Presentation is loading. Please wait.

Presentation is loading. Please wait.

Kok-Chie Daniel Pu - MSISPM. Wow... Daniel will be presenting a lecture on Graphical Passwords !!!

Published byCharlotte Sparks Modified over 9 years ago

Similar presentations

Presentation on theme: "Kok-Chie Daniel Pu - MSISPM. Wow... Daniel will be presenting a lecture on Graphical Passwords !!!"— Presentation transcript:

1 Kok-Chie Daniel Pu - MSISPM

2 Wow... Daniel will be presenting a lecture on Graphical Passwords !!!

3 Definition of Graphical Passwords A graphical password is a secret that a human user inputs to a computer with the aid of the computers’ graphical input (e.g., mouse, stylus, or touch screen) and output devices. [01]

4 Example – Slot Machine !!! Has human user input. There is high user acceptance. Graphical passwords (i.e. icons, pictures) What are the problems here?

5 Background / History Information and computer security is dependent on passwords for the authentication of human users. As presented in previous lectures, common methods include text passwords, biometrics and etc.

6 Background / History Main drawback of passwords is the password problem. What is this password problem ? –Passwords should be easy to remember. –User authentication protocol should be executed quickly and easily by humans. –Passwords should be secure (random, hard to guess and not in plain text). [02]

7 Background / History Graphical passwords may be a solution to the password problem. The idea of graphical passwords was pioneered by Greg Blonder who also holds the US patent 5559961 (1996). His idea – is to let the user click (with a mouse or stylus) on a few chosen (pre- designed) regions in (pre-processed) an image that appears on the screen. [03]

8 Passwords: Text vs Graphical

9 Text Passwords: Alpha-numeric passwords guidelines –At least 8 characters long. –Should not be easy to relate to the user (e.g. last name, birth date). –Should not be a word that can be found in a dictionary or public dictionary. –Should combine upper and lower case letters and digits. [04]

10 Text Passwords: Examples: –DiNoSaUr (by alternating upper and lower case). –rUaSoNiD (by reversing the string). –oSNaiUDr (by shuffling the string). –D9n6s7u3 (combining numbers and letters). [05]

11 Text Passwords: Vulnerabilities –Shoulder surfing (watching a user log on as they type their password). –Dictionary attacks (using L0phtCrack or Jack the Ripper). –User may forget the password if it is too long and complicated.

12 Graphical Passwords: Advantages –Human brains can process graphical images easily. –Examples include places we visited, faces of people and things we have seen. –Difficult to implement automated attacks (such as dictionary attacks) against graphical passwords. [06]

13 Graphical Passwords: Disadvantages –Shoulder surfing problem. Countermeasures –Existing schemes limit usage of graphical passwords to handhelds or workstations where only one person is able to view the screen at the time of login. [07]

14 What’s Next ?

15 Research papers & applications A Password Scheme Strongly Resistant to Spyware. Picture Password: A Visual Login Technique for Mobile Devices. Passfaces. On User Choice in Graphical Password Schemes.

16 A Password Scheme Strongly Resistant to Spyware Spyware is one of the biggest threat to computer security. Spyware gathers information about users and their computer systems without their permissions and send these lucrative information to parties who installed the spyware. It is an arms race for the counter spyware vendors.

17 A Password Scheme Strongly Resistant to Spyware This research focuses on deploying a login screen that is divided into 121 grid, 11 rows and 11 columns. When a new user creates a password, he chooses all 121 icons from an icon library on the server. User determines 4 pass icons. Each icon has 4 variations. [08]

18 A Password Scheme Strongly Resistant to Spyware

19 Password system will lead the user going through the 4 pass icons to set up the password. User will choose a string and enters the string beneath the variation. Strings are chosen to relate to some events in the user’s life. [09]

20 A Password Scheme Strongly Resistant to Spyware

21

22 Once the password is created, the password system will display a summary which can be printed for the users’ reference. In average, it took one person 15 minutes from creating the password to using it fluently. [10]

23 A Password Scheme Strongly Resistant to Spyware

24 Picture Password NIST – National Institute of Standards and Technology. A Visual Login Technique for Mobile Devices. (NISTIR 7030) Focuses on devices such as PDAs and possibly cell phones. Uses images in a matrix similar to a keypad. [11]

25 Picture Password

26

27 Organizational policies must enforce password expiration. This is to prevent / reduce the opportunities for attackers to crack the passwords. If password reuse is required, the image sequence must generate completely new password values. [12]

28 Picture Password

29 NIST Secure Hash Algorithm is used to compute the cryptographic hash and results in a 20-byte binary value. The value matrix maps selected thumbnails to their underlying alphabet values. This scheme matches the capabilities and limitations of the handheld devices. [13]

30 Passfaces Passfaces (formerly known as Real User Corporation) is an information security technology company based in Annapolis, Maryland. Commercial application leverages the brain’s innate cognitive ability to recognize human faces. [14]

31 Passfaces

32 Logon Process: –Users are asked to pick their assigned Passfaces from a 3 x 3 grids containing one Passface and 8 decoys. –The faces appear in random positions within the grid each time. –This process is repeated until each of the assigned Passfaces is identified. [15]

33 Passfaces

34

35 User Choice in Graphical Password Schemes Darren Davis and Fabian Monrose (John Hopkins University) and Micheal Reiter (Carnegie Mellon University). Strength of graphical passwords based on users’ selections. Face and story schemes were chosen for this research. [16]

36 User Choice in Graphical Password Schemes Face scheme was modeled after the commercial Passfaces where users select a collection of faces to make the password. Story scheme requires a sequence of images to tell a story. Experiment was conducted at two universities with 154 subjects in 2003. [17]

37 User Choice in Graphical Password Schemes Subjects used graphical passwords to access homework, grades, homework solutions, course reading materials and etc. At the end of the semester, these students were given a survey to describe: –Why they picked the faces they did (for Face) or their chosen stories (for Story) and some demographic information about themselves. [18]

38 User Choice in Graphical Password Schemes Studies show that people agree about the attractiveness of both adults and children, even across different cultures. Individuals are better able to recognize faces of people from their own race than faces of people from other races. [19]

39 User Choice in Graphical Password Schemes

40

41 Exit surveys (Face) confirmed the following:

42 User Choice in Graphical Password Schemes Exit surveys (Story) confirmed the following:

43 User Choice in Graphical Password Schemes Conclusions of the study: –User choice of passwords is not a good method. –Limits should be imposed on the number of incorrect password guesses. –Educate the users on better approaches to select passwords. –Graphical passwords (faces or story) must be easy to remember. [20]

44 The End

45 Questions ???

46 References for Graphical Password Lecture: [01] Fabian Monrose and Michael Reiter Chapter 9 - Security and Usability [02] The Graphical Passwords Project Funded by the NSF CyberTrust Project Co-PIs: J.C. Birget (Rutgers-Camden), D. Hong (Rutgers-Camden), N. Memon (Brooklyn Polytechnic), S.Man (SW Minn. State), S. Wiedenbeck (Drexel) [03] The Graphical Passwords Project Funded by the NSF CyberTrust Project Co-PIs: J.C. Birget (Rutgers-Camden), D. Hong (Rutgers-Camden), N. Memon (Brooklyn Polytechnic), S.Man (SW Minn. State), S. Wiedenbeck (Drexel) [04]Graphical Passwords Leonardo Sobrado and Jean-Camille Birget Department of Computer Science, Rutgers University [05]Graphical Passwords Leonardo Sobrado and Jean-Camille Birget Department of Computer Science, Rutgers University [06]Graphical Passwords Leonardo Sobrado and Jean-Camille Birget Department of Computer Science, Rutgers University [07]Graphical Passwords Leonardo Sobrado and Jean-Camille Birget Department of Computer Science, Rutgers University [08]A Password Scheme Strongly Resistant to Spyware Dawei Hong (Rutgers University), ShuShuang Man & Barbra Hawes (Southwest Minnesota State University), Manton Matthews (University of South Carolina). [09]A Password Scheme Strongly Resistant to Spyware Dawei Hong (Rutgers University), ShuShuang Man & Barbra Hawes (Southwest Minnesota State University), Manton Matthews (University of South Carolina). [10]A Password Scheme Strongly Resistant to Spyware Dawei Hong (Rutgers University), ShuShuang Man & Barbra Hawes (Southwest Minnesota State University), Manton Matthews (University of South Carolina).

47 [11]NIST National Institute of Standards and Technology - NISTIR 7030 Picture Password: A Visual Login Technique for Mobile Devices. [12]NIST National Institute of Standards and Technology - NISTIR 7030 Picture Password: A Visual Login Technique for Mobile Devices. [13]NIST National Institute of Standards and Technology - NISTIR 7030 Picture Password: A Visual Login Technique for Mobile Devices. [14]Passfaces as a Countermeasure for Phishing and Malware Passfaces_countermeasures.pdf www.passfaces.com [15]Passfaces Technology Overview Passfaces%20Tech%200verview.pdf www.passfaces.com [16] On User Choice in Graphical Password Schemes Darren Davis and Fabian Monrose (John Hopkins University) and Micheal Reiter (Carnegie Mellon University) [17] On User Choice in Graphical Password Schemes Darren Davis and Fabian Monrose (John Hopkins University) and Micheal Reiter (Carnegie Mellon University) [18] On User Choice in Graphical Password Schemes Darren Davis and Fabian Monrose (John Hopkins University) and Micheal Reiter (Carnegie Mellon University) [19] On User Choice in Graphical Password Schemes Darren Davis and Fabian Monrose (John Hopkins University) and Micheal Reiter (Carnegie Mellon University) [20] On User Choice in Graphical Password Schemes Darren Davis and Fabian Monrose (John Hopkins University) and Micheal Reiter (Carnegie Mellon University) All South Park Characters are copyrighted and belong to their creators at South Park Studios.

Download ppt "Kok-Chie Daniel Pu - MSISPM. Wow... Daniel will be presenting a lecture on Graphical Passwords !!!"

Similar presentations

The quest to replace passwords Evangelos Markatos Based on a paper by Joseph Bonneau,Cormac Herley, Paul C. van Oorschot, and Frank Stajanod.

The quest to replace passwords Evangelos Markatos Based on a paper by Joseph Bonneau,Cormac Herley, Paul C. van Oorschot, and Frank Stajanod.
Welcome to the Award Winning Easiest to Use & Most Advanced View, Manage, and Control Security, Access Control, Video, Energy & Lighting Systems, & Critical.

Welcome to the Award Winning Easiest to Use & Most Advanced View, Manage, and Control Security, Access Control, Video, Energy & Lighting Systems, & Critical.
Password Cracking Lesson 10. Why crack passwords?

Password Cracking Lesson 10. Why crack passwords?
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
Security Security comes in three forms. 1.Encryption – making data and information transmitted by one person unintelligible to anyone other than the intended.

Security Security comes in three forms. 1.Encryption – making data and information transmitted by one person unintelligible to anyone other than the intended.
Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks A Paper by Hristo Bojinov, Daniel Sanchez, Paul Reber,

Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks A Paper by Hristo Bojinov, Daniel Sanchez, Paul Reber,
Duress Detection for Authentication Attacks Against Multiple Administrators Emil Stefanov UC Berkeley Mikhail Atallah Purdue University.

Duress Detection for Authentication Attacks Against Multiple Administrators Emil Stefanov UC Berkeley Mikhail Atallah Purdue University.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
Use Your Illusion: Secure Authentication Usable Anywhere Eiji Hayashi Nicolas Christin Rachna Dhamija Adrian Perrig Carnegie Mellon CyLab Japan.

Use Your Illusion: Secure Authentication Usable Anywhere Eiji Hayashi Nicolas Christin Rachna Dhamija Adrian Perrig Carnegie Mellon CyLab Japan.
Trustworthy Computing in My Mind: A Case Study on Visual Password Shujun Li Visiting Student at VC Group, Microsoft Research Asia Institute of Image Processing.

Trustworthy Computing in My Mind: A Case Study on Visual Password Shujun Li Visiting Student at VC Group, Microsoft Research Asia Institute of Image Processing.
3d ..

3d ..
3D-password A more secured authentication G.Suresh babu Roll no:08H71A05C2 Computer science & engineering Mic college of technology Guide:Mrs A.Jaya Lakshmi.

3D-password A more secured authentication G.Suresh babu Roll no:08H71A05C2 Computer science & engineering Mic college of technology Guide:Mrs A.Jaya Lakshmi.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
Usable Privacy and Security Carnegie Mellon University Spring 2007 Cranor/Hong 1 Authentication and access control.

Usable Privacy and Security Carnegie Mellon University Spring 2007 Cranor/Hong 1 Authentication and access control.
User Authentication Rachna Dhamija Human Centered Computing Course December 6, 1999 Image Recognition in.

User Authentication Rachna Dhamija Human Centered Computing Course December 6, 1999 Image Recognition in.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Sun Grid Engine Grid Computing Assignment – Fall 2005 James Ruff Senior Department of Mathematics and Computer Science Western Carolina University.

Sun Grid Engine Grid Computing Assignment – Fall 2005 James Ruff Senior Department of Mathematics and Computer Science Western Carolina University.
Graphical Passwords with Integrated Trustworthy Interface TIPPI Workshop June 19, 2006 Patricia Lareau V P Product Management.

Graphical Passwords with Integrated Trustworthy Interface TIPPI Workshop June 19, 2006 Patricia Lareau V P Product Management.
CAPTCHA Prabhakar Verma “08MC30”.

CAPTCHA Prabhakar Verma “08MC30”.
Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.

Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.

Similar presentations

Ads by Google