Sunteți pe pagina 1din 26

Authors:

Xiaoyuan Suo, Ying Zhu and G. Scott. Owen

Presented by: Lin Jie


 Introduction
 Overview of the Authentication Methods
 The survey

◦ Recognition Based Techniques


◦ Recall Based Techniques
 Discusssion
◦ Security
◦ Usability
 Conclusion
 Introduction
 Overview of the Authentication Methods
 The survey

◦ Recognition Based Techniques


◦ Recall Based Techniques
 Discusssion
◦ Security
◦ Usability
 Conclusion
 How about text-based passwords ?
◦ Difficulty of remembering passwords
 easy to remember -> easy to guess
hard to guess -> hard to remember

◦ Users tend to write passwords down or use the


same passwords for different accounts

 An alternative: Graphical Passwords


◦ Psychological studies: Human can remember
pictures better than text
 If the number of possible pictures is sufficiently
large, the possible password space may exceed
that of text-based schemes, thus offer better
resistance to dictionary attacks.

 can be used to:


◦ workstation
◦ web log-in application
◦ ATM machines
◦ mobile devices
 Conduct a comprehensive survey of the
existing graphical password techniques

 Discuss the strengths and limitations of


each method

 Point out future research directions


 Introduction
 Overview of the Authentication Methods
 The survey

◦ Recognition Based Techniques


◦ Recall Based Techniques
 Discusssion
◦ Security
◦ Usability
 Conclusion
 Token based authentication
◦ key cards, band cards, smart card, …

 Biometric based authentication


◦ Fingerprints, iris scan, facial recognition, …

 Knowledge based authentication


◦ text-based passwords, picture-based passwords,

◦ most widely used authentication techeniques
 Introduction
 Overview of the Authentication Methods
 The survey

◦ Recognition Based Techniques


◦ Recall Based Techniques
 Discusssion
◦ Security
◦ Usability
 Conclusion
 Recognition Based Techniques
◦ a user is presented with a set of images and the
user passes the authentication by recognizing and
identifying the images he selected during the
registration stage

 Recall Based Techniques


◦ A user is asked to reproduce something that he
created or selected earlier during the registration
stage
 Introduction
 Overview of the Authentication Methods
 The survey

◦ Recognition Based Techniques


◦ Recall Based Techniques
 Discusssion
◦ Security
◦ Usability
 Conclusion
 Dhamija and Perrig Scheme
Pick several pictures out of many choices, identify them
later
in authentication.

◦ using Hash Visualization, which,


given a seed, automatically
generate a set of pictures
◦ take longer to create graphical
passwords

password space: N!/K! (N-K)!


( N-total number of pictures; K-number of pictures selected as passwords)
 Sobrado and Birget Scheme
System display a number of pass-objects (pre-selected by
user) among many other objects, user click inside the
convex hull bounded by pass-objects.

◦ authors suggeated using 1000


objects, which makes the display
very crowed and the objects almost
indistinguishable.

password space: N!/K! (N-K)!


( N-total number of picture objects; K-number of pre-registered objects)
 Other Schemes

Using human faces as password

Select a sequence of
images as password
 Introduction
 Overview of the Authentication Methods
 The survey

◦ Recognition Based Techniques


◦ Recall Based Techniques
 Discusssion
◦ Security
◦ Usability
 Conclusion
 Draw-A-Secret (DAS) Scheme
User draws a simple picture on a 2D grid, the coordinates of the
grids occupied by the picture are stored in the order of drawing

 redrawing has to touch the


same grids in the same
sequence in authentication
 user studies showed the

drawing sequences is hard to


Remember
 “PassPoint” Scheme
User click on any place on an image to create a password. A
tolerance
around each chosen pixel is calculated. In order to be authenticated,
user must click within the tolerances in correct sequence.

 can be hard to remember the


sequences

Password Space: N^K


( N -the number of pixels or smallest
units of a picture, K - the number of
Point to be clicked on )
 Other Schemes

Grid Selection Scheme

Signature Scheme
Using images with random
tracks of geometric graphical
shapes

Using distorted images


to prevent revealing of
passwords
 Introduction
 Overview of the Authentication Methods
 The survey

◦ Recognition Based Techniques


◦ Recall Based Techniques
 Discusssion
◦ Security
◦ Usability
 Conclusion
 Is a graphical password as secure as text-based
passwords?
◦ text-based passwords have a password space of 94^N
(94 – number of printable characters, N- length of passwords).

Some graphical password techniques can compete: Draw-A-Secret Scheme,


PassPoint Scheme.

◦ Brute force search / Dictionary attacks


The attack programs need to automatically generate accurate mouse motion
to imitate human input, which is more difficult compared to text passwords.

◦ Guessing
◦ Social engineering
◦ …
 Introduction
 Overview of the Authentication Methods
 The survey

◦ Recognition Based Techniques


◦ Recall Based Techniques
 Discusssion
◦ Security
◦ Usability
 Conclusion
 Pictures are easier to remember than text
strings

 Password registration and log-in process


take too long

 Require much more storage space than text


based passwords
 Introduction
 Overview of the Authentication Methods
 The survey

◦ Recognition Based Techniques


◦ Recall Based Techniques
 Discusssion
◦ Security
◦ Usability
 Conclusion
 main argument for graphical passwords:
people are better at memorizing graphical passwords than
text-based passwords

 It is more difficult to break graphical passwords


using the traditional attack methods such
as:burte force search, dictionary attack or
spyware.

 Not yet widely used, current graphical password


techniques are still immature
 Questions?

S-ar putea să vă placă și