Spyware prevention using graphical passwords

Devaki Kranthi Kumar, U Vinod Kumar

Abstract


our future work will be based on Click-based graphical password schemes require a user to click on a set of points on one or more presented background images. With the Pass Points and to create users to a password by clicking five ordered points anywhere on the given image.  CaRP addresses a number of security problems altogether, such as online guessing attacks, relay attacks, and, if combined with dual-view technologies, shoulder-surfing attacks. Notably, a CaRP password can be found only probabilistically by automatic online guessing attacks even if the password is in the search set. To log in, users must correctly the repeated sequence of clicks, with each click falling within the acceptable tolerance of original point. To implemented this aspect, along with a scheme converting the user-entered graphical password into a cryptographic verification key and “robust discretization†scheme. It consisted of three overlapping grids (invisible to the user) used to determine whether the click-points are login attempt were close enough to the original points to be accepted.

 


Keywords


Graphical password, password, hotspots, CaRP, Captcha, dictionary attack, password guessing attack, security primitive

References


R. Biddle, S. Chiasson, and P. C. van Oorschot, “Graphical passwords:Learning from the first twelve years,†ACM Comput. Surveys, vol. 44,no. 4, 2012.

(2012, Feb.). The Science Behind Passfaces [Online]. Available:http://www.realuser.com/published/ScienceBehindPassfaces.pdf

I. Jermyn, A. Mayer, F. Monrose, M. Reiter, and A. Rubin, “The designand analysis of graphical passwords,†in Proc. 8th USENIX SecuritySymp., 1999, pp. 1–15.

H. Tao and C. Adams, “Pass-Go: A proposal to improve the usability ofgraphical passwords,†Int. J. Netw. Security, vol. 7, no. 2, pp. 273–292,2008.

S. Wiedenbeck, J. Waters, J. C. Birget, A. Brodskiy, and N. Memon,“PassPoints: Design and longitudinal evaluation of a graphical passwordsystem,†Int. J. HCI, vol. 63, pp. 102–127, Jul. 2005.

P. C. van Oorschot and J. Thorpe, “On predictive models and userdrawngraphical passwords,†ACM Trans. Inf. Syst. Security, vol. 10,no. 4, pp. 1–33, 2008.

K. Golofit, “Click passwords under investigation,†in Proc. ESORICS,2007, pp. 343–358.

A. E. Dirik, N. Memon, and J.-C. Birget, “Modeling user choice in thepasspoints graphical password scheme,†in Proc. Symp. Usable PrivacySecurity, 2007, pp. 20–28.

J. Thorpe and P. C. van Oorschot, “Human-seeded attacks and exploitinghot spots in graphical passwords,†in Proc. USENIX Security, 2007,pp. 103–118.

P. C. van Oorschot, A. Salehi-Abari, and J. Thorpe, “Purely automatedattacks on passpoints-style graphical passwords,†IEEE Trans. Inf.Forensics Security, vol. 5, no. 3, pp. 393–405, Sep. 2010.

P. C. van Oorschot and J. Thorpe, “Exploiting predictability in clickbasedgraphical passwords,†J. Comput. Security, vol. 19, no. 4,pp. 669–702, 2011.

T. Wolverton. (2002, Mar. 26). Hackers Attack eBay Accounts[Online]. Available: http://www.zdnet.co.uk/news/networking/2002/03/

/hackers-attack-ebay-accounts-2107350/

HP TippingPoint DVLabs, Vienna, Austria. (2010). Top Cyber SecurityRisks Report, SANS Institute and Qualys Research Labs [Online].Available: http://dvlabs.tippingpoint.com/toprisks2010

B. Pinkas and T. Sander, “Securing passwords against dictionaryattacks,†in Proc. ACM CCS, 2002, pp. 161–170.

P. C. van Oorschot and S. Stubblebine, “On countering online dictionaryattacks with login histories and humans-in-the-loop,†ACM Trans. Inf.Syst. Security, vol. 9, no. 3, pp. 235–258, 2006.

M. Alsaleh, M. Mannan, and P. C. van Oorschot, “Revisitingdefenses against large-scale online password guessing attacks,†IEEETrans. Dependable Secure Comput., vol. 9, no. 1, pp. 128–141,Jan./Feb. 2012.

L. von Ahn, M. Blum, N. J. Hopper, and J. Langford, “CAPTCHA:Using hard AI problems for security,†in Proc. Eurocrypt, 2003,pp. 294–311.

S. Chiasson, P. C. van Oorschot, and R. Biddle, “Graphical passwordauthentication using cued click points,†in Proc. ESORICS, 2007,pp. 359–374.

S. Chiasson, A. Forget, R. Biddle, and P. C. van Oorschot, “Influencingusers towards better passwords: Persuasive cued click-points,†in Proc.Brit. HCI Group Annu. Conf. People Comput., Culture, Creativity,Interaction, vol. 1. 2008, pp. 121–130.

D. Davis, F. Monrose, and M. Reiter, “On user choice in graphicalpassword schemes,†in Proc. USENIX Security, 2004, pp. 1–11.[21] R. Dhamija and A. Perrig, “Déjà Vu: A user study using images forauthentication,†in Proc. 9th USENIX Security, 2000, pp. 1–4.

D. Weinshall, “Cognitive authentication schemes safe against spyware,â€in Proc. IEEE Symp. Security Privacy, May 2006, pp. 300–306.

P. Dunphy and J. Yan, “Do background images improve ‘Draw a Secret’graphical passwords,†in Proc. ACM CCS, 2007, pp. 1–12.

P. Golle, “Machine learning attacks against the Asirra CAPTCHA,†inProc. ACM CCS, 2008, pp. 535–542.

B. B. Zhu et al., “Attacks and design of image recognition CAPTCHAs,â€in Proc. ACM CCS, 2010, pp. 187–200.

J. Yan and A. S. El Ahmad, “A low-cost attack on a Microsoft CAPTCHA,†in Proc. ACM CCS, 2008, pp. 543–554.

G. Mori and J. Malik, “Recognizing objects in adversarial clutter,â€in Proc. IEEE Comput. Society Conf. Comput. Vis. Pattern Recognit.,Jun. 2003, pp. 134–141.


Full Text: PDF [FULL TEXT]

Refbacks

  • There are currently no refbacks.


Copyright © 2013, All rights reserved.| ijseat.com

Creative Commons License
International Journal of Science Engineering and Advance Technology is licensed under a Creative Commons Attribution 3.0 Unported License.Based on a work at IJSEat , Permissions beyond the scope of this license may be available at http://creativecommons.org/licenses/by/3.0/deed.en_GB.

Â