08-10-2014, 02:41 PM
DEFENSES AGAINST LARGE SCALE ONLINE PASSWORD
GUESSING ATTACKS BY USING PERSUASIVE CLICK POINTS
[attachment=68910]
Abstract
Usable security has unique usability challenges because the need for security often means that standard
human-computer-interaction approaches cannot be directly applied. An important usability goal for
authentication systems is to support users in selecting better passwords. Users often create memorable
passwords that are easy for attackers to guess, but strong system-assigned passwords are difficult for users to
remember. So researchers of modern days have gone for alternative methods wherein graphical pictures are
used as passwords. Graphical passwords essentially use images or representation of images as passwords.
Human brain is good in remembering picture than textual character. There are various graphical password
schemes or graphical password software in the market. However, very little research has been done to analyze
graphical passwords that are still immature. There for, this project work merges persuasive cued click points
and password guessing resistant protocol. The major goal of this work is to reduce the guessing attacks as well
as encouraging users to select more random, and difficult passwords to guess. Well known security threats like
brute force attacks and dictionary attacks can be successfully abolished using this method
INTRODUCTION
There has been a great deal of hype for
graphical passwords since two decade due to the fact
that primitive’s methods suffered from an
innumerable number of attacks which could be
imposed easily. Here we will progress down the
taxonomy of authentication methods. To start with
we focus on the most common computer
authentication method that makes use of text
passwords. Despite the vulnerabilities, it‟s the user
natural tendency of the users that they will always
prefer to go for short passwords for ease of
remembrance [10] and also lack of awareness
About how attackers tend to attacks. Unfortunately,
these passwords are broken mercilessly by intruders
by several simple means such as masquerading,
Eaves dropping and other rude means say dictionary
attacks, shoulder surfing attacks, social engineering
attacks [10][1].To mitigate the problems with
traditional methods, advanced methods have been
proposed using graphical as passwords. The idea of
graphical passwords first described by Greg
Blonder (1996). For Blonder, graphical
password shaves a predetermined image that the
sequence and the tap regions selected are
interpreted as the graphical password. Since
then, many other graphical password schemes
have been proposed. The desirable quality
associated with graphical passwords is that
psychologically humans can remember graphical
far better than text and hence is the best
alternative being proposed. There is a rapid and
growing interest in graphical passwords for they
are more or infinite in numbers thus providing
more resistance.
The major goal of this work is to reduce
the guessing attacks as well as encouraging users
to select more random, and difficult passwords
to guess.
• Guessing:
Unfortunately, it seems that graphical
passwords are often predictable, a serious problem
typically associated with text-based passwords. More
research efforts are needed to understand the nature
of graphical passwords created by real world users.
• Shoulder Surfing:
Like text based passwords, most of the
graphical passwords are vulnerable to shoulder
surfing. At this point, only a few recognition-based
techniques are designed to
Resist shoulder-surfing
Conclusion and future work
A major advantage of Persuasive cued click
point scheme is its large password space over
alphanumeric passwords. There is a growing interest
for Graphical passwords since they are better than
Text based passwords, although the main argument
for graphical passwords is that people are better at
memorizing graphical passwords than text-based
passwords.
GUESSING ATTACKS BY USING PERSUASIVE CLICK POINTS
[attachment=68910]
Abstract
Usable security has unique usability challenges because the need for security often means that standard
human-computer-interaction approaches cannot be directly applied. An important usability goal for
authentication systems is to support users in selecting better passwords. Users often create memorable
passwords that are easy for attackers to guess, but strong system-assigned passwords are difficult for users to
remember. So researchers of modern days have gone for alternative methods wherein graphical pictures are
used as passwords. Graphical passwords essentially use images or representation of images as passwords.
Human brain is good in remembering picture than textual character. There are various graphical password
schemes or graphical password software in the market. However, very little research has been done to analyze
graphical passwords that are still immature. There for, this project work merges persuasive cued click points
and password guessing resistant protocol. The major goal of this work is to reduce the guessing attacks as well
as encouraging users to select more random, and difficult passwords to guess. Well known security threats like
brute force attacks and dictionary attacks can be successfully abolished using this method
INTRODUCTION
There has been a great deal of hype for
graphical passwords since two decade due to the fact
that primitive’s methods suffered from an
innumerable number of attacks which could be
imposed easily. Here we will progress down the
taxonomy of authentication methods. To start with
we focus on the most common computer
authentication method that makes use of text
passwords. Despite the vulnerabilities, it‟s the user
natural tendency of the users that they will always
prefer to go for short passwords for ease of
remembrance [10] and also lack of awareness
About how attackers tend to attacks. Unfortunately,
these passwords are broken mercilessly by intruders
by several simple means such as masquerading,
Eaves dropping and other rude means say dictionary
attacks, shoulder surfing attacks, social engineering
attacks [10][1].To mitigate the problems with
traditional methods, advanced methods have been
proposed using graphical as passwords. The idea of
graphical passwords first described by Greg
Blonder (1996). For Blonder, graphical
password shaves a predetermined image that the
sequence and the tap regions selected are
interpreted as the graphical password. Since
then, many other graphical password schemes
have been proposed. The desirable quality
associated with graphical passwords is that
psychologically humans can remember graphical
far better than text and hence is the best
alternative being proposed. There is a rapid and
growing interest in graphical passwords for they
are more or infinite in numbers thus providing
more resistance.
The major goal of this work is to reduce
the guessing attacks as well as encouraging users
to select more random, and difficult passwords
to guess.
• Guessing:
Unfortunately, it seems that graphical
passwords are often predictable, a serious problem
typically associated with text-based passwords. More
research efforts are needed to understand the nature
of graphical passwords created by real world users.
• Shoulder Surfing:
Like text based passwords, most of the
graphical passwords are vulnerable to shoulder
surfing. At this point, only a few recognition-based
techniques are designed to
Resist shoulder-surfing
Conclusion and future work
A major advantage of Persuasive cued click
point scheme is its large password space over
alphanumeric passwords. There is a growing interest
for Graphical passwords since they are better than
Text based passwords, although the main argument
for graphical passwords is that people are better at
memorizing graphical passwords than text-based
passwords.