01-01-2011, 12:05 PM
Chhavi Saxena
Hemu Sharma
Mini Saxena
Sonal Chittranshi
[attachment=7842]
ABSTRACT:-
Usable security has unique usability challenges because the need for security often means that standard human-computer-interaction approaches cannot be directly applied. An important usability goal for authentication systems is to support users in selecting better passwords, thus increasing security by expanding the effective password space. In click-based graphical passwords, poorly chosen passwords lead to the emergence of hotspots – portions of the image where users are more likely to select click-points, allowing attackers to mount more successful dictionary attacks.
INTRODUCTION:-
People select predictable passwords. This occurs with both textbased and graphical passwords. Users tend to choose passwords that are memorable in some way, which unfortunately often means that the passwords tend to follow predictable patterns that are easier for attackers to exploit. While the predictability problem can be solved by disallowing user choice and assigning passwords to users, this usually leads to usability issues since users cannot easily remember such random passwords. An authentication system should encourage strong passwords while still maintaining memorability.
PROPOSED WORK:_
Graphical passwords offer an alternative to text-based passwords that is intended to be more memorable and usable because graphical passwords rely on our ability to more accurately remember images than text . Several forms of graphical passwords have been proposed. Our proposed system allows user choice while attempting to influence users to select stronger passwords. It also makes the task of selecting a weak password (easy for attackers to predict) more tedious, in order to discourage users from making such choices. In effect, our scheme makes choosing a more secure password the “path-of-leastresistance”.
In this passwords are created by positioning a “template” over a background image so that the user’s secret areas fall within the cut-out portions of the template. They found that users had difficulty remembering the position of their template and selected similar areas of the images. We focus primarily on click-based graphical passwords. In PassPoints passwords consist of a sequence of five clickpoints on a given image. Users may select any pixels in the image as click-points for their password. To log in, they repeat the sequence of clicks in the correct order. Each click must be within a system-defined tolerance region of the original click-point. It was found that although relatively usable, security concerns remain. The primary security problem is hotspots: different users tend to select similar click-points as part of their passwords. Attackers who gain knowledge of these hotspots through harvesting sample passwords or through automated image processing techniques can build attack dictionaries and more successfully guess PassPoints passwords . A dictionary attack consists of using a list of potential passwords (ideally in decreasing order of likelihood) and trying each on the system in turn to see if it leads to a correct login for a given account. Attacks can target a single account, or can try guessing passwords on a large number of accounts in hopes of breaking into any of them.
To reduce the security impact of hotspots and further improve usability, we proposed an alternative click-based graphical password scheme called Cued Click-Points .
