08-06-2012, 05:02 PM
Authentication Schemes for Session Passwords using Color and Images
Authentication Schemes for Session Passwords using Color and Images.pdf (Size: 634.22 KB / Downloads: 84)
INTRODUCTION
The most common method used for authentication is textual password. The vulnerabilities of
this method like eves dropping, dictionary attack, social engineering and shoulder surfing are
well known. Random and lengthy passwords can make the system secure. But the main
problem is the difficulty of remembering those passwords. Studies have shown that users tend
to pick short passwords or passwords that are easy to remember. Unfortunately, these
passwords can be easily guessed or cracked. The alternative techniques are graphical passwords
and biometrics. But these two techniques have their own disadvantages. Biometrics, such as
finger prints, iris scan or facial recognition have been introduced but not yet widely adopted.
The major drawback of this approach is that such systems can be expensive and the
identification process can be slow. There are many graphical password schemes that are
proposed in the last decade. But most of them suffer from shoulder surfing which is becoming
quite a big problem. There are graphical passwords schemes that have been proposed which are
resistant to shoulder-surfing but they have their own drawbacks like usability issues or taking
more time for user to login or having tolerance levels. Personal Digital Assistants are being
used by the people to store their personal and confidential information like passwords and PIN
numbers. Authentication should be provided for the usage of these devices.
RELATED WORK
Dhamija and Perrig[1] proposed a graphical authentication scheme where the user has
to identify the pre-defined images to prove user’s authenticity. In this system, the user selects a
certain number of images from a set of random pictures during registration. Later, during login
the user has to identify the pre selected images for authentication from a set of images as shown
in figure 1. This system is vulnerable to shoulder-surfing.
NEW AUTHENTICATION SCHEMES
Authentication technique consists of 3 phases: registration phase, login phase and verification
phase. During registration, user enters his password in first method or rates the colors in the
second method. During login phase, the user has to enter the password based on the interface
displayed on the screen. The system verifies the password entered by comparing with content of
the password generated during registration.
Hybrid Textual Authentication Scheme
During registration, user should rate colors as shown in figure 9. The User should rate colors
from 1 to 8 and he can remember it as “RLYOBGIP”. Same rating can be given to different
colors. During the login phase, when the user enters his username an interface is displayed
based on the colors selected by the user. The login interface consists of grid of size 8×8. This
grid contains digits 1-8 placed randomly in grid cells. The interface also contains strips of colors
as shown in figure 10. The color grid consists of 4 pairs of colors. Each pair of color represents
the row and the column of the grid.
SECURITY ANALYSIS
As the interface changes every time, the session password changes. This technique is resistant to
shoulder surfing. Due to dynamic passwords, dictionary attack is not applicable. Hidden camera
attacks are not applicable to PDAs because it is difficult to capture the interface in the PDAs.
Dictionary Attack: These are attacks directed towards textual passwords. Here in this attack,
hacker uses the set of dictionary words and authenticate by trying one word after one. The
Dictionary attacks fails towards our authentication systems because session passwords are used
for every login.
