Abstract :- :-
The most common computer authentication method
is to use alphanumerical usernames and passwords. This method has been shown to
have significant drawbacks. For example, users tend to pick passwords that can
be easily guessed. On the other hand, if a password is hard to guess, then it
is often hard to remember.
To address this problem, some
researchers have developed authentication methods that use pictures as
passwords. In this paper, we conduct a comprehensive survey of the existing
graphical password techniques. We classify these techniques into two
categories: recognition-based and recall-based approaches. We discuss the
strengths and limitations of each method and point out the future research
directions in this area.
We also try to answer two important
questions: “Are graphical passwords as secure as text-based passwords?”; “What
are the major design and implementation issues for graphical passwords”. In
this paper , we are conducting a comprehensive survey of existing graphical
image password authentication techniques. Also we are here proposing a new
technique for graphical authentication.
Overview Of The Authentication Methods
Current
authentication methods can be divided into three main areas:
• Token
based authentication
• Knowledge
based authentication
Token
based techniques, such as key cards, bank cards and smart cards are widely
used. Many token-based authentication systems also use knowledge based
techniques to enhance security. For example, ATM cards are generally used
together with a PIN number.
Biometric
based authentication techniques, such as fingerprints, iris scan, or facial
recognition, are not yet widely adopted. The major drawback of this approach is
that such systems can be expensive, and the identification process can be slow
and often unreliable. However, this type of technique provides he highest level
of security.
Knowledge based techniques are the most
widely used authentication techniques and include both text-based and
picture-based passwords. The picture-based techniques can be further divided into two categories:
recognition-based and recall-based graphical techniques. Using
recognition-based techniques, a user is presented with a set of images and the
user passes the authentication by recognizing and identifying the images he or
she selected during the registration stage. Using recall-based techniques, a
user is asked to reproduce something that he or she created or selected earlier
during the registration stage.
Recognition Based
Techniques
Dhamija
and Perrig proposed a graphical
authentication scheme based on the HashVisualization technique . In their
system, the user is asked to select a certain number of images from a set of random pictures generated by a program
. Later, the user will be required to identify the pre selected images in order
to be authenticated. The results showed that 90% of all participants succeeded
in the authentication using this technique, while only 70% succeeded using
text-based passwords and PINS. The average log-in time, however, is longer than
the traditional approach. A weakness of this system is that the server needs to
store the seeds of the portfolio images of each user in plain text. Also, the
process of selecting a set of pictures from the picture database can be tedious
and time consuming for the user.
Conclusion
The
past decade has seen a growing interest in using graphical passwords as an
alternative to the traditional text-based passwords. In this paper, we have
conducted a comprehensive survey of existing graphical password techniques. The
current graphicalpassword techniques can be classified into two categories:
recognition-based and recall-based techniques.
Although
the main argument for graphical passwords is that people are better at
memorizing graphical passwords than text-based passwords, the existing user
studies are very limited and there is not yet convincing evidence to support
this argument. Our preliminary analysis suggests that it is more difficult to
break graphical passwords using the traditional attack methods such as brute
force search, dictionary attack, or spyware. However, since there is not yet
wide deployment of graphical password systems, the vulnerabilities of graphical
passwords are still not fully understood.
0 comments:
Post a Comment