15-10-2010, 10:26 AM
[attachment=6108]
Introduction
The Dramatic increase of computer usage has given rise to many security concerns. One major security concern is authentication, which is the process of validating who you are to whom you claimed to be. The password is a very common and widely authentication method still used up to now but because of the huge advance in the uses of computer in many applications as data transfer, sharing data, login to emails or internet, some drawbacks of normal password appear like stolen the password, forgetting the password, week password, etc so a big necessity to have a strong authentication way is needed to secure all our applications as possible, so researches come out with advanced password called multiple password techniques where they tried to improve the password techniques and avoid the weakness of normal password. ( Sobrado and Birget, 2007), today, many networks, computer systems and Internet-based environments used this technique to authenticate their users. The vulnerabilities of this technique have been well known generally. Dictionary attack is the commonly method used by hackers to break or crack the alphanumeric password, such attack is very efficient mechanism because its only need a little time to discover the users passwords. Another major drawback of this method is the difficulty of remembering the passwords. Recent studies (Dhamija et al, 2000) showed that humans are only capable to memorize a limited number of passwords, because of this syndrome, they often to write down, share and use the same passwords for different current account. Graphical password techniques have been proposed as an alternative to conventional based techniques. It has been designed to overcome the known weakness of conventional password. It also designed to make the passwords more memorable, easier for people to use and therefore more secure. Based on the two assumptions; first, humans can remember pictures better than alphanumeric characters and second, a picture worth a thousand passwords.
As known generally, the main drawbacks for the current graphical password schemes are the shoulder-surfing problem and usability problem. Even though graphical passwords are difficult to guess and break, if someone direct observe during the password enter sessions, he/she probably figure out the password by guessing it randomly. Nevertheless, the issue of how to design the authentication systems which have both the security and usability elements is yet another example of what making the challenge of Human Computer Interaction (HCI) and security communities. Even though the main argument for graphical passwords is that humans are better at memorizing graphical passwords than conventional passwords, the existing user studies are very limited and there is not yet convincing the fact to support this argument. We have found that the existing recognition base graphical passwords schemes does not have attractive usability features for the users which mean that the usability features needed to be studied more and develop more usable systems for the Graphical Password.
Current authentication systems suffer from many weaknesses. The vulnerabilities of the textual password have been well known. Users tend to pick short passwords or passwords that are easy to remember, which makes the passwords unprotected for attackers to break. Furthermore, textual password is vulnerable to guessing, dictionary attack, key-loggers, and social engineering, shoulder surfing, hidden-camera and spy ware attacks. To conquer the limitations of text-based password, techniques such as two-factor authentication and graphical password have been put in use. Other than that, applications and input devices such as mouse, stylus and touch-screen that permit make the appearance of the graphical user authentication techniques possible.
However, they are mostly vulnerable to shoulder-surfing as well. Passwords possess many useful properties as well as widespread legacy deployment; consequently we can expect their use for the foreseeable future. Unfortunately, today’s standard methods for password input are subject to a variety of attacks based on observation, from casual eavesdropping (shoulder surfing), to more exotic methods. Shoulder-surfing attack occurs when using direct observation techniques, such as looking over someone's shoulder, to get passwords, PINs and other sensitive personal information. As well as when a user enters information using a keyboard, mouse, touch screen or any traditional input device, a malicious observer may be able to acquire the user’s password credentials.
A collection of usability features will be implemented in the multiple password prototype to be more usable for the users where this usability set includes more secure, the easy of use, memorize, creation, learning and satisfaction. Finally we propose a new multiple password authentications scheme.
