs and / or pictures, have emerged as a promising alternative to the aggregate reliance on text passwords. Nevertheless, despite the advantages offered they have not been widely used in practice since many open issues need to be resolved. In this paper we propose a novel graphical password scheme, NAVI, where the credentials of the user are his username and a password formulated by drawing a route on a predefined map. We analyze the strength of the password generated by this scheme and present a prototype implementation in order to illustrate the feasibility of our proposal. Finally, we discuss NAVI’s security features and compare it with existing graphical password schemes as well as text-based passwords in terms of key security features, such aspassword keyspace, dictionary attacks and guessing attacks. The proposed scheme appears to have the same or better performance in the majority of the security features examined.
Show more

10 Read more

NAVI: Novel authentication with visual information

NAVI: Novel authentication with visual information

However, if a user chooses his own password he would choose an easy-to-remember password rather than a random one. Let us assume that the user chooses a word from the English language. The exact number of the English words is nearly impossible to define accurately, and it is equally hard to estimate the words a human individual can remember. However, it is hard to argue that a human will be capable of memorizing and using more than 200.000 words, even in an over-optimistic scenario where the end user is a genius. In this case the attackers will have a 1/200.000 chance that any single guess would match the given password. An attacker that has some additional information of his target can launch a more targeted guessing attack that will consist of words like the target’s name, maiden name, city of birth, country, city and address of residence etc.
Show more

10 Read more

Implementing Authentication, Authorization and Access Technique using Session Password with Pair based Scheme

Implementing Authentication, Authorization and Access Technique using Session Password with Pair based Scheme

Once the user has logged-out from that session., the password entered for the earlier time gets lost. Now, when the user is logging-in for the next time he has to make the working as like earilier. But for this time the keyboard generated to entered his password gets shafaled and hence, the combination of word ‘suraj’ is also gets changed. It will provide the security form the dictonary attack, shoulder surfing attack and some possible network attacks also. In this way, we are successfully perform the machanism of AAA – Authentication, Authorication and Access in our implemented software application for online banking where security is the formost requirement.
Show more

5 Read more

Show all 10000 documents...