Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Design and Analysis of Graphical Passwords

Published byHengki Darmali Modified over 5 years ago

Similar presentations

Presentation on theme: "The Design and Analysis of Graphical Passwords"— Presentation transcript:

1 The Design and Analysis of Graphical Passwords
Ian Jermyn New York University Alain Mayer, Fabian Monrose, Michael K.Reiter Bell Labs, Lucent Technologies Aviel D.Rubin AT&T Labs-Research Presenter : Ta Duy Vuong

2 OUTLINE Introduction Textual Passwords with Graphical Assistance
Purely Graphical Passwords Other graphical password scheme Summary References

3 1.INTRODUCTION Passwords: method of choice for user authentication.
In practice, passwords are susceptible to attacks. Exploit features of graphical input displays to achieve better security.

4 1.INTRODUCTION Used for any devices with graphical input display
Primarily for PDAs: Palm Pilot, HP iPAQ,…

5 1.INTRODUCTION Observation: temporal order & position
Textual password input via keyboard: Graphical password simplepass

6 2.TEXT WITH GRAPHICAL ASSISTANCE
GRAPHICAL PASSWORD TEXTUAL PASSWORD WITH GRAPHICAL ASSISTANCE DRAW-A-SECRET SCHEME

7 2.TEXT WITH GRAPHICAL ASSISTANCE
Use textual passwords augmented by some graphical capabilities. Aim: to decouple temporal order & position of input.

8 2.TEXT WITH GRAPHICAL ASSISTANCE
Example: password is “tomato”. Usual way of input: Conventional

9 2.TEXT WITH GRAPHICAL ASSISTANCE

10 2.TEXT WITH GRAPHICAL ASSISTANCE
Formally: k : number of characters in password A : set of allowed characters m : number of positions (m>=k) Textual : f = {1,…,k}  A Graphical : f’ = {1,…,k}  A x {1,…,m}

11 2.TEXT WITH GRAPHICAL ASSISTANCE
One k-character conventional password yields: m!/(m-k)! graphical passwords Ex: Password is “ILoveNus” k=8 (characters) Choose m=10 (positions)  approximately 1.8 x 106 graphical passwords

12 3.DRAW-A-SECRET (DAS) SCHEME
GRAPHICAL PASSWORD TEXTUAL PASSWORD WITH GRAPHICAL ASSISTANCE DRAW-A-SECRET SCHEME

13 3.DRAW-A-SECRET (DAS) SCHEME 3.1 Introduction
Password is picture drawn on a grid. Users freed from having to remember alphanumeric string. What is good about picture-based password?

14 3.DRAW-A-SECRET (DAS) SCHEME 3.2 Password input
(2,2) (3,2) (3,3) (2,3) (2,2) (2,1) (5,5) (5,5) is pen-up indicator

15 3.DRAW-A-SECRET (DAS) SCHEME 3.3 Encryption Tool for PDA
Use Triple-DES to encrypt/decrypt data stored on PDA Key k Triple-DES Sequence of coordinates of password P Hashed using SHA-1 Derived to make keys Process of making keys for Triple-DES

16 3.DRAW-A-SECRET (DAS) SCHEME 3.3 Encryption Tool for PDA
Store Ek(P) Key k Ek(P) Sequence of coordinates P Hashed using SHA-1 Process of setting password ressult = P ?? Key k’ restult=Dk’(Ek(P)) Sequence of coordinates P’ Hashed using SHA-1 Process of verifying password

17 3.DRAW-A-SECRET (DAS) SCHEME 3.4 Security of the DAS Scheme
Textual passwords are susceptible to attacks because: Users do not choose passwords uniformly. Attackers have significant knowledge about the distribution of user passwords (users often choose passwords based their own name…) information about gross properties (words in English dictionary are likely to be chosen)

18 3.DRAW-A-SECRET (DAS) SCHEME 3.4 Security of the DAS Scheme
Knowledge about the distribution of user password is essential to adversary. DAS scheme gives no clues about user choice of passwords. Harder to collect data on PDAs than networked computers.

19 3.DRAW-A-SECRET (DAS) SCHEME 3.4 Security of the DAS Scheme
Size of Password space: Lmax P : password ∏(Lmax,G) = ∑ P(L,G) Grid size GxG L=1 L : length of password Lmax : maximum length of password l=L N: number of strokes P(L,G) = ∑ P(L-l,G)N(lG) l : length of stoke l=1 N(l,G) = ∑ n(x,y,l,G) n : number of strokes of length l (x,y)∈[1..G]x[1..G] (x,y) : ending cell

20 3.DRAW-A-SECRET (DAS) SCHEME 3.4 Security of the DAS Scheme
New password scheme cannot be proven better than old scheme because of human factor ! However, above table shows raw size of graphical password space surpasses that of textual passwords.

21 4. Another graphical password scheme
To login, user is required to click within the circled red regions (chosen when created the password) in this picture. The choice for the four regions is arbitrary Known since the mid 1990s, starting with G.Blonder in his paper “Graphical Passwords”

22 5. SUMMARY Textual passwords with graphical assistance: conventional passwords equipped with graphical capabilities. Improvements over textual passwords: Decouple positions of input from temporal order Larger password space

23 5. SUMMARY Draw-A-Secret (DAS) Scheme: Pictures are easier to remember
Attackers have no knowledge of the distribution of passwords Larger password space Decouple position of inputs from temporal order

24 6. REFERENCES “The Design and Analysis of Graphical Passwords” by Ian Jermyn, Alain Mayer, Fabian Monrose, Michael K.Reiter, Aviel D.Rubin “Graphical passwords” by Leonardo Sobrado, Jean-Camille Birget, Department of Computer Science, Rutgers University “Graphical Dictionaries and the Memorable Space of Graphical Passwords” by Julie Thorpe, P.C. van Oorschot “Human Memory and the Graphical Password” by David Bensinger, Ph.D. “Passwords: the weakest link?” CNET News.com

25 THANK YOU .

Download ppt "The Design and Analysis of Graphical Passwords"

Similar presentations

Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Non-Text Passwords CRyptography Applications Bistro Jessica Greer February 12, 2004.

Non-Text Passwords CRyptography Applications Bistro Jessica Greer February 12, 2004.
Trustworthy Computing in My Mind: A Case Study on Visual Password Shujun Li Visiting Student at VC Group, Microsoft Research Asia Institute of Image Processing.

Trustworthy Computing in My Mind: A Case Study on Visual Password Shujun Li Visiting Student at VC Group, Microsoft Research Asia Institute of Image Processing.
3d ..

3d ..
Chung Man Ho Willims Chow Man Kei Gary Kwok Pak Wai Lion.

Chung Man Ho Willims Chow Man Kei Gary Kwok Pak Wai Lion.
Intro To Secure Comm. Exercise 2. Problem  You wish for your users to access a remote server via user and password.  All of the users have modems and.

Intro To Secure Comm. Exercise 2. Problem  You wish for your users to access a remote server via user and password.  All of the users have modems and.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
1 Pertemuan 04 Pengamanan Akses Sistem Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 04 Pengamanan Akses Sistem Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Apr 4, 2003Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication.

Apr 4, 2003Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication.
Graphical Dictionaries Presentation by Roger Kahn1 Graphical Dictionaries & Memorable Space of Graphical Passwords.

Graphical Dictionaries Presentation by Roger Kahn1 Graphical Dictionaries & Memorable Space of Graphical Passwords.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Kok-Chie Daniel Pu - MSISPM. Wow... Daniel will be presenting a lecture on Graphical Passwords !!!

Kok-Chie Daniel Pu - MSISPM. Wow... Daniel will be presenting a lecture on Graphical Passwords !!!
.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.

.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.
E XPLORING USABILITY EFFECTS OF INCREASING SECURITY IN CLICK - BASED GRAPHICAL PASSWORDS Elizabeth StobertElizabeth Stobert, Alain Forget, Sonia Chiasson,

E XPLORING USABILITY EFFECTS OF INCREASING SECURITY IN CLICK - BASED GRAPHICAL PASSWORDS Elizabeth StobertElizabeth Stobert, Alain Forget, Sonia Chiasson,
GRAPHICAL PASSWORD AUTHENTICATION PRESENTED BY SUDEEP KUMAR PATRA REGD NO-0901223488 Under the guidance of Mrs. Chinmayee Behera.

GRAPHICAL PASSWORD AUTHENTICATION PRESENTED BY SUDEEP KUMAR PATRA REGD NO Under the guidance of Mrs. Chinmayee Behera.
Hash Functions A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M) Principal object is.

Hash Functions A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M) Principal object is.
3D password Umesh ECE.

3D password Umesh ECE.
Process by which a system verifies the identity of a user wishes to access it. Authentication is essential for effective security.

Process by which a system verifies the identity of a user wishes to access it. Authentication is essential for effective security.
Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen.

Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen.
Authentication Key HMAC(MK, “auth”) Server Encryption Key HMAC(MK, “server_enc”) User Password Master Key (MK) Client Encryption Key HMAC(MK, “client_enc”)

Authentication Key HMAC(MK, “auth”) Server Encryption Key HMAC(MK, “server_enc”) User Password Master Key (MK) Client Encryption Key HMAC(MK, “client_enc”)

Similar presentations

Ads by Google