Top PDF Shoulder Surfing Resistant Graphical Authentication Scheme for Web Based Applications

Shoulder Surfing Resistant Graphical Authentication Scheme for Web Based Applications

Shoulder Surfing Resistant Graphical Authentication Scheme for Web Based Applications

Graphical based authentication is a type of knowledge based authentication which uses images/picture to assist users in generating a more robust password (Suo, Zhu & Owen, 2005). Due to its picture superiority which according to Paivio in 1991 claimed that pictures are dually encoded and this is an advantage over words. While words are merely encoded verbally, pictures produce both a verbal code and an image code because participants are more likely to hold a label for pictures than to imagine words. Having two types of codes tagged to the pictures allow a greater chance of retrieval during a memory task (Paivio 1991). In addition, classic cognitive science experiment conducted have shown that humans have a strong memory ability for images. The experiment showed a recognition performance exceeding 90%, indicating retention of over 2,000 items, even when up to 3 days elapsed between learning and testing (Standing, Conezio, & Haber, 1970).
Show more

13 Read more

Implementation of Graphical Authentication System for Shoulder Surfing Attacks

Implementation of Graphical Authentication System for Shoulder Surfing Attacks

With the increasing trend of web services and apps, users are able to access these applications anytime and anywhere with various devices. However, conducting the authentication process in public might result in potential shoulder surfing attacks. Even a complicated password can be cracked easily through shoulder surfing. Using traditional textual passwords or PIN method, users need to type their passwords to authenticate themselves and thus these passwords can be revealed easily if someone peeks over shoulder or uses video recording devices such as cell phones.
Show more

9 Read more

DIGITAL LOCK: A HYBRID AUTHENTICAIONMr. Dipak P. Umbarkar1, Prof. Megha singh2

DIGITAL LOCK: A HYBRID AUTHENTICAIONMr. Dipak P. Umbarkar1, Prof. Megha singh2

At present conventional secret word patterns are exposed to dictionary attacks, eves dropping and shoulder surfing, numerous shoulder surfing unaltered graphical password patterns proposed. On the other hand, Textual passwords are the utmost public technique used for authentication. There are several graphical password schemes that are planned in the past years. Most users are used word-based passwords than untainted graphical passwords sentence or word-based or character based graphical password schemes have been proposed. Undesirably, none of existing schemes are create graphical lock to resisting the impersonation. The shoulder surfing resistant and other attacks like eves dropping, dictionary attacks, and social engineering attack on text and character are improved by this paper by using colors. In the expected scheme, the operator can robustly, cleanly and professionally login system and inspect the security and usability of the planned system and show the resistance of the proposed scheme to unintended login.
Show more

7 Read more

A Pattern-Based Password Authentication Scheme for Minimizing Shoulder Surfing Attack

A Pattern-Based Password Authentication Scheme for Minimizing Shoulder Surfing Attack

In [25] proposed authentication scheme using text and colors for generating session password. Session password is a password that is used only once at a time. Once the session is terminating, the session password is no longer useful because for every login session; users must enter different passwords. Moreover, according to [2], the use of session password is very suitable for Personal Digital Assistants (PDA) because it is resistant to shoulder surfing attack. Session password is generated using grids and colors serve as an alternative authentication technique to reduce the drawback of textual password authentication. During registration phase, the user needs to submit his chosen password consisting of a minimum length of 8 passwords that is called as secret pass. The secret pass must contain an even number of characters because from this; the session passwords are generated. During the login phase, when the user enters his username, an interface that consists of alphabets and numbers in a grid size 6x6 is displayed. The characters are randomly placed on the grid, and the interface will change every time the user want to log in. Then, the user has to enter the password depend on upon their secret pass, and they must consider his secret pass in term of pairs. The
Show more

7 Read more

Text Based Shoulder Surfing Resistant Using Graphical Password (CAPTCHA)

Text Based Shoulder Surfing Resistant Using Graphical Password (CAPTCHA)

ABSTRACT: A Lot of security primitives are depend on more challenges and it will be resolved by some mathematical formulations. For security using high AI Problems and it’s become an evaluation for new pattern of security, but not explored well. In our studies we define Captcha as graphically password, graphically password system build on captcha technology mainly on hard AI problems we will present new security primitives. Captcha is combination of captcha and graphical password. CaRP is address multiple security issue like shoulder surfing attack, if combined with dual view technology, relay attack and online guessing attack. CaRP alone becomes inefficient to prevent all security, hence this paper makes a survey of the various security measures for secure password schemes and gives a clear picture of the efficiencies of the different techniques. For improving online security highly secure password offers usability and reasonable security and appears suit well with practical applications.
Show more

6 Read more

A Shoulder Surfing Resistant Graphical Password System             

A Shoulder Surfing Resistant Graphical Password System             

In our proposed system in order to provide more security to the existing authentication methods, in each page where all images within each category are shown, the false image (not my password) is added automatically. This image can be replaced with one of the images in each category. Since the user is aware of the selected image in each category, if the known image is available, he can pick out the correct image, otherwise, he takes the false image. In order to make the process to be more complex for the attacker, a random category will be added between selected categories. In this example, since the pet category was not selected by the user as part of his password in the registration step, he must select the false image to ignore this category. However, this category can be considered as the real image category by an attacker who watches the user authentication process, since the user selected an image from this category. After the graphical password will be validated, then the system will automatically direct the user to the appropriate web page (user profile). To this end, it can prevent shoulder-surfing attack by pretending that the selected image (false image) is one of the images that user selected as his password.
Show more

5 Read more

PASSMATRIX  An Authentication System to Resist Shoulder Surfing Attacks

PASSMATRIX An Authentication System to Resist Shoulder Surfing Attacks

authentication method. Strong textual passwords are hard to memorize. To address the weakness of textual password graphical passwords are proposed. Click based or pattern based approaches are widely used techniques for mobile authentication system. Such textual and graphical passwords a scheme suffers from shoulder surfing attacks. Attacker can directly observe or can use video recorder or webcam to collect password credentials. To overcome the problem, shoulder surfing attack resistant technique is proposed. This technique contains pass-matrix. More than one image are used to set the password. For every login session, user needs to scroll circulatory horizontal and vertical bars. A password hint is provided to the user to select desired image password grid. Horizontal and vertical scroll bar covers the entire scope of pass-images. For password selection, password hint and horizontal and vertical scroll bar are used. The proposed technique is implemented on android platform. The system performance is measured using memorability and usability of a password scheme with respect to the existing technique.
Show more

6 Read more

A Shoulder Surfing Resistant Graphical Verification System

A Shoulder Surfing Resistant Graphical Verification System

considered, in applications for PC security and insurance. Regardless, human exercises, for instance, picking unpleasant passwords and contributing passwords in an unverifiable way are seen as "the weakest association" in the affirmation chain. Rather than self-self-assured alphanumeric strings, customers tend to pick passwords either short or noteworthy for straightforward recognition. With web applications and convenient applications loading up, people can get to these applications at whatever point and wherever with various devices. This advancement brings magnificent solace yet also grows the probability of displaying passwords to hold up under surfing attacks. Aggressors can observe clearly or use external narrative contraptions to accumulate customers' accreditations. To vanquish this issue, we proposed a novel confirmation system PassMatrix, in perspective of graphical passwords to contradict hold up under surfing strikes. With a one-time considerable login marker and circulative level and vertical bars covering the entire degree of pass-pictures, PassMatrix offers no knowledge for attackers to comprehend or restrict the watchword even they coordinate various camera-based ambushes. We in like manner executed a PassMatrix demonstrate on Android and finished bona fide customer examinations to evaluate its memorability and usability. From the exploratory result, the proposed system achieves better security from bear surfing attacks while taking care of convenience.
Show more

9 Read more

Secured Hybrid Authentication Schemes using Session Password and Steganography

Secured Hybrid Authentication Schemes using Session Password and Steganography

ABSTRACT: The most common method is textual passwords that were used for authentication. Unfortunately, these passwords can be easily guessed or cracked. The next best techniques are graphical passwords. Since, there are many graphical password schemes that are proposed in the last decade, But most of them suffer from shoulder surfing which is also a big problem. Also, there are few graphical passwords schemes that have been proposed which are resistant to various attacks. In this paper two new authentication schemes are proposed with steganography algorithm for any transaction . Any authentication process gets very secure when two or three techniques used together for a system. For every login process, user input different passwords. We proposed two different shoulder surfing resistance graphical password authentication scheme methods one is AS3PAS and second is hybrid textual scheme using color code also Advanced LSB which removes the drawback of simple LSB that it supports all image format.
Show more

7 Read more

A Comprehensive Survey On Graphical Passwords And Shoulder Surfing Resistant Technique Analysis

A Comprehensive Survey On Graphical Passwords And Shoulder Surfing Resistant Technique Analysis

Tao and Adams[12] designed a new scheme Pass-go based on Chinese board game Go. User draws password on the grid using intersections of the grid cells. For each intersection, sensitive areas are defined and touching any point inside a sensitive area is equal to touching the intersecting point. The grid of size (G+1)x(G+1) in DAS is equal to GxG grid in Pass-go. An ordered sequence of intersecting points with pen up events forms the password. Colors can be used to create strong passwords. They conducted user study and reported that Pass-go keeps most of the advantages of DAS scheme and offers more security and better usability. In Pass-go, dot and line indicators are used to display the password. By using an encoding scheme, the password can be inputted using keyboard. They conducted user study with 158 participants over a period of three months.
Show more

7 Read more

Advanced Scalable Shoulder Surfing Resistance Password Authentication Scheme

Advanced Scalable Shoulder Surfing Resistance Password Authentication Scheme

ABSTRACT: The most common method is textual passwords that were used for authentication. Unfortunately, these passwords can be easily guessed or cracked. The next best techniques are graphical passwords. Since, there are many graphical password schemes that are proposed in the last decade, But most of them suffer from shoulder surfing which is also a big problem. Also, there are few graphical passwords schemes that have been proposed which are resistant to various attacks. In this paper advanced authentication scheme is proposed for any transaction. The scheme authenticates the user by session passwords. Session passwords are passwords that are entered and used only once. Once the session is terminated, the session password is no longer useful. For every login process, user input different passwords. The session passwords provide better security against dictionary and brute force attacks as password changes for every session. We proposed advanced scalable shoulder surfing resistance graphical password authentication scheme AS3PAS method which removes drawback of previous S3pas method. The proposed authentication schemes required less time for login process and uses co-ordinates of images for generating session passwords which reduces storage space in DB.
Show more

7 Read more

A New Methodology On Resistant Graphical Authentication Scheme

A New Methodology On Resistant Graphical Authentication Scheme

The system architecture comprised of 5 major blocks in the user the server SMTP client and the SMS client, and the Application for logging. The SMS client and email clients is connected server to the clients for communicating the LTP and OTP to the clients. The total flow and proposed system architecture is mentioned [13]. .In our proposed system it is based on partially observable attacker model. In we will propose an improved color pass shoulder surfing resistant password scheme [14]. use colors.

8 Read more

A Novel Graphical Password Authentication Scheme

A Novel Graphical Password Authentication Scheme

The most common computer authentication method is to use alphanumerical usernames and passwords. This method has been shown to have significant drawbacks. For example, user tends to pick passwords that can be easily guessed. On the other hand, if a password is hard to guess, then it is often hard to remember. In this paper, we present a new security primitive based on hard AI problems, namely, a novel family of graphical password systems built on top of Captcha technology, which we call Captcha as graphical passwords (CaRP). CaRP is both a Captcha and a graphical password scheme. CaRP addresses a number of security problems altogether, such as online guessing attacks, relay attacks, and, if combined with dual-view technologies, shoulder-surfing attacks. Notably, a CaRP password can be found only probabilistically by automatic online guessing attacks even if the password is in the search set. CaRP also offers a novel approach to address the well-known image hotspot problem in popular graphical password systems, such as PassPoints, that often leads to weak password choices. CaRP is not a panacea, but it offers reasonable security and usability and appears to fit well with some practical applications for improving online security.
Show more

7 Read more

Secure Authentication Using Session Based Password with Virtual Keyboard

Secure Authentication Using Session Based Password with Virtual Keyboard

ABSTRACT: Early people use textual passwords as a security but these passwords get affected to the various attacks like dictionary attack, shoulder surfing, etc. After the period, graphical passwords are coming to the existence but the graphical passwords have some own disadvantages such as they require more time to authenticate. Hence, This paper has taken a review of session password technique in which the password is used only once for each and when session will end the password is not useful. The proposed session password scheme uses Text session password. The session password scheme uses pair-based authentication scheme. Textual passwords generally used for login authentication. Graphical password is introduced exactly opposite technique to textual passwords. As most users are well known about textual passwords than pure graphical passwords. Shoulder-surfing is an attack where an attacker can capture a password by direct show or by listening the authentication session password. Session password can use only once because every time a new password will generate. Session Password supports Pair based scheme which is secure and more efficient. In this paper, it is proposed an improved text-based shoulder surfing resistant scheme by using pair based scheme is used for alphabet, digit , symbols where session password will form at every session or transaction using virtual shuffling keyboard. The user can easily and efficiently login to the system. Proposed system analyzes the security and usability of the proposed scheme, and shows the support of the scheme to shoulder surfing attack.
Show more

5 Read more

A Survey On Resisting Shoulder Surfing Attack Using Graphical Password

A Survey On Resisting Shoulder Surfing Attack Using Graphical Password

resistant graphical password scheme, TI-IBA, in which icons are presented not only spatially but also temporally. TI-IBA is less constrained by the screen size and easier for the user to find his pass-icons. Unfortunately, TI-IBA’s resistance to accidental login is not strong. And, it may be difficult for some users to find his pass-icons temporally displayed on the login screen. As most users are familiar with textual passwords and conventional textual password authentication schemes have no shoulder surfing resistance, Zhao et al. [13], in 2007, proposed a text-based shoulder surfing resistant graphical password scheme, S3PAS, in which the user has to find his textual password and then follow special rule to mix his textual password to get a session password to login the system. However, the login process of Zhao et al.’s scheme is complex and tedious [11].
Show more

5 Read more

A Survey On Constrain Identification Resistant Graphical Authentication Scheme

A Survey On Constrain Identification Resistant Graphical Authentication Scheme

Passwords approaches many useful properties as well as widespread number of deployment consequently we can expect their use for the foreseeable standard methods for password input is subject to a variety of attacks based on observation from casual eavesdropping to more exotic methods. The use of VRK, OTP and LTP and newly proposed Graphical password models highly secure the user authentication model and elemanete small users from accessing the system without security bypass. . The HMAC algorithm is used to provided secure PIN after the logon procedure human shoulder surfing attack is prevented and a secure transaction many mobile App and Server is established by using session Key Models.The user can easily and efficiently to login the scheme without using any physical keyboard. Finally we have analyzed resistances of proposed scheme to shoulder surfing and accidental login.
Show more

9 Read more

Constrain Identification Resistant Graphical Authentication Scheme

Constrain Identification Resistant Graphical Authentication Scheme

The system architecture comprised of 5 major blocks in the user the server SMTP client and the SMS client, and the Application for logging. The SMS client and email clients is connected server to the clients for communicating the LTP and OTP to the clients. The total flow and proposed system architecture is mentioned [13]. .In our proposed system it is based on partially observable attacker model. In we will propose an improved color pass shoulder surfing resistant password scheme [14]. use colors.
Show more

9 Read more

A Sophisticated Approach to Graphical Password

A Sophisticated Approach to Graphical Password

Users can set up a complex authentication password and are capable of reentering it after a long time even if the memory is not use periodically. However, most of these image-based passwords not secure because of shoulder surfing attacks (SSAs). This type of attack either uses direct observation, such as watching over someone or applies video capturing techniques to get passwords, PINs, or other personal information .All human actions such as choosing bad passwords or inputting passwords in an insecure way for later logins are regarded as the weakest link in the authentication mechanism [8]. An authentication scheme which is designed to overcome these vulnerabilities named PassMatrix that protects users from becoming victims of peeping attacks when inputting passwords in public through the usage of one-time login indicators. A login indicator is
Show more

5 Read more

Graphical password schemes design: enhancing memorability features using autobiographical memories

Graphical password schemes design: enhancing memorability features using autobiographical memories

password information onscreen for an even shorter period. The onlooker is not given a chance to observe a complete user password onscreen [10]. Forget , et la. Proposed a gaze-based authentication system called Cued Gaze-Points (CGP) and designed to resist shoulder surfing problem. It is a cued-recall graphical password scheme using eye-gaze as an input mechanism [11] where users select points on a sequence of images with their eye-gaze instead of mouse- clicks. The main idea of the scheme is to make it difficult for onlooker see the login credential through mouse movement and clicking. Haichang et al. designed a recognition-based scheme inspired by DAS drawing input method and the association mnemonics in Story for sequence retrieval was proposed [12]. This scheme is an improvement of Story scheme and has a wanted usability for PDAs. In this scheme, to create a password, user chooses several images from the set as his/her pass-images which are connected mentally with a story to remember them correctly during authentication. To authenticate, user draws a curve across both pass-images and decoys in the right order. The drawing input trick along with the complementary measures, such as erasing the drawing trace, showing tainted images, and starting and ending with randomly designated images provide a good resistance to shoulder- surfing [12]. Another textual-graphical password scheme designed to provide resistance against Shoulder-surfing is S3PAS [13] . The acronym stands for Scalable Shoulder- Surfing Resistant Textual-Graphical Password Authentication Scheme . The scheme exists in three different variants and each serves different security environments.
Show more

7 Read more

S3PAS:A Scalable Shoulder-Surfing Resistant Textual-Graphical Password Authentication Scheme

S3PAS:A Scalable Shoulder-Surfing Resistant Textual-Graphical Password Authentication Scheme

To resist random-click attack, users are required to click several times followed by some click-rule just like the ba-sic S3PAS scheme. Recall the example shown in Section 3, if the password is “A1B3”, the user has to click four times to login. The problem is that whether four-character pass-word is long enough to resist the random-click attack? If the attacker is “lucky” enough, he/she might be able to click inside the correct triangle regions correctly just by random-clicks. We observe that the size of the pass-triangle area greatly affects S3PAS's security level. If the size of every pass-triangle area is too large, attackers are able to click in-side the right areas with higher probabilities. To evaluate the security level, we should find out the expected average size of the pass-triangle areas, which is an important mea-sure of S3PAS's security level.
Show more

6 Read more

Show all 10000 documents...