Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jawaharlal Nehru National College of Engineering, Shimoga – 577204 Department of Computer Science & Engineering Technical Seminar on, Under the guidance.

Published byKristin Jacobs Modified over 8 years ago

Similar presentations

Presentation on theme: "Jawaharlal Nehru National College of Engineering, Shimoga – 577204 Department of Computer Science & Engineering Technical Seminar on, Under the guidance."— Presentation transcript:

1 Jawaharlal Nehru National College of Engineering, Shimoga – 577204 Department of Computer Science & Engineering Technical Seminar on, Under the guidance of, Mrs. Sowmya Mrs. Sowmya D B.E., M.Tech., Asst. Prof. Dept. of CS&E,JNNCE Presented ByBhavatarini.N 1 st semester, M.Tech. Coordinator, Dr. R Sanjeev Kunte Dr. R Sanjeev Kunte B.E., M.Tech., Ph.D Professor. Dept. of CS&E,JNNCE

2 Authentication is basic step of information security. Textual passwords used to authenticate are prone to eves dropping, dictionary attacks, etc. Graphical passwords are believed to be more secure than textual passwords, but they are also susceptible for many attacks such as shoulder surfing. To solve this problem, text can be combined with images or colors to generate session passwords for authentication, or one or more authentication schemes may be combined forming hybrid authentication schemes, which provide more security, reliability than traditional schemes. ABSTRACT

3 CONTENTS  Password  Authentication  Graphical passwords  Classification of graphical passwords  Hybrid authentication schemes

4 Password

5 AUTHENTICATION Required for authenticating in order to provide access to something(resource, object). PASSWORD PROVIDE ACCESS Password Ideal Password > >> >

6 < Password Ideal Password Authentication > >> >

7 Authentication

8 Classifications Of Authentication Methods < Authentication Classifications Drawbacks > >> >

9 Drawbacks Alphanumeric  Easily remembered or difficult to guess but not both.  Vulnerable to shoulder surfing. Biometric  Expensive  Increases login time.  Entire device may become useless incase of a surgery or an accident changing the biometric feature. < Classifications Drawbacks Graphical Passwords > >> >

10 Graphical Passwords

11 An authentication system that works by having the user select from images, in a specific order, presented in a graphical user interface (GUI). Also called as graphical user authentication (GUA) < Graphical Passwords Graphical Passwords Graphical passwords > >> >

12  It is Promising alternative to conventional password based authentication systems.  Uses pictures instead of textual alternative.  Easier to remember  User friendly  Increases the level of security < Graphical Passwords Graphical Passwords Hierarchy of Graphical passwords > >> >

13 Graphical Passwords RECALL BASED CUED RECALL BASED RECOGNITION BASED < Graphical Passwords Hierarchy of Graphical Passwords Recall Based Systems > >> >

14 Recall Based Systems

15 Draw-a-Secret (DAS) Algorithm < Recall Based Systems DAS algorithm Disadvantages > >> > (2,2), (3,2), (3,3), (2,3), (2,2), (2,1), (5, 5)

16 Disadvantages User finds difficulty in recalling the stroke order Weak passwords are susceptible to graphical dictionary attack. Susceptible to shoulder surfing and guessing attack. < DAS algorithm Disadvantages Cued Recall Based Systems > >> >

17 Cued Recall Based Systems

18 Blonder Algorithm < Cued Recall Based Systems Blonder Algorithm Blonder Algorithm > >> > Password is created by having the user click on several locations on an image. The image can assist users to recall their passwords Prone to guessing attack

19 Disadvantages : password space is relatively small < Blonder Algorithm Blonder Algorithm Recognition Based Technique > >> >

20 Recognition Based Technique

21 Recognition is easier than recall. “I know you but I forgot your name” < Recognition Based Technique Recognition Based Technique Dharmija and Perrig Technique > >> >

22 Dhamija and Perrig Technique Disadvantage: prone to shoulder surfing. < Recognition Based Technique Dharmija and Perrig Technique Passface algorithm > >> >

23 Passface Algorithm < Shoulder-Surfing Passface Algorithm Hybrid Authentication > >> >

24 Technique is based on the assumption that people can recall human faces easier than other pictures. Disadvantages : requires more time Some obvious patterns were found Prone to shoulder surfing and guessing attacks

25 Hybrid Authentication Schemes

26 Hybrid Authentication Scheme Combination of two or more authentication scheme Shape,colors and text  Used in Personal digital assistants (PDA)  Used to provide secure authentication during E-transaction < Hybrid Authentication Hybrid Authentication Pair Based Authentication > >> >

27 Pair Based Authentication Scheme

28 Pair based authentication scheme 1AJRH7 0K9IQG 3BOCP6 ZL4ST2 MYWD5F 8XNVEU Login:< Pair Based Authentication Pair Based Authentication Hybrid Textual Authentication > >> >

29 < Pair Based Authentication Pair Based Authentication Hybrid Textual Authentication > >> > STEP 1: If the password considered is SACHIN46 Example: STEP 2: Consider the password selected in pairs. SACHIN46 STEP 3: Search for the letter which is in the intersection of the pair of letters, considering the row of first letter and column of second letter

30 1AJRH7 0K9IQG 3BOCP6 ZL4ST2 MYWD5F 8XNVEU Login:< Pair Based Authentication Pair Based Authentication Hybrid Textual Authentication > >> > SACHIN46

31 1AJRH7 0K9IQG 3BOCP6 ZL4ST2 MYWD5F 8XNVEU < Pair Based Authentication Pair Based Authentication Hybrid Textual Authentication > >> > LPV2

32 Hybrid Textual Authentication Scheme

33 Registration phase Enter the username Rate the colors 12345678 < Hybrid Textual Authentication Hybrid Textual Authentication Hybrid Textual Authentication > >> >

34 34 685271 12345678 157831426 286423157 335647812 423568741 572154683 614782365 741276538 868315274 Login: < Hybrid Textual Authentication Hybrid Textual Authentication Secure E-transaction > >> >

35 34 685271 12345678 157831426 286423157 335647812 423568741 572154683 614782365 741276538 868315274 5 < Hybrid Textual Authentication Hybrid Textual Authentication Secure E-transaction > >> >

36 Hybrid Authentication Scheme For Secure E-transaction

37 Hybrid Authentication Scheme For Secure E-Transaction 3 step process Resistant to phishing attack, shoulder surfing and guessing attacks. Used to provide secured and reliable authentication procedure for E-Transactions. < Secure E-transaction Secure E-transaction Registration Algorithm > >> >

38 Registration algorithm 1. Enter Username (Ur) (If exists Enter New Username) {Ur: It is a set of characters.} 2. Now user selects the desired text password (Tr). {Tr: It is a set alphabets, characters and etc.} 3. Draw a Secret (DASr) for producing recall based password. {DASr: It is combination of Dot Pattern produce by user.} < Secure E-Transaction Registration Algorithm Registration Algorithm > >> >

39 4. User selects the images (Ir) from the various categories of images for recognition based password. {Ir: It is a set of images selected for authentication by user in a definite order} 5. Registration complete. < Registration Algorithm Registration Algorithm Authentication Algorithm > >> >

40 Authentication algorithms 1. Enter Username (Ua) (If not valid enter valid username.) {Ua: It is the username given during registration.} 2. Now user enters the text password (Ta). (If not verified enter valid text password) {Ta: Text password selected during registration.} 3. Draw the DASa. {DASa: It is combination of Dot Pattern produced by the user during registration.} < Registration Algorithm Authentication Algorithm Authentication Algorithm > >> >

41 4. Selects the images (Ia) from the various categories of images for recognition based password. {Ia: It is a set of images selected during registration by user in a definite order.} 5. If successful then, 6. Authentication Complete < Authentication Algorithm Authentication Algorithm Based On Shape And Text > >> >

42 A Hybrid Password Authentication Scheme Based On Shape And Text

43 BASIC IDEA Map the shape from strokes and grids to text. Shape Text < Based On Shape And Text Basic Idea Notations > >> >

44 Notations U: The set of elements appeared in the grid in the interface. V: Input passwords vector, which consists of elements in U. |V|: Size of the V. It also represents the length of the input passwords, or the strokes’ size. g: the size of the grid. S: Shape of the password. |S|: Number of strokes of the password < Basic Idea Notations Password Set Interface > >> >

45 Password Set Interface < Notations Password Set Interface Password Set Procedure > >> >

46 Password Set Procedure < Password Set Interface Password Set Procedure Original Stroke > >> >

47 Original Stroke On The Interface < Password Set Procedure Original Stroke Different Input Style > >> >

48 Different input style < Original Stroke Different Input Style Security Analysis > >> >

49 Security Analysis

50 Brute Force Attack Produces every combination of password Text based passwords contain 94 ˄ N number of space where 94->number of printable characters, N -> length Almost proven successful against text passwords Hybrid authentication schemes are resistant to brute force attack. < Security Analysis Brute Force Attack Dictionary Attack > >> >

51 Dictionary attack Generally directed towards textual passwords. It is a method of breaking into a password protected system by systematically entering every word in a dictionary as password. Dictionary attack has no effect on hybrid authentication scheme because of the session passwords. < Brute Force Attack Dictionary Attack Guessing Attack > >> >

52 Guessing attack Mechanism in which passwords are guessed. Text passwords are sometimes easy to guess Guessing attacks fails in case of hybrid authentication schemes. < Dictionary Attack Guessing Attack Shoulder Surfing Attack > >> >

53 Shoulder Surfing Attack Passwords are identified by looking over a person’s shoulder. Common in crowded places Both text and graphical passwords are vulnerable. Hybrid authentication scheme is resistant and hence can be used in e-transactions < Guessing Analysis Shoulder Surfing Attack Conclusion > >> >

54 Conclusion

55 < < Conclusion Conclusion Currently many schemes and techniques are available for authentication. There is a growing interest in using pictures as passwords rather than text passwords. The major advantage of the hybrid authentication scheme is that, it is a secure authentication system for E- transaction, and for PDAs. In fact, this particular system needs not to be depended on any elements like cards or human parts etc. for authenticating the user. It increases the reliability, accuracy, security and also the memorability of the system. Conclusion

56

Download ppt "Jawaharlal Nehru National College of Engineering, Shimoga – 577204 Department of Computer Science & Engineering Technical Seminar on, Under the guidance."

Similar presentations

A Comprehensive Study of the Usability of multiple Graphical Passwords SoumChowdhury (Presenter) Ron Poet Lewis Mackenzie 1 School of Computing Science.

A Comprehensive Study of the Usability of multiple Graphical Passwords SoumChowdhury (Presenter) Ron Poet Lewis Mackenzie 1 School of Computing Science.
Access Control Methodologies

Access Control Methodologies
Non-Text Passwords CRyptography Applications Bistro Jessica Greer February 12, 2004.

Non-Text Passwords CRyptography Applications Bistro Jessica Greer February 12, 2004.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Use Your Illusion: Secure Authentication Usable Anywhere Eiji Hayashi Nicolas Christin Rachna Dhamija Adrian Perrig Carnegie Mellon CyLab Japan.

Use Your Illusion: Secure Authentication Usable Anywhere Eiji Hayashi Nicolas Christin Rachna Dhamija Adrian Perrig Carnegie Mellon CyLab Japan.
Trustworthy Computing in My Mind: A Case Study on Visual Password Shujun Li Visiting Student at VC Group, Microsoft Research Asia Institute of Image Processing.

Trustworthy Computing in My Mind: A Case Study on Visual Password Shujun Li Visiting Student at VC Group, Microsoft Research Asia Institute of Image Processing.
3d ..

3d ..
3D-password A more secured authentication G.Suresh babu Roll no:08H71A05C2 Computer science & engineering Mic college of technology Guide:Mrs A.Jaya Lakshmi.

3D-password A more secured authentication G.Suresh babu Roll no:08H71A05C2 Computer science & engineering Mic college of technology Guide:Mrs A.Jaya Lakshmi.
Password Authentication Using Hopfield Neural Networks Shouhong Wang; Hai Wang Systems, Man, and Cybernetics, Part C: Applications and Reviews, IEEE Transactions.

Password Authentication Using Hopfield Neural Networks Shouhong Wang; Hai Wang Systems, Man, and Cybernetics, Part C: Applications and Reviews, IEEE Transactions.
User Authentication Rachna Dhamija Human Centered Computing Course December 6, 1999 Image Recognition in.

User Authentication Rachna Dhamija Human Centered Computing Course December 6, 1999 Image Recognition in.
Your Interactive Guide to the Digital World Discovering Computers 2012 Chapter 10 Managing a Database.

Your Interactive Guide to the Digital World Discovering Computers 2012 Chapter 10 Managing a Database.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Living in a Digital World Discovering Computers 2010.

Living in a Digital World Discovering Computers 2010.
Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.

Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.
Graphical Dictionaries Presentation by Roger Kahn1 Graphical Dictionaries & Memorable Space of Graphical Passwords.

Graphical Dictionaries Presentation by Roger Kahn1 Graphical Dictionaries & Memorable Space of Graphical Passwords.
How to Login into SSA ?. Home Page https://ssa.mahindrasatyam.com Click on My Profile.

How to Login into SSA ?. Home Page Click on My Profile.
Geoff Lacy. Outline  Definition  Technology  Types of biometrics Fingerprints Iris Retina Face Other ○ Voice, handwriting, DNA  As an SA.

Geoff Lacy. Outline  Definition  Technology  Types of biometrics Fingerprints Iris Retina Face Other ○ Voice, handwriting, DNA  As an SA.
Security systems need to be able to distinguish the “white hats” from the “black hats”. This all begins with identity. What are some common identifiers.

Security systems need to be able to distinguish the “white hats” from the “black hats”. This all begins with identity. What are some common identifiers.
Text passwords Hazim Almuhimedi. Agenda How good are the passwords people are choosing? Human issues The Memorability and Security of Passwords Human.

Text passwords Hazim Almuhimedi. Agenda How good are the passwords people are choosing? Human issues The Memorability and Security of Passwords Human.

Similar presentations

Ads by Google