The present diploma paper discusses the field of authentication and cryptol- ogy as a tool for authentication. The mostly used classic ways of authen- tication are presented, which are often also the most vulnerable ones. The mostly used way of authentication is the one with a username and a pass- word. As people are required to create new passwords for different webpages, they are soon sated with the big amount of them, while the passwords get bad and vulnerable, because of the great number people have to remember. To solve this problem, a web application has been developed which enables authenticationwithout a password, by using the Bitcoinsystem. The users authenticate themselves with the Bitcoin address. Thus the user does not have to remember a great number of passwords anymore, while a certain amount of anonymity at login is also possible.
Abstract — a graphical password is an authenticationsystem that works by having the user select from images, in a specific order, presented in a Graphical User Interface (GUI). The most common computer authentication method is to use alphanumerical usernames and passwords. This method has been shown to have significant drawbacks. For example, user tends to pick a password that can be easily guessed .On the other hand, if a password is hard to guess, and then it is often hard to remember. In this paper, we conduct a comprehensive survey of the existing graphical password techniques and proposed a new technique. We discuss the strengths and limitations of each method and point out the future research directions in this area. And also major design and implementation issues are clearly explained. The main advantage of this method is it is difficult to hack. For example, .If there are 100 images on each of the 8 pages in a 8-image password, there are 100^8 or 10 quadrillion (10,000,000,000,000,000), possible combinations that could form the graphical password .if the system has the built-in delay of only 0.1 second following the selection of each image until the selection of the next page, it would take millions of years to break into the system by hitting it with random image sequences .therefore hacking by random combination is impossible.
A graphical password is easier than a text-based password for most people to remember. Graphical passwords may offer better security than text-based passwords because many people, in an attempt to memorize text-based passwords, use plain words (rather than the recommended jumble of characters). A dictionary search can often hit on a password and allow a hacker to gain entry into a system in seconds. But if a series of selectable images is used on successive screen pages, and if there are many images on each page, a hacker must try every possible combination at random. If there are 100 images on each of the 8 pages in an 8-image password, there are 100 8 , or 10 quadrillion (10,000,000,000,000,000), possible combinations that could form the graphical password! If the system has a built-in delay of only 0.1 second following the selection of each image until the presentation of the next page, it would take (on average) millions of years to break into the system by hitting it with random image sequences.
The most common computer authentication method is to use alphanumerical usernames and passwords. This method has been shown to have significant drawbacks. For example, user tends to pick passwords that can be easily guessed. On the other hand, if a password is hard to guess, then it is often hard to remember. In this paper, we present a new security primitive based on hard AI problems, namely, a novel family of graphical password systems built on top of Captcha technology, which we call Captcha as graphical passwords (CaRP). CaRP is both a Captcha and a graphical password scheme. CaRP addresses a number of security problems altogether, such as online guessing attacks, relay attacks, and, if combined with dual-view technologies, shoulder-surfing attacks. Notably, a CaRP password can be found only probabilistically by automatic online guessing attacks even if the password is in the search set. CaRP also offers a novel approach to address the well-known image hotspot problem in popular graphical password systems, such as PassPoints, that often leads to weak password choices. CaRP is not a panacea, but it offers reasonable security and usability and appears to fit well with some practical applications for improving online security.
password, or memorizing and entering all necessary information (such as secu- rity questions) to reset. Another participant shared his experience when he lost the paper where he noted a password for a site and wanted to reset the pass- word. Unfortunately, he needed to follow a long official password reset procedure because of system requirements (e.g., personal application was required and he waited for a week). He stated that everything would be easier if he could use a secure SPA system that minimizes password remembering problems. Similar comments support that SPA systems are easing the burden on users by requiring them to remember only one password (in addition to the cryptographic benefits they provide such as provable security against offline dictionary attacks). In the light of these comments, we recommend that the SPA systems should investigate how a secure single password reset can be efficiently carried out.
Here, a graphical passwordsystem with a supportive sound signature to increase the remembrance of the password is discussed. In proposed work a click-based graphical password scheme called Cued Click Points (CCP) is presented. In this system a password consists of sequence of some images in which user can select one click-point per image. In addition user is asked to select a sound signature corresponding to click point this sound signature will be used to help the user to login. System showed very good Performance in terms of speed, accuracy, and ease of use. Users preferred CCP to Pass Points, saying that selecting and remembering only one point per image was easier and sound signature helps considerably in recalling the click points.
In a password-based threshold authentication (PbTA) system, there are n servers and any number of clients. PbTA is naturally split into four phases: (i) during a global set-up phase, a master secret key is shared among the servers, which they later use to generate authentication tokens, (ii) in the registration phase, a client C computes sign-up messages (one for each server) based on its username and password and sends them to the servers. Each server processes the message it receives and stores a unique record for that client. (iii) in the sign-on phase, a client initiates authentication by sending a request message that incorporates its username/password and additional information to be included in the token. Each server computes a response using its record for the client. This response contains shares of the authentication token the client eventually wants to obtain. If client’s password is a match he is able to combine and finalize the token shares into a single valid token for future accesses. (iv) The finalized token can be verified using a verification algorithm that takes a public or private (depending on the token type) verification key to validate that the token was generated using the unique master secret key. The verification process can also be distributed among multiple servers (may be required for MAC-based tokens) but for simplicity we use a centralized verification phase.
In this user have to be compelled to establish, acknowledge secret created before . Recognition primarily based authentication is employed in graphical secret. Typically this system is not use way primarily based authentication is employed in graphical secret. Typically this system is not use way more as recall primarily based is employed .still each recall based mostly and recognition based authentication techniques having some drawbacks and limitation after area unit used severally or used single authentication theme at a time. To beat these drawbacks and limitations of antecedently existing authentication schemes. We have introduced a replacement authenticationtheme that is predicted on antecedently existing schemes. This authentication theme is predicted on combination of passwords known as “3D Password” that may be a multifactor theme uses combination of higher than mentioned theme furthermore as biometric and several alternatives schemes.All these schemes area unit enforced in virtual objects through that user interacts with. The interaction with 3D atmosphere changes as per user changes.The 3D secret is built by observant the actions and interactions of the user and by observant the sequences of such actions.
In today’s world, security is important aspect in day to day life .So, everyone used various ways for security purpose. People use passwords for their security .Generally, everyone uses textual password. Textual password is combination of alphabets and numbers. People keep textual password as name of their favorite things, actors or actress, dish and meaningful word from dictionary. But the person who is very close to that person can easily guess the password. Graphical password is advanced version of password. Graphical passwords have received considerable attention lately as Potential alternatives to text-based passwords. Graphical password is composed of images, parts of images, or sketches. These passwords are very easy to use and remember. To overcome the Drawbacks of previously existing authentication technique. We present A new improved authentication technique , This authentication Scheme is called as “ voiced 3D password”. The voiced 3D password is multi- password & multi-factor authenticationsystem as it uses a different authentication techniques such As textual password , sound password, graphical password , biometrical password . Most important part of 3d password scheme is inclusion of 3D virtual environment. We proposed that user first can write him/her user name and textual password and then the program provide a studio for choosing the specific sound , then passed to 3D virtual environment . Shoulder-suffering attack is still can affect the schema of 3D password , so we add the Voiced 3D password to reduce that affect .
Keystroke dynamics refers to the timing information associated with key-press events. Two types of key-press events are usually used in modeling keystroke dynamics, including (a) key-down event (KD): a user presses a key and (b) key- up event (KU ): a user releases a key. One or more possible keystroke timings associated with consecutive key-press events, e.g., KD-KU time and KD-KD time, are considered as keystroke dynamics features in [ 6 ] and shown in Fig. 1 . Keystroke dynamics features have been used to identify and authenticate users on both hardware keyboards [ 1 , 5 , 17 ] and software keyboards [ 13 , 14 ]. However, Meng et al. [ 9 ] revealed that a training interface can be set up to help attack- ers imitate users’ keystroke dynamics, which makes it unsafe to use keystroke dynamics for user authentication. Because keystroke dynamics contains only the timing information about users’ keystroke, it is possible for an attacker to imitate a user’s keystroke via a training interface. To address this problem, we model a user’s typing behavior using both acceleration data and angular velocity data from the user’s smartwatch. It is diﬃcult for an attacker to imitate a user’s typing behavior in our model without accessing the victims’ smartwatch sensor data.
ABSTRACT: Nowadays computer system access uses alphanumerical password. Such password hard to remember due to its length (long) or sometime it is randomly generated. Short and simple passwords may lead to vulnerability as well as write password in text file and put it in insecure place (drawer) which is also highly vulnerable. To overcome it, we introduce passwords which make use of graphical,such as images. Humain brain are more supportive to pictures rather then text. So such password easy to remember to use.
From the beginning of computing, knowledge-based authentication (KBA) has been the most commonly used technique to provide users accessing to computer systems securely. It seems it will remain predominant for more years to come. Despite KBA schemes’ popularity, they have many known usability problems which have not yet been entirely solved. According to a study, a user has on average 25 online password-required accounts and uses eight passwords per day (Florencio and Herley, 2007). As users are expected to use different passwords for each account to avoid security failures, it is difficult for the brain to remember many discrete sets of illogical and random bits of information and then associate each set with which account. The user’s response to this situation is generally adopting strategies such as choosing weak passwords or writing them down, which ultimately undermine the security of the systems they use (Klein, 1990). Some methods are used to replace this subversive behaviour with appropriately suitable behaviour for authentication (Wood, Bruner and Ross, 1976). These methods aim to direct user behaviour by implementing strict password creation guidelines (Inglesant and Sasse, 2010), proactive password checkers (Yan, 2001) or password expiry (Zhang, Monrose, Reiter, 2010), to ensure a high security level. However, recent research shows that these advices, measures or system features don’t always work as expected. They sometimes have negative effects upon usability and security, contrary to designers’ intentions. Where users are forced unreasonable constraints, they may more likely adopt insecure workarounds which are easy to use for them (Proctor et al., 2002). As it is well known, users mostly don’t follow the strict security guidelines prescribed within KBA schemes (Zviran and Haga, 1993). Both system administrators and end-users struggle with the scenario where it is difficult to balance the security and usability of the authenticationsystem. Although compromising one of them leads more threatening scenarios, the system needs to be sustained somehow. This shows that the current forms of KBA schemes which are unable to offer solutions to current socio-technical authentication problems, have to be abandoned in the future (Kotadia, 2004). Thus, it is inevitable to reform the existing KBA schemes.
Abstract—Providing Authentication to any system leads to provide more security to that system. There are many authentication techniques are available, Such as textual password, Graphical password, etc. but each of this individually having some limitations & drawbacks. To overcome the Drawbacks of previously existing authentication technique a new improved authentication technique is used, this authentication Scheme is called as 3D password. The 3D password is multi-password & multi-factor authenticationsystem as it uses a various authentication techniques such As textual password, Graphical password etc. Most important part of 3d password scheme is inclusion of 3d virtual environment. 3d virtual environment is virtual environment which is consisting of real time object scenarios. It is not actual real time environment, it is just user interface provided to scheme which looks like same as real environment. 3d password is more secure authentication scheme than any other authentication techniques because this authentication scheme is more advanced than any other schemes. Also this scheme is hard to break & easy to use. In this paper we have introduced our contribution towards 3D Password to become more secure & more user friendly to users of all categories. This paper also explaining about what is 3D password?, working of 3D password scheme, some mathematical concept related to 3D password, applications of scheme etc. all these concepts are briefly introduced & explained in this paper as per section wise.
Software requirement, hardware requirement, server, storage of data, infrastructure are the various internet based on demand services provided by the cloud computing To provide privacy services to the intended customer, it is a better option to use multi dimensional password generation and authentication technique. This technique helps in generating the password in a large no of dimensions of organization so that the secure transaction or any business related strategies are carried out with secure authentication as we generated a secure and strong passwords so that it can not be hacked by the hackers as the multidimensional password is difficult to hack because of its different factors and it also has different arrangement so the hacker gets confused.
Access to computer systems is most often based on the use of alphanumeric passwords. Though, users have difficulty remembering a password that is long and random-appearing. Instead, they create short, simple, and insecure passwords. Graphical passwords have been designed to try to make passwords more memorable and easier for people to use and, therefore, more secure. Using a graphical password, users click on images rather than type alphanumeric characters.
When the complexity of CaRP images gets beyond a certain point, humans may need a significant amount of time to recognize the characters in a CaRP image and may get frustrated. The optimal alphabet size for a CaRP scheme such as ClickText remains an open question. It is possible to use a fixed subset of the alphabet to generate CaRP images for a user if the server receives her user ID before sending an image. In this case, the authentication server allows a user to create her password from the full alphabet.
Abstract: Passwordauthenticationsystem is a very important factor for every system which needs to be secure. Every password is easy to crack and people are looking for a strong password to their systems. Here we use a passwordauthenticationsystem that is designed for high security and could be easily put into old system. In our frame work we are using cryptographic representation for converting location point into coordinates. Our primary aim is to prevent hacking through all kinds of brute force algorithms. It is concerned with including client’s geographical location as an important authentication factor to enhance security. Techniques to integrate location as an authentication factor as well as techniques to generate location based cryptographic keys are reviewed and discussed .Most importantly our system combine graphical user authentication and location coordinates .Existing system was vulnerable to dictionary attack algorithm and salt data algorithm ,so efforts are been taken to generate non repeatable graphical user interface system using coordinates .
The locus of traditional software engineering is system-specific with consideration for the customary ergonomic aspects of the users’ environments, with little or no regard for the multiplicity of other systems and accounts managed by those users. One principal concept of both systems and software engineering is scalability, i.e., can a specific solution to a problem continue to perform effectively when it is increased in proportion to its increased use or spread. In the case of the user authentication process, the concept of user IDs and passwords is technically scalable. Limitations of human cognitive function and memory, however, create exogenous barriers to scalability. Users are faced with an ever-increasing task of managing account names and passwords, and are building their own methods to address this problem. Yellow sticky notes, lists in wallets, re-use of passwords across systems, key fobs that store passwords, and personal “password books” are all methods for addressing memory limitations with respect to passwords.
Inspite of many efforts taken nowadays security threats existing, so using just single level authentication factors is not sufficient to ensure security. In this paper, an idea is to implement three levels of security for authenticating for true users. The effort is taken to resist shoulder surfing attack through the text based graphical password which constitutes first level of authentication. The unique one-time password (received through registered email id of authentication) forms the second level of authentication. Third level uses a smartcard containing the unique token (this card is given to the user either directly or through post (to the address given by user during registration)). These three levels of password in securing the resources from unauthorized use.
Despite the common belief that non-dictionary passwords are the most secure type of password-based authentication; the results demonstrate that it is in fact the most vulnerable configuration to shoulder-surfing. This result is unexpected, but possibly explainable. A major finding from the study is that secure and usable authentication might be possible when considering shoulder-surfing risks, but that configuration for data entry (i.e., mouse versus numeric keypad) is an important consideration for graphical passwords like Passfaces. Finally, these findings call into question the notion that non-dictionary passwords are universally “better” than dictionary passwords. The risk mitigation from password choice clearly depends on the nature of the attack . Future Work: The non-dictionary passwords, being highly vulnerable to shoulder-surfing attacks is a finding that calls for further investigation. Future studies may investigate shoulder-surfing methods used by real hackers (for example multiple cameras or other equipment) as well as investigation of circumstances for most popular shoulder-surfing environments (work, public access points, etc.) Moreover, further studies may focus on typing speed and possible training effects from long-term use of passwords (both dictionary and non-dictionary) to better establish the impact of long-term use of passwords on their shoulder-surfing vulnerability .