Top PDF A Survey on Shoulder Surfing Resistant Graphical Authentication Systems

A Survey on Shoulder Surfing Resistant Graphical Authentication Systems

A Survey on Shoulder Surfing Resistant Graphical Authentication Systems

In this paper, we have studied different methods for graphical password authentication scheme. We proposed a shoulder surfing resistant authentication system basedon graphical passwords, named Pass Matrix. Using a one-time login indicator per image,users can point out the location of their pass-square without directly clicking or touching it, which is an action vulnerable to shoulder surfing attacks. Because of the design of thehorizontal and vertical bars that cover the entire pass-image, it offers no clue for attackersto narrow down the password space even if they have more than one login records ofthat account. Also additional, we proposed a system called Session password,it provides a new password for each session and need not to transfer password form server each time for authentication purpose that’s why Session password scheme provides more security than the other existed systems.
Show more

5 Read more

DIGITAL LOCK: A HYBRID AUTHENTICAIONMr. Dipak P. Umbarkar1, Prof. Megha singh2

DIGITAL LOCK: A HYBRID AUTHENTICAIONMr. Dipak P. Umbarkar1, Prof. Megha singh2

Wiedenbeck et al. [4] proposed in 2006, the Convex Hull Click Scheme (CHC) as a better version of the Triangle scheme with greater safety and usability. To login the system, the user has to face some challenges. In each challenge, the user has to choose three pass-icons displayed on the login screen, and then click inside the imperceptible convex hull designed by all the showed pass-icons. But, the login time of Convex-Hull Click scheme may be too extensive. In 2009, Gao et al. [5] proposed another shoulder surfing resistant graphical password scheme i.e. Color Login. In which the background color is a practical issue for decreasing the login time. Still, the possibility of accidental login of Color Login is password space is too small and too high. In 2009, Yamamoto et al. [10] proposed a shoulder surfing resistant graphical password scheme, TI-IBA, in which icons are presented spatially and temporally. TI-IBA is less guarded by the screen size and easier for the user to find his pass-icons. Fatefully, TI-IBA’s resistance to accidental login is not tough. And, it may be problematic for some users to find his pass-icons temporally displayed. As most users are awake with word-based passwords and conventional text-based password authentication schemes resistance to shoulder surfing. Sreelatha et al. [13], in 2011, also proposed a text and color based shoulder surfing resistant graphical password scheme. In this method user has to in remember the order of some colors. In the similar year, Kim et al. [14] also proposed a text based shoulder surfing resistant graphical password scheme, which employed an analysis method for accidental login resistance and shoulder surfing resistance to analyze the security of their scheme. Fatefully, the resistance of Kim et al.’s scheme to accidental login is not suitable. Rao et al. [16], in 2012, suggested a text-based shoulder surfing resistant graphical password scheme i.e. PPC. To login, the user has to mix his textual password to produce several pass-pairs, and then chase four predefined rules to get his session password on the login screen. The login procedure of PPC is too multipart and uninteresting. During registration user should rate colors that are shown in figure 2. The User should rate colors from 1 to 8 and he can recall it as “RLYOBGIP”. The same rating can be given to dissimilar colors. During the login phase, a one interface is showed based on the colors designated by the user. The size of grid is 8×8. This grid encloses digits 1-8 placed randomly in grid cells. The interface also contains strips of colors with four pairs of colors. Each pair of color signifies the row and the column of the grid.
Show more

7 Read more

A Survey On Resisting Shoulder Surfing Attack Using Graphical Password

A Survey On Resisting Shoulder Surfing Attack Using Graphical Password

resistant graphical password scheme, TI-IBA, in which icons are presented not only spatially but also temporally. TI-IBA is less constrained by the screen size and easier for the user to find his pass-icons. Unfortunately, TI-IBA’s resistance to accidental login is not strong. And, it may be difficult for some users to find his pass-icons temporally displayed on the login screen. As most users are familiar with textual passwords and conventional textual password authentication schemes have no shoulder surfing resistance, Zhao et al. [13], in 2007, proposed a text-based shoulder surfing resistant graphical password scheme, S3PAS, in which the user has to find his textual password and then follow special rule to mix his textual password to get a session password to login the system. However, the login process of Zhao et al.’s scheme is complex and tedious [11].
Show more

5 Read more

Implementation of Graphical Authentication System for Shoulder Surfing Attacks

Implementation of Graphical Authentication System for Shoulder Surfing Attacks

Current secure systems suffer because they neglect the importance of human factors in security. Author addresses a fundamental weakness of knowledge-based authentication schemes, which is the human limitation to remember secure passwords. Our approach to improve the security of these systems relies on recognition-based, rather than recall-based authentication. Author examines therequirements of a recognition-based authentication system and proposes is more reliable and easier to use than traditional recall-based schemes, which require the user to precisely recall passwords or PINs. Furthermore, it has the advantage that it prevents users from choosing weak passwords and makes it difficult to write down or share passwords with others.
Show more

9 Read more

Text Based Shoulder Surfing Resistant Using Graphical Password (CAPTCHA)

Text Based Shoulder Surfing Resistant Using Graphical Password (CAPTCHA)

ABSTRACT: A Lot of security primitives are depend on more challenges and it will be resolved by some mathematical formulations. For security using high AI Problems and it’s become an evaluation for new pattern of security, but not explored well. In our studies we define Captcha as graphically password, graphically password system build on captcha technology mainly on hard AI problems we will present new security primitives. Captcha is combination of captcha and graphical password. CaRP is address multiple security issue like shoulder surfing attack, if combined with dual view technology, relay attack and online guessing attack. CaRP alone becomes inefficient to prevent all security, hence this paper makes a survey of the various security measures for secure password schemes and gives a clear picture of the efficiencies of the different techniques. For improving online security highly secure password offers usability and reasonable security and appears suit well with practical applications.
Show more

6 Read more

A Shoulder Surfing Resistant Graphical Password System             

A Shoulder Surfing Resistant Graphical Password System             

In our proposed system in order to provide more security to the existing authentication methods, in each page where all images within each category are shown, the false image (not my password) is added automatically. This image can be replaced with one of the images in each category. Since the user is aware of the selected image in each category, if the known image is available, he can pick out the correct image, otherwise, he takes the false image. In order to make the process to be more complex for the attacker, a random category will be added between selected categories. In this example, since the pet category was not selected by the user as part of his password in the registration step, he must select the false image to ignore this category. However, this category can be considered as the real image category by an attacker who watches the user authentication process, since the user selected an image from this category. After the graphical password will be validated, then the system will automatically direct the user to the appropriate web page (user profile). To this end, it can prevent shoulder-surfing attack by pretending that the selected image (false image) is one of the images that user selected as his password.
Show more

5 Read more

A Sophisticated Approach to Graphical Password

A Sophisticated Approach to Graphical Password

As the mobile marketing statistics compilation by Danyl, the mobile shipments had overtaken PC shipments in 2011, and the number of mobile users also overtaken desktop users at 2014, which closed to 2 billion. However, shoulder surfing attacks have posed a great threat to users’ privacy and confidentiality as mobile devices are becoming essential thing in modern life. People may log into web services and apps in public to access their personal accounts with their smart phones, tablets or public devices, like bank ATM. Shoulder-surfing attackers can observe how the passwords were entered with the help of reflecting glass windows, or alone monitors hanging everywhere in public places. Passwords are exposed to risky environments, even if the passwords themselves are complex and secure. A secure authentication system need to be able to defend against shoulder surfing attacks and should be applicable to all kinds of devices. Authentication schemes in the literature such as those in [6] are resistant to shoulder-surfing, but they have either usability limitations or small password space. The limitations of usability include issues such as taking more time to log in, passwords being too difficult to recall after a period of time, and the authentication method being too complicated for users without proper education and practice. In 2006, Wiedenbeck et al. proposed PassPoints [5] in which the user picks up several points (3 to 5) in an image during the password creation phase and re-enters each of these pre-selected click-points in a correct order within its tolerant square during the login phase. Comparing to traditional PIN and textual passwords, the Pass- Points scheme substantially increases the password space and enhances password memorability. Unfortunately, this method of graphical authentication scheme is vulnerable to shoulder surfing attacks. Hence, based on the PassPoints, we implement the idea of using one-time session passwords and PassMatrix authentication system that is resistant to shoulder surfing attacks.
Show more

5 Read more

A Survey On Constrain Identification Resistant Graphical Authentication Scheme

A Survey On Constrain Identification Resistant Graphical Authentication Scheme

Passwords approaches many useful properties as well as widespread number of deployment consequently we can expect their use for the foreseeable standard methods for password input is subject to a variety of attacks based on observation from casual eavesdropping to more exotic methods. The use of VRK, OTP and LTP and newly proposed Graphical password models highly secure the user authentication model and elemanete small users from accessing the system without security bypass. . The HMAC algorithm is used to provided secure PIN after the logon procedure human shoulder surfing attack is prevented and a secure transaction many mobile App and Server is established by using session Key Models.The user can easily and efficiently to login the scheme without using any physical keyboard. Finally we have analyzed resistances of proposed scheme to shoulder surfing and accidental login.
Show more

9 Read more

Graphical Authentication Mechanisms: A Survey

Graphical Authentication Mechanisms: A Survey

Passdoodle comprised of handwritten text or designs, usually drawn with a stylus onto a touch sensitive screen. In their 1999 paper, Jermyn et al. prove that doodles are harder to crack due to a theoretically much larger number of possible doodle passwords than text passwords. Figure 4.3 will be shown a sample password of Passdoodle. The problem of recognition prevents wide spread use of the Passdoodle. The doodle here is used as the sole means of identification. In order to maintain security, the system cannot simply authenticate a user as the user whose recorded doodle is most similar, a minimum threshold of likeliness and similarity must be set. Goldberg [13] et.al has shown that users were able to recognize a complete doodle password as accurately as text-based passwords. But unfortunately the Passdoodle scheme has many disadvantages. As mentioned, users were fascinated by other user’s drawn doodles, and usually entered other user’s password merely to a different doodles from their own. The authors concluded that the Passdoodle scheme is vulnerable to several attacks such as spyware, guessing, key-logger, and shoulder surfing.
Show more

9 Read more

Advanced Scalable Shoulder Surfing Resistance Password Authentication Scheme

Advanced Scalable Shoulder Surfing Resistance Password Authentication Scheme

4 Haichang Proposed a new shoulder-surfing resistant scheme where the user is required to draw a curve across their password images orderly rather than clicking on them directly.[7] This graphical scheme combines DAS and Story schemes to provide authenticity to the user

7 Read more

Survey Of Graphical Password Authentication Techniques

Survey Of Graphical Password Authentication Techniques

In this paper, we have studied different techniques of graphical password authentication such as, recognition-based, pure recall-based, cued recall-based, and hybrid schemes. During our observation, we identify several drawbacks which can cause attacks on user data. Therefore, we have studied the common drawbacks on these graphical password methods. Also find how to overcome these attacks. Then, we tried to survey on attack patterns and define common attacks in graphical password authentication methods. We also find that, some attacks can be prevent, but user must have to take care of prevention of certain attack such as social engineering attack and shoulder surfing attack.
Show more

8 Read more

Graphical password schemes design: enhancing memorability features using autobiographical memories

Graphical password schemes design: enhancing memorability features using autobiographical memories

There is a commonly known tradeoff between memorability and security of password authentication systems. Being that more secure passwords are less memorable. To redeem this flaw, a number of authentication methods and techniques has been put forward but memorability and security issues still remain as each limitations. These two factors influence the success of passwords. Many schemes are not memorable just because the required memory feature does not portray what people remember most in their design. In the light of this , we have proposed authentication system which is based on autobiographical memories of the users to improve memorability of graphical passwords and randomly generated digits are displayed on the screen for user to enter digits corresponding to the password via keyboard rather than graphical input devices like mouse and stylus in order to resist shoulder surfing attack. Currently we are working on the scheme implementation and performance analysis in order to address some important issues like memorability , security and even the user’s factor of our scheme and they will be published soonest.
Show more

7 Read more

PASSMATRIX  An Authentication System to Resist Shoulder Surfing Attacks

PASSMATRIX An Authentication System to Resist Shoulder Surfing Attacks

authentication method. Strong textual passwords are hard to memorize. To address the weakness of textual password graphical passwords are proposed. Click based or pattern based approaches are widely used techniques for mobile authentication system. Such textual and graphical passwords a scheme suffers from shoulder surfing attacks. Attacker can directly observe or can use video recorder or webcam to collect password credentials. To overcome the problem, shoulder surfing attack resistant technique is proposed. This technique contains pass-matrix. More than one image are used to set the password. For every login session, user needs to scroll circulatory horizontal and vertical bars. A password hint is provided to the user to select desired image password grid. Horizontal and vertical scroll bar covers the entire scope of pass-images. For password selection, password hint and horizontal and vertical scroll bar are used. The proposed technique is implemented on android platform. The system performance is measured using memorability and usability of a password scheme with respect to the existing technique.
Show more

6 Read more

Secured Hybrid Authentication Schemes using Session Password and Steganography

Secured Hybrid Authentication Schemes using Session Password and Steganography

To overcome these problem graphical schemes were used. In graphical password there is also problem for shoulder surfing. But here user is authenticated using session to enter the different password. Its not possible that any one technique is very strong and fully secured. We need to make transaction very strong when we used two –three techniques simultaneously. Now when literature survey was done we come to know session passwords are more secure. When the session is over then that password is of no use for next session and current session gets terminated. Session password provides more security as every time the session starts a new password is created. Also steagnography is the technique that can be implemented so that we can secure our secret data while transaction. But LSB had some limitations like not supporting all file formats also not supporting 24-bit color images.
Show more

7 Read more

A Shoulder Surfing Resistant Graphical Verification System

A Shoulder Surfing Resistant Graphical Verification System

In 2010, David Kim et al. [25] proposed a visual authentication plot for tabletop interfaces called "Shading Rings", as appeared in Figure 3(a) (the figure is removed from [25]), where the client is doled out I validation (key) symbols, which are all in all relegated one of the four shading rings: red, green, blue, or pink. Amid login, I networks of symbols are given, with 72 symbols being shown per framework. There is just a single key symbol exhibited in every network. The client must drag every one of the four rings (in a perfect world with pointer and thumb from two hands) simultaneously and put them in the network. The unmistakable key symbol ought to be caught by the right shading ring while whatever is left of rings simply make distraction determinations. The client affirms a determination by dropping the rings in position. The rings are sufficiently extensive to incorporate in excess of one symbol and would thus be able to jumble the immediate onlooker. Tragically, these sorts of passwords can be broken by converging the client's determinations in each login on the grounds that the shade of the doled out ring is settled and a ring can incorporate at most seven symbols. Along these lines, the aggressor just requires a predetermined number of trials to figure the client's secret key.
Show more

9 Read more

HoneyPass: A Shoulder Surfing Resistant Graphical Authentication System using Honeypot

HoneyPass: A Shoulder Surfing Resistant Graphical Authentication System using Honeypot

Shoulder Surfing attack is a direct observation approach where the shoulder surfer steals the user's Personal Identification Number (PIN), passwords by looking over his shoulder. [2,3] It commonly happens in public transports while the victim is commuting which involves a smart phone in almost all cases. A good example is shoulder surfing at ATMs, a crime in which a suspect watch over the victim's shoulder as he punches in his PIN number. The ATM screen asks for another transaction when the customers complete theirs. Some customers fail to notice the prompt and walk away leaving it on the screen. In this way, the thief enters the stolen PIN and pretends to be the user. But the phenomenon of shoulder surfing is not widely known. [4] Users tend to use the strategies such as hiding the device screen, shielding the device with their hand etc. However, by observing, one cannot get a hold with most of the victim’s detailed biodata such as information about his relationships, sexual preferences, interests, hobbies, and login data. Hence, the damage shoulder surfing can cause is widely unknown. [5].
Show more

11 Read more

S3PAS:A Scalable Shoulder-Surfing Resistant Textual-Graphical Password Authentication Scheme

S3PAS:A Scalable Shoulder-Surfing Resistant Textual-Graphical Password Authentication Scheme

The most common user authentication method is the text-based password scheme that a user enters a login name and a password. The vulnerabilities of this method have been well known. Users tend to pick short passwords or passwords that are easy to remember [1], which makes the passwords vulnerable for attackers to break. To resist brute-force search and dictionary attacks, users are required to use long and random passwords. Unfortunately, such pass-words are hard to remember. Furthermore, textual password Graphical password schemes have been proposed as a possible alternative to text-based schemes, motivated par-tially by the fact that humans can remember pictures bet-ter than text [8]. In addition, the possible password space of a graphical password scheme may exceed that of text-based schemes and thus presumably offer higher level of security. It is also difficult to devise automated attacks for graphical passwords. As a result, graphical password schemes provide a way of making more human-friendly passwords while increasing the level of security. Due to these advantages, there is a growing interest in graphical password. However, existing graphical passwords are far from perfect. Typically, system requirements and com- munication costs for graphical passwords are significantly higher than text-based passwords. In addition, few graph-ical systems support keyboard inputs. More importantly, most current graphical passwords are more vulnerable to shoulder-surfing attacks than textual passwords.
Show more

6 Read more

REVIEW ON COLOR PASSWORD TO RESIST SHOULDER SURFING ATTACK

REVIEW ON COLOR PASSWORD TO RESIST SHOULDER SURFING ATTACK

In 2002, to reduce the shoulder surfing attack, Sobrado and Birget [3] proposed three shoulder surfing resistant graphical password schemes, the Movable Frame scheme, the Intersection scheme, and the Triangle scheme. But from all this schemes, the Movable Frame scheme and the Intersection scheme fail frequently in the process of Authentication. In the Triangle scheme, the user has to select and memorize several pass icons as his password. To login the system, the user has to correctly pass the predetermined number of challenges and in every challenge, the user has to find three pass-icons from a set of randomly chosen icons displayed on the login screen, and then click inside the invisible triangle created by those three pass- icons.
Show more

7 Read more

A SHOULDER SURFING RESISTANT GRAPHICAL AUTHENTICATION SYSTEM

A SHOULDER SURFING RESISTANT GRAPHICAL AUTHENTICATION SYSTEM

At this stage, the user creates an account which contains a username and a password. The password consists of only one pass-square per image for a sequence of n images. The only purpose of the username is to give the user an imagination of having a personal account. The username can be omitted if Pass-Matrix is applied to authentication The user has to choose images from a provided list as pass-image. Then the user will pick a pass-square or each selected pass-image from the grid, which was divided by the image discretization module. The user repeats this step until the password is set. This module divides each image into squares, from which users would choose one as the pass-square. An image is divided into a 7 * 11 grid. The smaller the image is discretized, the larger the password space is. However, the overly concentrated division may result in recognition problem of specific objects and increase the difficulty of user interface operations. Hence, in this implementation, a division was set at 60-pixel intervals in both horizontal and vertical directions, since 60 pixels is the best size to accurately select specific objects.
Show more

8 Read more

Implementation of Passmatrix Based Shoulder Surfing Resistant Graphical Authentication System

Implementation of Passmatrix Based Shoulder Surfing Resistant Graphical Authentication System

ABSTRACT: Day by day password security and protection are assumed fundamental part in PC application with increasing in PC innovation, for the diverse sorts of PC wrongdoing, misrepresentation and attacks. So, in this aspect we are proposing a novel confirmation framework which is opposed the different types of attack which happens in client account. With a one-time substantial sign up indicator for an image, the user has selected pass-images of the PassMatrix which is a graphical password of a user and register in the system. After registering successfully user login into system with two factor verification. In this two factor verification, we use an Android application. It offers no insight for attackers to make sense of or restricted down the secret word even they direct various cameras-based assaults. It maintained privacy and authority. The proposed framework will accomplish better imperviousness to attacks while looking after ease of use.
Show more

8 Read more

Show all 10000 documents...