23-06-2012, 03:57 PM
Graphical Authentication Password System
[attachment=25293]
INTRODUCTION AND BACKGROUND
Statement of the Problem
With portable devices carrying increasingly larger amounts of confidential information, the need to secure these devices against intruders is becoming a serious issue. Unfortunately, with security comes the inconvenience of the authorization process. Using standard text password techniques on mobile devices is less appealing than on regular computers with keyboards because the user must either use handwriting recognition software or the device‟s on-screen keyboard.
Despite these drawbacks, text passwords are still the primary method for authenticating users of mobile devices. With the proliferation of touch sensitive screens and the refinement of visual pattern recognition algorithms, a graphical password scheme would seem to take more advantage of the available hardware and potentially offer a larger password space than its text-based relative. (Dunphy & Yan, 2007)
Technical Introduction
State of the Technology
Several studies have been conducted to determine the feasibility of “click-based,” or graphical, passwords. While some of the results have been promising, a number of drawbacks have been discovered that must be overcome if the technology is ever to be widely used. Namely, graphical passwords take significantly longer to input than text-based passwords when using a computer with a keyboard. (Chaisson, Biddle, & van Oorschot, 2007) If this could be overcome, it would be a significant step towards wider acceptance of the graphical password technique. Another issue is that studies have shown that there are difficulties in defining how points are selected and targeted. One example study used a tolerance level of a 13x13 pixel grid around the center pixel that was selected by the user. A 19x19 pixel tolerance was also tested, but there was no major usability difference between the two sizes. For applications where the screen size is small, it is promising to find that a relatively small tolerance may be acceptable to still attain high password entry success rates. A different approach used a series of polygons centered around strategic points on the picture. This was used because the main problem with grid style selection is that a point can be clicked on the grid border.
Published Body of Knowledge
A Second Look at the Usability of Click-Based Graphical Passwords
Abstract: “[The authors] conducted two user studies: an initial lab study to revisit these usability claims, explore for the first time the impact on usability of a wide-range of images, and gather information about the points selected by users; and a large-scale field study to examine how click-based graphical passwords work in practice.” (Chaisson, Biddle, & van Oorschot, 2007) Click Passwords
Team Tau – Graphical Authentication Password System CMPSC 484 – Senior Project I
Abstract: “[The authors] present a set of algorithms and tools that enable entering passwords on devices with graphical input (touch-pad, stylus, mouse) by clicking on specific pixels of a custom image. As one of the most important features, when entering a password, the user is given limited tolerance for inaccuracy in the selection of pixels. The goal of the proposed click password system is to maximize the password space, while facilitating memorization of entered secrets.” (Kirovski, Jojic, & Roberts) Do Background Images Improve “Draw a Secret” Graphical Passwords?
Abstract: “Draw a secret (DAS) is a representative graphical password scheme. Rigorous theoretical analysis suggests that DAS supports an overall password space larger than that of the ubiquitous textual password scheme. However, recent research suggests that DAS users tend to choose weak passwords, and their choices would render this theoretically sound scheme less secure in real life.” (Dunphy & Yan, 2007)
Current Systems
The hardware and software systems needed to develop and demonstrate our proposal are mostly available through the Computer Science Department. Particularly, touch sensitive displays, which are already available, could be used in addition to purchasing a new mobile device such as a smart phone or PDA. One of these small portable devices could demonstrate how the graphical password technique would work on small display sizes. Currently, Google‟s Android operating system uses a touch screen interface to authenticate users. The user „clicks‟ a series of nine dots in the correct order to unlock his mobile device. The Android authentication screen only has nine possible points to click. The system we are proposing would use a larger number of points (as determined by the user) on a selected image.
Team Tau – Graphical Authentication Password System CMPSC 484 – Senior Project I
December 15, 2008 3
DOCUMENT OBJECTIVES
This document describes at a high level of detail the architecture and intended layout of the proposed Graphical Authentication Password System. It will serve as a guide for a more detailed design document where each high level module from the architecture will be broken down into lower level design components. These components will be at a detail level suitable for implementation.
INTENDED AUDIENCE
Professors Charles Burchard Gary Walker
Peers Team Sigma Team Upsilon Team Phi
Others Future developers
[attachment=25293]
INTRODUCTION AND BACKGROUND
Statement of the Problem
With portable devices carrying increasingly larger amounts of confidential information, the need to secure these devices against intruders is becoming a serious issue. Unfortunately, with security comes the inconvenience of the authorization process. Using standard text password techniques on mobile devices is less appealing than on regular computers with keyboards because the user must either use handwriting recognition software or the device‟s on-screen keyboard.
Despite these drawbacks, text passwords are still the primary method for authenticating users of mobile devices. With the proliferation of touch sensitive screens and the refinement of visual pattern recognition algorithms, a graphical password scheme would seem to take more advantage of the available hardware and potentially offer a larger password space than its text-based relative. (Dunphy & Yan, 2007)
Technical Introduction
State of the Technology
Several studies have been conducted to determine the feasibility of “click-based,” or graphical, passwords. While some of the results have been promising, a number of drawbacks have been discovered that must be overcome if the technology is ever to be widely used. Namely, graphical passwords take significantly longer to input than text-based passwords when using a computer with a keyboard. (Chaisson, Biddle, & van Oorschot, 2007) If this could be overcome, it would be a significant step towards wider acceptance of the graphical password technique. Another issue is that studies have shown that there are difficulties in defining how points are selected and targeted. One example study used a tolerance level of a 13x13 pixel grid around the center pixel that was selected by the user. A 19x19 pixel tolerance was also tested, but there was no major usability difference between the two sizes. For applications where the screen size is small, it is promising to find that a relatively small tolerance may be acceptable to still attain high password entry success rates. A different approach used a series of polygons centered around strategic points on the picture. This was used because the main problem with grid style selection is that a point can be clicked on the grid border.
Published Body of Knowledge
A Second Look at the Usability of Click-Based Graphical Passwords
Abstract: “[The authors] conducted two user studies: an initial lab study to revisit these usability claims, explore for the first time the impact on usability of a wide-range of images, and gather information about the points selected by users; and a large-scale field study to examine how click-based graphical passwords work in practice.” (Chaisson, Biddle, & van Oorschot, 2007) Click Passwords
Team Tau – Graphical Authentication Password System CMPSC 484 – Senior Project I
Abstract: “[The authors] present a set of algorithms and tools that enable entering passwords on devices with graphical input (touch-pad, stylus, mouse) by clicking on specific pixels of a custom image. As one of the most important features, when entering a password, the user is given limited tolerance for inaccuracy in the selection of pixels. The goal of the proposed click password system is to maximize the password space, while facilitating memorization of entered secrets.” (Kirovski, Jojic, & Roberts) Do Background Images Improve “Draw a Secret” Graphical Passwords?
Abstract: “Draw a secret (DAS) is a representative graphical password scheme. Rigorous theoretical analysis suggests that DAS supports an overall password space larger than that of the ubiquitous textual password scheme. However, recent research suggests that DAS users tend to choose weak passwords, and their choices would render this theoretically sound scheme less secure in real life.” (Dunphy & Yan, 2007)
Current Systems
The hardware and software systems needed to develop and demonstrate our proposal are mostly available through the Computer Science Department. Particularly, touch sensitive displays, which are already available, could be used in addition to purchasing a new mobile device such as a smart phone or PDA. One of these small portable devices could demonstrate how the graphical password technique would work on small display sizes. Currently, Google‟s Android operating system uses a touch screen interface to authenticate users. The user „clicks‟ a series of nine dots in the correct order to unlock his mobile device. The Android authentication screen only has nine possible points to click. The system we are proposing would use a larger number of points (as determined by the user) on a selected image.
Team Tau – Graphical Authentication Password System CMPSC 484 – Senior Project I
December 15, 2008 3
DOCUMENT OBJECTIVES
This document describes at a high level of detail the architecture and intended layout of the proposed Graphical Authentication Password System. It will serve as a guide for a more detailed design document where each high level module from the architecture will be broken down into lower level design components. These components will be at a detail level suitable for implementation.
INTENDED AUDIENCE
Professors Charles Burchard Gary Walker
Peers Team Sigma Team Upsilon Team Phi
Others Future developers