1 The Design and Analysis of Graphical Passwords Presenter : Ta Duy Vuong Ian Jermyn New York University Alain Mayer, Fabian Monrose, Michael K.Reiter Bell Labs, Lucent Technologies Aviel D.Rubin AT&T Labs-Research

2 OUTLINE 1.Introduction 2.Textual Passwords with Graphical Assistance 3.Purely Graphical Passwords 4.Other graphical password scheme 5.Summary 6.References

3 1.INTRODUCTION Passwords: method of choice for user authentication. In practice, passwords are susceptible to attacks. Exploit features of graphical input displays to achieve better security.

4 1.INTRODUCTION Used for any devices with graphical input display Primarily for PDAs: Palm Pilot, HP iPAQ,…

5 1.INTRODUCTION Observation: temporal order & position Textual password input via keyboard: Graphical password simplepass

6 2.TEXT WITH GRAPHICAL ASSISTANCE GRAPHICAL PASSWORD TEXTUAL PASSWORD WITH GRAPHICAL ASSISTANCE DRAW-A-SECRET SCHEME

7 2.TEXT WITH GRAPHICAL ASSISTANCE Use textual passwords augmented by some graphical capabilities. Aim: to decouple temporal order & position of input.

8 2.TEXT WITH GRAPHICAL ASSISTANCE Example: password is “ tomato ”. Usual way of input: Conventional

9 2.TEXT WITH GRAPHICAL ASSISTANCE With graphical assistance

10 2.TEXT WITH GRAPHICAL ASSISTANCE Formally: k : number of characters in password A : set of allowed characters m : number of positions (m>=k) Textual : f = {1,…,k}  A Graphical : f’ = {1,…,k}  A x {1,…,m}

11 2.TEXT WITH GRAPHICAL ASSISTANCE One k-character conventional password yields: m!/(m-k)! graphical passwords Ex: Password is “ILoveNus” k=8 (characters) Choose m=10 (positions)  approximately 1.8 x 10 6 graphical passwords

12 3.DRAW-A-SECRET (DAS) SCHEME GRAPHICAL PASSWORD TEXTUAL PASSWORD WITH GRAPHICAL ASSISTANCE DRAW-A-SECRET SCHEME

13 3.DRAW-A-SECRET (DAS) SCHEME 3.1 Introduction Password is picture drawn on a grid. Users freed from having to remember alphanumeric string. What is good about picture-based password?

14 3.DRAW-A-SECRET (DAS) SCHEME 3.2 Password input (5,5) is pen-up indicator (2,2) (3,2) (3,3) (2,3) (2,2) (2,1) (5,5)

15 3.DRAW-A-SECRET (DAS) SCHEME 3.3 Encryption Tool for PDA Process of making keys for Triple-DES Key k Triple-DES Sequence of coordinates of password P Hashed using SHA-1 Derived to make keys Use Triple-DES to encrypt/decrypt data stored on PDA

16 3.DRAW-A-SECRET (DAS) SCHEME 3.3 Encryption Tool for PDA ressult = P ?? Key k’ restult=Dk’( Ek(P) ) Sequence of coordinates P’ Hashed using SHA-1 Process of verifying password Store Ek(P) Key k Ek(P) Sequence of coordinates P Hashed using SHA-1 Process of setting password

17 3.DRAW-A-SECRET (DAS) SCHEME 3.4 Security of the DAS Scheme Textual passwords are susceptible to attacks because: –Users do not choose passwords uniformly. –Attackers have significant knowledge about the distribution of user passwords (users often choose passwords based their own name…) information about gross properties (words in English dictionary are likely to be chosen)

18 3.DRAW-A-SECRET (DAS) SCHEME 3.4 Security of the DAS Scheme Knowledge about the distribution of user password is essential to adversary. DAS scheme gives no clues about user choice of passwords. Harder to collect data on PDAs than networked computers.

19 3.DRAW-A-SECRET (DAS) SCHEME 3.4 Security of the DAS Scheme Size of Password space: LmaxP : password ∏(Lmax,G) = ∑ P(L,G) Grid size GxG L=1L : length of password Lmax : maximum length of password l=L N: number of strokes P(L,G) = ∑ P(L-l,G)N(lG)l : length of stoke l=1 N(l,G) = ∑ n(x,y,l,G) n : number of strokes of length l (x,y) ∈ [1..G]x[1..G] (x,y) : ending cell

20 3.DRAW-A-SECRET (DAS) SCHEME 3.4 Security of the DAS Scheme New password scheme cannot be proven better than old scheme because of human factor ! However, above table shows raw size of graphical password space surpasses that of textual passwords.

21 4. Another graphical password scheme To login, user is required to click within the circled red regions (chosen when created the password) in this picture. The choice for the four regions is arbitrary Known since the mid 1990s, starting with G.Blonder in his paper “Graphical Passwords”

22 5. SUMMARY Textual passwords with graphical assistance: conventional passwords equipped with graphical capabilities. Improvements over textual passwords: –Decouple positions of input from temporal order –Larger password space

23 5. SUMMARY Draw-A-Secret (DAS) Scheme: –Pictures are easier to remember –Attackers have no knowledge of the distribution of passwords –Larger password space –Decouple position of inputs from temporal order

24 6. REFERENCES “The Design and Analysis of Graphical Passwords” by Ian Jermyn, Alain Mayer, Fabian Monrose, Michael K.Reiter, Aviel D.RubinThe Design and Analysis of Graphical Passwords “ Graphical passwords ” by Leonardo Sobrado, Jean- Camille Birget, Department of Computer Science, Rutgers University Graphical passwords “Graphical Dictionaries and the Memorable Space of Graphical Passwords” by Julie Thorpe, P.C. van OorschotGraphical Dictionaries and the Memorable Space of Graphical Passwords “Human Memory and the Graphical Password” by David Bensinger, Ph.D.Human Memory and the Graphical Password “Passwords: the weakest link?” CNET News.comPasswords: the weakest link?”

25 THANK YOU.