1 / 25

The Design and Analysis of Graphical Passwords

The Design and Analysis of Graphical Passwords. Ian Jermyn New York University. Alain Mayer, Fabian Monrose, Michael K.Reiter Bell Labs, Lucent Technologies. Aviel D.Rubin AT&T Labs-Research. Presenter : Ta Duy Vuong taduyvuo@comp.nus.edu.sg. OUTLINE. Introduction

lara-mays
Download Presentation

The Design and Analysis of Graphical Passwords

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. The Design and Analysis of Graphical Passwords Ian Jermyn New York University Alain Mayer, Fabian Monrose, Michael K.Reiter Bell Labs, Lucent Technologies Aviel D.Rubin AT&T Labs-Research Presenter : Ta Duy Vuong taduyvuo@comp.nus.edu.sg

  2. OUTLINE • Introduction • Textual Passwords with Graphical Assistance • Purely Graphical Passwords • Other graphical password scheme • Summary • References

  3. 1.INTRODUCTION • Passwords: method of choice for user authentication. • In practice, passwords are susceptible to attacks. • Exploit features of graphical input displays to achieve better security.

  4. 1.INTRODUCTION • Used for any devices with graphical input display • Primarily for PDAs: Palm Pilot, HP iPAQ,…

  5. 1.INTRODUCTION • Observation: temporal order & position • Textual password input via keyboard: • Graphical password simplepass 123456789

  6. 2.TEXT WITH GRAPHICAL ASSISTANCE GRAPHICAL PASSWORD TEXTUAL PASSWORD WITH GRAPHICAL ASSISTANCE DRAW-A-SECRET SCHEME

  7. 2.TEXT WITH GRAPHICAL ASSISTANCE • Use textual passwords augmented by some graphical capabilities. • Aim: to decouple temporal order & position of input.

  8. Conventional 2.TEXT WITH GRAPHICAL ASSISTANCE • Example: password is “tomato”. • Usual way of input:

  9. 2.TEXT WITH GRAPHICAL ASSISTANCE With graphical assistance

  10. 2.TEXT WITH GRAPHICAL ASSISTANCE • Formally: • k : number of characters in password • A : set of allowed characters • m : number of positions (m>=k) • Textual : f = {1,…,k}  A • Graphical : f’ = {1,…,k}  A x {1,…,m}

  11. 2.TEXT WITH GRAPHICAL ASSISTANCE • One k-character conventional password yields: m!/(m-k)! graphical passwords Ex: Password is “ILoveNus” • k=8 (characters) • Choose m=10 (positions)  approximately 1.8 x 106graphical passwords

  12. 3.DRAW-A-SECRET (DAS) SCHEME GRAPHICAL PASSWORD TEXTUAL PASSWORD WITH GRAPHICAL ASSISTANCE DRAW-A-SECRET SCHEME

  13. 3.DRAW-A-SECRET (DAS) SCHEME 3.1 Introduction • Password is picture drawn on a grid. • Users freed from having to remember alphanumeric string. • What is good about picture-based password?

  14. 3.DRAW-A-SECRET (DAS) SCHEME 3.2 Password input (2,2) (3,2) (3,3) (2,3) (2,2) (2,1) (5,5) (5,5) is pen-up indicator

  15. Sequence of coordinates of password P Hashed using SHA-1 Key k Derived to make keys Triple-DES 3.DRAW-A-SECRET (DAS) SCHEME 3.3 Encryption Tool for PDA • Use Triple-DES to encrypt/decrypt data stored on PDA Process of making keys for Triple-DES

  16. Sequence of coordinates P Sequence of coordinates P’ Hashed using SHA-1 Hashed using SHA-1 Key k Key k’ Ek(P) restult=Dk’(Ek(P)) Store Ek(P) ressult = P ?? Process of setting password Process of verifying password 3.DRAW-A-SECRET (DAS) SCHEME 3.3 Encryption Tool for PDA

  17. 3.DRAW-A-SECRET (DAS) SCHEME 3.4 Security of the DAS Scheme • Textual passwords are susceptible to attacks because: • Users do not choose passwords uniformly. • Attackers have significant knowledge about the • distribution of user passwords (users often choose passwords based their own name…) • information about gross properties (words in English dictionary are likely to be chosen)

  18. 3.DRAW-A-SECRET (DAS) SCHEME 3.4 Security of the DAS Scheme • Knowledge about the distribution of user password is essential to adversary. • DAS scheme gives no clues about user choice of passwords. • Harder to collect data on PDAs than networked computers.

  19. 3.DRAW-A-SECRET (DAS) SCHEME 3.4 Security of the DAS Scheme • Size of Password space: • Lmax P : password • ∏(Lmax,G) = ∑ P(L,G) Grid size GxG • L=1 L : length of password • Lmax : maximum length of password • l=L N: number of strokes • P(L,G) = ∑ P(L-l,G)N(lG) l : length of stoke • l=1 • N(l,G) = ∑ n(x,y,l,G) n : number of strokes of length l • (x,y)∈[1..G]x[1..G](x,y) : ending cell

  20. 3.DRAW-A-SECRET (DAS) SCHEME 3.4 Security of the DAS Scheme • New password scheme cannot be proven better than old scheme because of human factor ! • However, above table shows raw size of graphical password space surpasses that of textual passwords.

  21. 4. Another graphical password scheme • To login, user is required to click within the circled red regions (chosen when created the password) in this picture. The choice for the four regions is arbitrary • Known since the mid 1990s, starting with G.Blonder in his paper “Graphical Passwords”

  22. 5. SUMMARY • Textual passwords with graphical assistance: conventional passwords equipped with graphical capabilities. • Improvements over textual passwords: • Decouple positions of input from temporal order • Larger password space

  23. 5. SUMMARY • Draw-A-Secret (DAS) Scheme: • Pictures are easier to remember • Attackers have no knowledge of the distribution of passwords • Larger password space • Decouple position of inputs from temporal order

  24. 6. REFERENCES • “The Design and Analysis of Graphical Passwords” by Ian Jermyn, Alain Mayer, Fabian Monrose, Michael K.Reiter, Aviel D.Rubin • “Graphical passwords” by Leonardo Sobrado, Jean-Camille Birget, Department of Computer Science, Rutgers University • “Graphical Dictionaries and the Memorable Space of Graphical Passwords” by Julie Thorpe, P.C. van Oorschot • “Human Memory and the Graphical Password” by David Bensinger, Ph.D. • “Passwords: the weakest link?” CNET News.com

  25. THANK YOU .

More Related