18-01-2013, 03:37 PM
A Secure Recognition Based Graphical Password by Watermarking
A Secure Recognition Based Graphical Password.pdf (Size: 314.8 KB / Downloads: 49)
Abstract-
One of the most important topics in information
security today is user authentication. There is a good security
when using the text-based strong password schemes but often
memorizing the password is so difficult and users writing
them down on a piece of paper or saving inside the computer.
There is an alternative solution to the text-based
authentication which is the GUA (Graphical User
Authentication) or simply Graphical Password based on the
fact that humans tend to remember images better. This type
of interface provides an easy to create and remember
passwords for the users. However, one big issue that is
plaguing GUA is shoulder surfing attack that can capture the
users mouse clicks and image gallery attack that can change
the images of the gallery with physical attack. In this paper,
we will propose a new algorithm that using watermarking
technique as the solution to solving image gallery attacks and
using the random character set generation for each image for
resistance to shoulder surfing attack to provide better system
security. All the information images in registration phase will
be process by copy right protection of watermarking where
the login page will check this information for security
purposes. Here, we will evaluate and analyze six types of the
more common graphical password attack methods.
Keywords– Graphical Password, Recognition Based
Algorithm, Authentication Security, Shoulder surfing, image
gallery attack, Watermarking
INTRODUCTION
The term “Picture Superiority Effect” coined by
researchers to describe Graphical-Based Passwords (GBP)
reflects the effect of GBP’s as a solution to conventional
password techniques. Furthermore, such a term
underscores the impact of GBP’s in that the “effect” is on
account of the fact that graphics and texts are easier to
commit to memory than conventional password
techniques.
Initially, the concept of Graphical User Authentication
(GUA) (Graphical Password or Graphical Image
Authentication (GIA)) described by Blonder [6], one
image would appear on the screen whereupon the user
would click on a few chosen regions of the image. If the
user clicked in the correct regions then the user would be
authenticated. Memorability of passwords and the
efficiency of input images are two major key human
factors. Memorability has two perspectives:
• The process of selecting and the encoding of the
password by the user.
• Defining the task that user has to undertake to retrieve
the password.
The graphical user authentication (GUA) system requires a
user to select a memorable image. Such a selection of
memorable images would depend on the nature of the
image itself and the specific sequence of click locations.
Images with meaningful content will support the user’s
memorability.
RELATED WORKS
Most of articles from 1995 till 2010 describe that
Graphical Authentication Techniques are categorised into
three groups:
A. Pure Recall Based
Users reproduce their passwords, without having the
chance to use the reminder marks of system. Although
easy and convenient, it appears that users do not quite
remember their passwords. Table 1 shows some of the
algorithms which were created based on this technique[1].
This paper is supported by Research University Grant (RUG) in
University Technology Malaysia (UTM-J-13-01/25.10/3/02H07 (1))
2011 11th IEEE International Conference on Computer and Information
Here, the system provides a framework of reminders, hints
and gestures for the users to reproduce their passwords or
make a reproduction that would be much more accurate.
Table 2 lists some of the algorithms which were created
based on this technique[1].
Table 2: Cued Recall Based Techniques Ordered by Date
Here, users select pictures, icons or symbols from a bank
of images. During the authentication process, the users
have to recognize their registration choice from a grid of
image. Research has shown that “90% of users can
remember their password after one or two months”[2].
Table 3 shows some of the algorithms which were created
based on this technique[1].
Table 3: Recognition Based Techniques Ordered by Date
Algorithm Proposed
Most of the research show that most of the users are not
adept at drawing graphical passwords in Recall based
category and also for recall based algorithm we need to use
mouse or drawing input devices. On the other side,
regarding to previous research around 90% of users can
remember their password after one or two months, so the
main focus of this research is on the recognition based
category. In the following section the recognition GUA’s
algorithms will review and study[2-3].
1. Evaluations
Regarding to previous research, the graphical password
authentications are vulnerable to five attacks which are
“Brute Force”, “Dictionary”, “Spyware”; “Shoulder
Surfing” and “Social Engineering” attacks. This section
defines attacks of GUA from CAPEC standard 2010 and
explains each of them[4].
GRAPHICAL PASSWORD ATTACKS
A. Brute Force Attack
This type of attack uses an algorithm that produces every
possible combination of words to break the password.
Text-based password contains 94^N number of space
where 94 is the number of printable characters (including
space) and N is the length. This type of attack has always
proven successful against text-based password because of
its ability to check all possibility within the length of the
password. As such, users are advised to select a stronger
and complex password to prevent discovery from brute
force attack (Eiji Hayashi, 2008). However, GUA proves
to be more resistant to brute force attacks since the attack
software needs to produce all possible mouse motions to
imitate passwords especially when trying to recall the
graphical passwords. One of the reasons that helped is the
large password space present in most graphical passwords
techniques which is not available in the textual variant[5].