Top PDF HoneyPass: A Shoulder Surfing Resistant Graphical Authentication System using Honeypot

HoneyPass: A Shoulder Surfing Resistant Graphical Authentication System using Honeypot

HoneyPass: A Shoulder Surfing Resistant Graphical Authentication System using Honeypot

Shoulder Surfing attack is a direct observation approach where the shoulder surfer steals the user's Personal Identification Number (PIN), passwords by looking over his shoulder. [2,3] It commonly happens in public transports while the victim is commuting which involves a smart phone in almost all cases. A good example is shoulder surfing at ATMs, a crime in which a suspect watch over the victim's shoulder as he punches in his PIN number. The ATM screen asks for another transaction when the customers complete theirs. Some customers fail to notice the prompt and walk away leaving it on the screen. In this way, the thief enters the stolen PIN and pretends to be the user. But the phenomenon of shoulder surfing is not widely known. [4] Users tend to use the strategies such as hiding the device screen, shielding the device with their hand etc. However, by observing, one cannot get a hold with most of the victim’s detailed biodata such as information about his relationships, sexual preferences, interests, hobbies, and login data. Hence, the damage shoulder surfing can cause is widely unknown. [5].
Show more

11 Read more

S3PAS:A Scalable Shoulder-Surfing Resistant Textual-Graphical Password Authentication Scheme

S3PAS:A Scalable Shoulder-Surfing Resistant Textual-Graphical Password Authentication Scheme

The most common user authentication method is the text-based password scheme that a user enters a login name and a password. The vulnerabilities of this method have been well known. Users tend to pick short passwords or passwords that are easy to remember [1], which makes the passwords vulnerable for attackers to break. To resist brute-force search and dictionary attacks, users are required to use long and random passwords. Unfortunately, such pass-words are hard to remember. Furthermore, textual password Graphical password schemes have been proposed as a possible alternative to text-based schemes, motivated par-tially by the fact that humans can remember pictures bet-ter than text [8]. In addition, the possible password space of a graphical password scheme may exceed that of text-based schemes and thus presumably offer higher level of security. It is also difficult to devise automated attacks for graphical passwords. As a result, graphical password schemes provide a way of making more human-friendly passwords while increasing the level of security. Due to these advantages, there is a growing interest in graphical password. However, existing graphical passwords are far from perfect. Typically, system requirements and com- munication costs for graphical passwords are significantly higher than text-based passwords. In addition, few graph-ical systems support keyboard inputs. More importantly, most current graphical passwords are more vulnerable to shoulder-surfing attacks than textual passwords.
Show more

6 Read more

DIGITAL LOCK: A HYBRID AUTHENTICAIONMr. Dipak P. Umbarkar1, Prof. Megha singh2

DIGITAL LOCK: A HYBRID AUTHENTICAIONMr. Dipak P. Umbarkar1, Prof. Megha singh2

Wiedenbeck et al. [4] proposed in 2006, the Convex Hull Click Scheme (CHC) as a better version of the Triangle scheme with greater safety and usability. To login the system, the user has to face some challenges. In each challenge, the user has to choose three pass-icons displayed on the login screen, and then click inside the imperceptible convex hull designed by all the showed pass-icons. But, the login time of Convex-Hull Click scheme may be too extensive. In 2009, Gao et al. [5] proposed another shoulder surfing resistant graphical password scheme i.e. Color Login. In which the background color is a practical issue for decreasing the login time. Still, the possibility of accidental login of Color Login is password space is too small and too high. In 2009, Yamamoto et al. [10] proposed a shoulder surfing resistant graphical password scheme, TI-IBA, in which icons are presented spatially and temporally. TI-IBA is less guarded by the screen size and easier for the user to find his pass-icons. Fatefully, TI-IBA’s resistance to accidental login is not tough. And, it may be problematic for some users to find his pass-icons temporally displayed. As most users are awake with word-based passwords and conventional text-based password authentication schemes resistance to shoulder surfing. Sreelatha et al. [13], in 2011, also proposed a text and color based shoulder surfing resistant graphical password scheme. In this method user has to in remember the order of some colors. In the similar year, Kim et al. [14] also proposed a text based shoulder surfing resistant graphical password scheme, which employed an analysis method for accidental login resistance and shoulder surfing resistance to analyze the security of their scheme. Fatefully, the resistance of Kim et al.’s scheme to accidental login is not suitable. Rao et al. [16], in 2012, suggested a text-based shoulder surfing resistant graphical password scheme i.e. PPC. To login, the user has to mix his textual password to produce several pass-pairs, and then chase four predefined rules to get his session password on the login screen. The login procedure of PPC is too multipart and uninteresting. During registration user should rate colors that are shown in figure 2. The User should rate colors from 1 to 8 and he can recall it as “RLYOBGIP”. The same rating can be given to dissimilar colors. During the login phase, a one interface is showed based on the colors designated by the user. The size of grid is 8×8. This grid encloses digits 1-8 placed randomly in grid cells. The interface also contains strips of colors with four pairs of colors. Each pair of color signifies the row and the column of the grid.
Show more

7 Read more

DIGITAL PASSWORD SURVEYMr. Dipak P. Umbarkar1, Prof. Megha singh2

DIGITAL PASSWORD SURVEYMr. Dipak P. Umbarkar1, Prof. Megha singh2

At present predictable secret word patterns are subjected to eves dropping, dictionary attacks and shoulder surfing, numerous shoulder surfing unchanged graphical password patterns proposed. At the same time, the utmost public techniques used for authentication are textual passwords. A number of graphical password schemes that are planned in past years. A most of user’s used word-based passwords than pure graphical passwords, so we have proposed word- based graphical password schemes. Undesirably, none of existing schemes are create hybrid digital graphical password scheme. In this paper, we propose an improved mainly textual-based, numerical based shoulder surfing resistant and other attacks like social engineering resistant, eves dropping and dictionary attacks resistant graphical password by using colors. In the predictable scheme, the operator can robustly, simply and efficiently login system and observe the security, usability and resistance to various attack of the designed system.
Show more

6 Read more

PASSMATRIX  An Authentication System to Resist Shoulder Surfing Attacks

PASSMATRIX An Authentication System to Resist Shoulder Surfing Attacks

authentication method. Strong textual passwords are hard to memorize. To address the weakness of textual password graphical passwords are proposed. Click based or pattern based approaches are widely used techniques for mobile authentication system. Such textual and graphical passwords a scheme suffers from shoulder surfing attacks. Attacker can directly observe or can use video recorder or webcam to collect password credentials. To overcome the problem, shoulder surfing attack resistant technique is proposed. This technique contains pass-matrix. More than one image are used to set the password. For every login session, user needs to scroll circulatory horizontal and vertical bars. A password hint is provided to the user to select desired image password grid. Horizontal and vertical scroll bar covers the entire scope of pass-images. For password selection, password hint and horizontal and vertical scroll bar are used. The proposed technique is implemented on android platform. The system performance is measured using memorability and usability of a password scheme with respect to the existing technique.
Show more

6 Read more

Text Based Shoulder Surfing Resistant Using Graphical Password (CAPTCHA)

Text Based Shoulder Surfing Resistant Using Graphical Password (CAPTCHA)

combinations of bits, and would have no way of differentiating one from another. A very small, i.e. 100-byte, one-time- password encoded string considered for a brute force attack would literally reveal every 100-byte string possible, including the actual OTP as an answer, but with least probability. Here the analysis of one-time password algorithm for a secure transactions over network available today based on mobile authentication or email authentication is completed and also the analysis of the possible attacks over the one-time password algorithms have studied.In the existing (OTP) one-time password algorithm, java Mobile midlet is a client application and we further assume that the client application runs in client’s mobile phones/cellphones which will be able to receive one time passwords during login requests. A MIDlet is a java based application that makes use of the Mobile Information Device Profile (MIDP) of the technology called Connected Limited Device Configuration (CLDC) for the Java Mobile Environment (ME). Typical applications using MIDLets include games running on mobile devices or other handheld devices and cell phones which have small graphical displays, simple numeric or alphanumeric keypad interfaces and limited but allowable network access over HTTP. The whole design resembles the two prime protocols used by Java system. Initially, the user has to download the clients (Java MIDlet) to his mobile phone or other handheld devices. Then the client application can executes a request to register with both the server and the service provider utilizing server system for generating OTP and user authentication. Post successful execution of user activation request, the user can run the authentication request in future for an unlimited number of times.
Show more

6 Read more

A Sophisticated Approach to Graphical Password

A Sophisticated Approach to Graphical Password

As the mobile marketing statistics compilation by Danyl, the mobile shipments had overtaken PC shipments in 2011, and the number of mobile users also overtaken desktop users at 2014, which closed to 2 billion. However, shoulder surfing attacks have posed a great threat to users’ privacy and confidentiality as mobile devices are becoming essential thing in modern life. People may log into web services and apps in public to access their personal accounts with their smart phones, tablets or public devices, like bank ATM. Shoulder-surfing attackers can observe how the passwords were entered with the help of reflecting glass windows, or alone monitors hanging everywhere in public places. Passwords are exposed to risky environments, even if the passwords themselves are complex and secure. A secure authentication system need to be able to defend against shoulder surfing attacks and should be applicable to all kinds of devices. Authentication schemes in the literature such as those in [6] are resistant to shoulder-surfing, but they have either usability limitations or small password space. The limitations of usability include issues such as taking more time to log in, passwords being too difficult to recall after a period of time, and the authentication method being too complicated for users without proper education and practice. In 2006, Wiedenbeck et al. proposed PassPoints [5] in which the user picks up several points (3 to 5) in an image during the password creation phase and re-enters each of these pre-selected click-points in a correct order within its tolerant square during the login phase. Comparing to traditional PIN and textual passwords, the Pass- Points scheme substantially increases the password space and enhances password memorability. Unfortunately, this method of graphical authentication scheme is vulnerable to shoulder surfing attacks. Hence, based on the PassPoints, we implement the idea of using one-time session passwords and PassMatrix authentication system that is resistant to shoulder surfing attacks.
Show more

5 Read more

Graphical password schemes design: enhancing memorability features using autobiographical memories

Graphical password schemes design: enhancing memorability features using autobiographical memories

Shoulder- surfing problem is an attack in which the intruder can observe the passwords, PINs or other protected information by observing the owner or victim through his/her shoulder or other spying devices such as binoculars and video camera while the password is being used on the computer or at the terminal for authentication . The main aim of the intruder for this attack is to use the observed credentials for illicit transactions in order to impersonate the real owner (the victim) afterwards. The root cause of this drawback is due the fact that users enter their secrets directly to some poorly designed user interface in a way that is easy for intruder to gain knowledge of the secret via observation. To surmount this problem during authentication, a number of shoulder-surfing resistant techniques were proposed as helpful solutions to protect the user’s secret from being observed for illicit usage. To protect recall-based graphical password systems such Draw-A-Secret and Background Draw-A-Secret DAS from shoulder surfing, three techniques which include decoy Strokes defense, disappearing Strokes, and line Snaking were proposed [10]. These techniques are used during a login procedure as a means of distracting shoulder surfer away from capturing the correct password drawn by the user for security reason. Decoy Strokes defense technique allows user to draw many passwords of which only one is authentic user’s password. In disappearing stroke defense, the user stroke is being removed from the screen after it has been drawn. The idea behind is to make it difficult for attacker to store the image to memory. While line Snaking technique is based on the disappearing stroke solution but was intended to leave the vital
Show more

7 Read more

A Comprehensive Survey On Graphical Passwords And Shoulder Surfing Resistant Technique Analysis

A Comprehensive Survey On Graphical Passwords And Shoulder Surfing Resistant Technique Analysis

The alphanumeric password has been part of the authentication process for a very long time. The most common computer authentication method is for a user to submit a user name and a text password. One of the main problems is the difficulty of remembering passwords. Studies have shown that users tend to pick short passwords or passwords that are easy to remember. Unfortunately, these passwords can also be easily guessed or broken. However, this simple and ubiquitous technology has some well-known usability problems especially on the memorability aspect. The humans ability to remember pictures better than text has been well documented in numerous cognitive and psychological studies that are graphical passwords [1]. As a result, much research has been inspired in both the security and Human Computer Interaction communities in recent years to explore graphical authentication systems as an alternative or an enhancement to text passwords. As the name implies, graphical authentication uses graphics (pictures, icons, faces etc.) instead of the common used text strings.
Show more

7 Read more

A Shoulder Surfing Resistant Graphical Password System             

A Shoulder Surfing Resistant Graphical Password System             

In our proposed system in order to provide more security to the existing authentication methods, in each page where all images within each category are shown, the false image (not my password) is added automatically. This image can be replaced with one of the images in each category. Since the user is aware of the selected image in each category, if the known image is available, he can pick out the correct image, otherwise, he takes the false image. In order to make the process to be more complex for the attacker, a random category will be added between selected categories. In this example, since the pet category was not selected by the user as part of his password in the registration step, he must select the false image to ignore this category. However, this category can be considered as the real image category by an attacker who watches the user authentication process, since the user selected an image from this category. After the graphical password will be validated, then the system will automatically direct the user to the appropriate web page (user profile). To this end, it can prevent shoulder-surfing attack by pretending that the selected image (false image) is one of the images that user selected as his password.
Show more

5 Read more

A Survey On Resisting Shoulder Surfing Attack Using Graphical Password

A Survey On Resisting Shoulder Surfing Attack Using Graphical Password

In order to protect users’ digital property, authentication is required every time they try to access their personal account and data. However, conducting the authentication process in public might result in potential shoulder surfing attacks. Even a more complex password can be cracked easily through shoulder surfing. Using traditional textual passwords or PIN method, users need to type their passwords to validate themselves and thus these passwords can be revealed easily if someone peeks over shoulder or uses video recording devices such as cell phones or google glass. To overcome this problem, we proposed a shoulder surfing resistant authentication system based on graphical passwords, named PassMatrix and PairBased. Using a one-time login indicator per image, users can point out the location of their pass-square without directly clicking or touching it, which is an action vulnerable to shoulder surfing attacks. Because of the design of the horizontal and vertical bars that cover the entire pass image, it offers no clue for attackers to narrow down the password space even if they have more than one login records of that account.
Show more

5 Read more

A Shoulder Surfing Resistant Image Augmented Multi Password Authentication System with Key Store Time Log in & Coordination Comparison

A Shoulder Surfing Resistant Image Augmented Multi Password Authentication System with Key Store Time Log in & Coordination Comparison

Graphical password schemes have been proposed as a possible alternative to text-based schemes, the psychological studies which supports the fact that humans can remember pictures better than text. Pictures are generally easier to be remembered or recognized than text. Input devices such as mouse, stylus and touch screen that permit make the appearance of graphical user technique possible. Graphical passwords are applied to workstations, web log-in applications, TM machines and mobile devices. Shoulder surfing refers to using direct observation techniques, such as looking over someone’s shoulder, to get information. Shoulder surfing is effective in public places because standing near someone and watch them entering a PIN number at ATM machine is nearly very easy. This attack is also possible at long distance using binoculars or vision enhancing devices like miniature closed circuit cameras
Show more

5 Read more

Password Authentication by graphical And Keylogging-Resistant Visual System

Password Authentication by graphical And Keylogging-Resistant Visual System

Now a days, due to advancements in technology, it is easier to hack into various kinds of computer systems. We live in era marked by technological advancements. Due to this, people have started using net banking and other critical services on their mobiles, tablets, etc. Because of this , they are exposed to environments where adversaries can steal their passwords by using various methods. Cyber-security is not a recent topic. In fact, there have been many researches and many techniques have been implemented to achieve security. But, still many people face problem pertaining to cyber thefts. We try to tackle and eventually eliminate issues such as shoulder surfing, smudge attack, dictionary attack and brute force attack. The graphical password works by having the user select from images, in a specific order, presented graphical user interface. For this reason it is also called as Graphical user authentication (GUA). It can be categorized in two ways
Show more

6 Read more

Constrain Identification Resistant Graphical Authentication Scheme

Constrain Identification Resistant Graphical Authentication Scheme

Abstract: Graphical scheme is commonly used for authentication but this scheme is vulnerable to dictionary attack, shoulder surfing attack, accidental login. Hence the text-based shoulder surfing resistant graphical password schemes is proposed. This proposed system based on partially identification attacker model is partially observe the login procedure. Classical PIN entry is a popular scheme is greatly balances the usability as well as security aspects of a system. .A personal identification number (PIN) entered in to numeric password in mobile and stationary systems. The Shoulder Surfing Attack (SSA) becomes great unease. The Session key mechanism is proposed the proposed system introduces number of Virtual Random Keyboard and a secure intellectual OTP and LTP methods for securing the authentication at a higher level. Thus the proposed system provide user securely login without any attack probability by multiple level security and advanced attack preventing system. Our results demonstrate that gaze-based password entry requires marginal additional time over using a keyboard error rates is similar to every keyboard and subjects preferred the gaze-based password entry approach over traditional methods.
Show more

9 Read more

Implementation of Graphical Authentication System for Shoulder Surfing Attacks

Implementation of Graphical Authentication System for Shoulder Surfing Attacks

To overcome this problem, we proposed a shoulder surfing resistant authentication system based on graphical passwords, named Pass Matrix. Using a one-time login indicator per image, users can point out the location of their pass-square without directly clicking or touching it, which is an action vulnerable to shoulder surfing attacks. Because of the design of the horizontal and vertical bars that cover the entire pass-image, it offers no clue for attackers to narrow down the password space even if they have more than one login records of that account.
Show more

9 Read more

Secured Hybrid Authentication Schemes using Session Password and Steganography

Secured Hybrid Authentication Schemes using Session Password and Steganography

ABSTRACT: The most common method is textual passwords that were used for authentication. Unfortunately, these passwords can be easily guessed or cracked. The next best techniques are graphical passwords. Since, there are many graphical password schemes that are proposed in the last decade, But most of them suffer from shoulder surfing which is also a big problem. Also, there are few graphical passwords schemes that have been proposed which are resistant to various attacks. In this paper two new authentication schemes are proposed with steganography algorithm for any transaction . Any authentication process gets very secure when two or three techniques used together for a system. For every login process, user input different passwords. We proposed two different shoulder surfing resistance graphical password authentication scheme methods one is AS3PAS and second is hybrid textual scheme using color code also Advanced LSB which removes the drawback of simple LSB that it supports all image format.
Show more

7 Read more

A Survey on Shoulder Surfing Resistant Graphical Authentication Systems

A Survey on Shoulder Surfing Resistant Graphical Authentication Systems

In Pass Matrix, users choose one square per image for a sequence of n images rather thann squares in one image as that in the Pass-Points scheme. Based on the user study ofCued Click Points. However, aiming at alleviating shoulder surfing attacks, we do notrecommend this approach since the feedback that is given to users might also be obtainedby attackers. Due to the fact that people do not register a new account or set up a newscreen lock frequently, we assume that these setup events can be done in a safe environmentrather than in public places. Thus, users can pick up pass- squares by simple touching at or clicking on them during the registration phase.
Show more

5 Read more

Implementation of Passmatrix Based Shoulder Surfing Resistant Graphical Authentication System

Implementation of Passmatrix Based Shoulder Surfing Resistant Graphical Authentication System

Although the PassMatrix prototype was implemented on an Android system it can be applied to a wide range of authentication scenarios. For instance user signup and login in Windows 8, email accounts login on web browser, and application login/ unlock on Android OS. It can also be applied to any client device such as personal computers, laptops, tablets, mobile phones, or bank ATM due to the fact that the method of authentication is simple and secure the entire authentication process can be completed by only touching or clicking on the screen. In our implementation, we assumed that users download an application from Google Play and register an account for later login to use the service. Since Android is an open source operating system based on Linux kernel and is widely used in mobile devices such as tablet PCs and smart phones, we implemented a PassMatrix prototype on Android and carried out user experiments to evaluate its usability.
Show more

8 Read more

REVIEW ON COLOR PASSWORD TO RESIST SHOULDER SURFING ATTACK

REVIEW ON COLOR PASSWORD TO RESIST SHOULDER SURFING ATTACK

In 2002, to reduce the shoulder surfing attack, Sobrado and Birget [3] proposed three shoulder surfing resistant graphical password schemes, the Movable Frame scheme, the Intersection scheme, and the Triangle scheme. But from all this schemes, the Movable Frame scheme and the Intersection scheme fail frequently in the process of Authentication. In the Triangle scheme, the user has to select and memorize several pass icons as his password. To login the system, the user has to correctly pass the predetermined number of challenges and in every challenge, the user has to find three pass-icons from a set of randomly chosen icons displayed on the login screen, and then click inside the invisible triangle created by those three pass- icons.
Show more

7 Read more

A SHOULDER SURFING RESISTANT GRAPHICAL AUTHENTICATION SYSTEM

A SHOULDER SURFING RESISTANT GRAPHICAL AUTHENTICATION SYSTEM

To overcome the disadvantages of textual password we proposed the graphical password in a banking sector as a real time scenario. Graphical password and a virtual keyboard shuffling method is used to protect the traditional password attacks while we using textual password. Our proposal system overcomes the disadvantages of textual password attacks. Due to encryption of our data additional security will be provided.

8 Read more

Show all 10000 documents...