Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 The Design and Analysis of Graphical Passwords Presenter : Ta Duy Vuong Ian Jermyn New York University Alain Mayer, Fabian Monrose,

Published byCody Chase Modified over 8 years ago

Similar presentations

Presentation on theme: "1 The Design and Analysis of Graphical Passwords Presenter : Ta Duy Vuong Ian Jermyn New York University Alain Mayer, Fabian Monrose,"— Presentation transcript:

1 1 The Design and Analysis of Graphical Passwords Presenter : Ta Duy Vuong taduyvuo@comp.nus.edu.sg Ian Jermyn New York University Alain Mayer, Fabian Monrose, Michael K.Reiter Bell Labs, Lucent Technologies Aviel D.Rubin AT&T Labs-Research

2 2 OUTLINE 1.Introduction 2.Textual Passwords with Graphical Assistance 3.Purely Graphical Passwords 4.Other graphical password scheme 5.Summary 6.References

3 3 1.INTRODUCTION Passwords: method of choice for user authentication. In practice, passwords are susceptible to attacks. Exploit features of graphical input displays to achieve better security.

4 4 1.INTRODUCTION Used for any devices with graphical input display Primarily for PDAs: Palm Pilot, HP iPAQ,…

5 5 1.INTRODUCTION Observation: temporal order & position Textual password input via keyboard: Graphical password simplepass 123456789

6 6 2.TEXT WITH GRAPHICAL ASSISTANCE GRAPHICAL PASSWORD TEXTUAL PASSWORD WITH GRAPHICAL ASSISTANCE DRAW-A-SECRET SCHEME

7 7 2.TEXT WITH GRAPHICAL ASSISTANCE Use textual passwords augmented by some graphical capabilities. Aim: to decouple temporal order & position of input.

8 8 2.TEXT WITH GRAPHICAL ASSISTANCE Example: password is “ tomato ”. Usual way of input: Conventional

9 9 2.TEXT WITH GRAPHICAL ASSISTANCE With graphical assistance

10 10 2.TEXT WITH GRAPHICAL ASSISTANCE Formally: k : number of characters in password A : set of allowed characters m : number of positions (m>=k) Textual : f = {1,…,k}  A Graphical : f’ = {1,…,k}  A x {1,…,m}

11 11 2.TEXT WITH GRAPHICAL ASSISTANCE One k-character conventional password yields: m!/(m-k)! graphical passwords Ex: Password is “ILoveNus” k=8 (characters) Choose m=10 (positions)  approximately 1.8 x 10 6 graphical passwords

12 12 3.DRAW-A-SECRET (DAS) SCHEME GRAPHICAL PASSWORD TEXTUAL PASSWORD WITH GRAPHICAL ASSISTANCE DRAW-A-SECRET SCHEME

13 13 3.DRAW-A-SECRET (DAS) SCHEME 3.1 Introduction Password is picture drawn on a grid. Users freed from having to remember alphanumeric string. What is good about picture-based password?

14 14 3.DRAW-A-SECRET (DAS) SCHEME 3.2 Password input (5,5) is pen-up indicator (2,2) (3,2) (3,3) (2,3) (2,2) (2,1) (5,5)

15 15 3.DRAW-A-SECRET (DAS) SCHEME 3.3 Encryption Tool for PDA Process of making keys for Triple-DES Key k Triple-DES Sequence of coordinates of password P Hashed using SHA-1 Derived to make keys Use Triple-DES to encrypt/decrypt data stored on PDA

16 16 3.DRAW-A-SECRET (DAS) SCHEME 3.3 Encryption Tool for PDA ressult = P ?? Key k’ restult=Dk’( Ek(P) ) Sequence of coordinates P’ Hashed using SHA-1 Process of verifying password Store Ek(P) Key k Ek(P) Sequence of coordinates P Hashed using SHA-1 Process of setting password

17 17 3.DRAW-A-SECRET (DAS) SCHEME 3.4 Security of the DAS Scheme Textual passwords are susceptible to attacks because: –Users do not choose passwords uniformly. –Attackers have significant knowledge about the distribution of user passwords (users often choose passwords based their own name…) information about gross properties (words in English dictionary are likely to be chosen)

18 18 3.DRAW-A-SECRET (DAS) SCHEME 3.4 Security of the DAS Scheme Knowledge about the distribution of user password is essential to adversary. DAS scheme gives no clues about user choice of passwords. Harder to collect data on PDAs than networked computers.

19 19 3.DRAW-A-SECRET (DAS) SCHEME 3.4 Security of the DAS Scheme Size of Password space: LmaxP : password ∏(Lmax,G) = ∑ P(L,G) Grid size GxG L=1L : length of password Lmax : maximum length of password l=L N: number of strokes P(L,G) = ∑ P(L-l,G)N(lG)l : length of stoke l=1 N(l,G) = ∑ n(x,y,l,G) n : number of strokes of length l (x,y) ∈ [1..G]x[1..G] (x,y) : ending cell

20 20 3.DRAW-A-SECRET (DAS) SCHEME 3.4 Security of the DAS Scheme New password scheme cannot be proven better than old scheme because of human factor ! However, above table shows raw size of graphical password space surpasses that of textual passwords.

21 21 4. Another graphical password scheme To login, user is required to click within the circled red regions (chosen when created the password) in this picture. The choice for the four regions is arbitrary Known since the mid 1990s, starting with G.Blonder in his paper “Graphical Passwords”

22 22 5. SUMMARY Textual passwords with graphical assistance: conventional passwords equipped with graphical capabilities. Improvements over textual passwords: –Decouple positions of input from temporal order –Larger password space

23 23 5. SUMMARY Draw-A-Secret (DAS) Scheme: –Pictures are easier to remember –Attackers have no knowledge of the distribution of passwords –Larger password space –Decouple position of inputs from temporal order

24 24 6. REFERENCES “The Design and Analysis of Graphical Passwords” by Ian Jermyn, Alain Mayer, Fabian Monrose, Michael K.Reiter, Aviel D.RubinThe Design and Analysis of Graphical Passwords “ Graphical passwords ” by Leonardo Sobrado, Jean- Camille Birget, Department of Computer Science, Rutgers University Graphical passwords “Graphical Dictionaries and the Memorable Space of Graphical Passwords” by Julie Thorpe, P.C. van OorschotGraphical Dictionaries and the Memorable Space of Graphical Passwords “Human Memory and the Graphical Password” by David Bensinger, Ph.D.Human Memory and the Graphical Password “Passwords: the weakest link?” CNET News.comPasswords: the weakest link?”

25 25 THANK YOU.

Download ppt "1 The Design and Analysis of Graphical Passwords Presenter : Ta Duy Vuong Ian Jermyn New York University Alain Mayer, Fabian Monrose,"

Similar presentations

Non-Text Passwords CRyptography Applications Bistro Jessica Greer February 12, 2004.

Non-Text Passwords CRyptography Applications Bistro Jessica Greer February 12, 2004.
Trustworthy Computing in My Mind: A Case Study on Visual Password Shujun Li Visiting Student at VC Group, Microsoft Research Asia Institute of Image Processing.

Trustworthy Computing in My Mind: A Case Study on Visual Password Shujun Li Visiting Student at VC Group, Microsoft Research Asia Institute of Image Processing.
3d ..

3d ..
1 Carnegie Mellon Mike Reiter Professor of ECE and CS Carnegie Mellon University Title Goes Here Toward Fixing the Compliance Defects of Public Key Cryptography.

1 Carnegie Mellon Mike Reiter Professor of ECE and CS Carnegie Mellon University Title Goes Here Toward Fixing the Compliance Defects of Public Key Cryptography.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
Apr 4, 2003Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication.

Apr 4, 2003Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication.
Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.

Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.
Graphical Dictionaries Presentation by Roger Kahn1 Graphical Dictionaries & Memorable Space of Graphical Passwords.

Graphical Dictionaries Presentation by Roger Kahn1 Graphical Dictionaries & Memorable Space of Graphical Passwords.
 A data processing system is a combination of machines and people that for a set of inputs produces a defined set of outputs. The inputs and outputs.

 A data processing system is a combination of machines and people that for a set of inputs produces a defined set of outputs. The inputs and outputs.
Lecture 9: Email Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.
Kok-Chie Daniel Pu - MSISPM. Wow... Daniel will be presenting a lecture on Graphical Passwords !!!

Kok-Chie Daniel Pu - MSISPM. Wow... Daniel will be presenting a lecture on Graphical Passwords !!!
Authentication Approaches over Internet Jia Li

Authentication Approaches over Internet Jia Li
.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.

.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.
E XPLORING USABILITY EFFECTS OF INCREASING SECURITY IN CLICK - BASED GRAPHICAL PASSWORDS Elizabeth StobertElizabeth Stobert, Alain Forget, Sonia Chiasson,

E XPLORING USABILITY EFFECTS OF INCREASING SECURITY IN CLICK - BASED GRAPHICAL PASSWORDS Elizabeth StobertElizabeth Stobert, Alain Forget, Sonia Chiasson,
GRAPHICAL PASSWORD AUTHENTICATION PRESENTED BY SUDEEP KUMAR PATRA REGD NO-0901223488 Under the guidance of Mrs. Chinmayee Behera.

GRAPHICAL PASSWORD AUTHENTICATION PRESENTED BY SUDEEP KUMAR PATRA REGD NO Under the guidance of Mrs. Chinmayee Behera.
Hash Functions A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M) Principal object is.

Hash Functions A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M) Principal object is.
3D password Umesh ECE.

3D password Umesh ECE.
Security Planning and Administrative Delegation Lesson 6.

Security Planning and Administrative Delegation Lesson 6.
Process by which a system verifies the identity of a user wishes to access it. Authentication is essential for effective security.

Process by which a system verifies the identity of a user wishes to access it. Authentication is essential for effective security.
Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen.

Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen.

Similar presentations

Ads by Google