presented by: lin jie authors: xiaoyuan suo, ying zhu and g. scott. owen

26
Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen

Upload: christal-alexia-johns

Post on 12-Jan-2016

219 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen

Presented by: Lin Jie

Authors:

Xiaoyuan Suo, Ying Zhu and G. Scott. Owen

Page 2: Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen

Introduction Overview of the Authentication Methods The survey

◦ Recognition Based Techniques◦ Recall Based Techniques

Discusssion◦ Security◦ Usability

Conclusion

Page 3: Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen

Introduction Overview of the Authentication Methods The survey

◦ Recognition Based Techniques◦ Recall Based Techniques

Discusssion◦ Security◦ Usability

Conclusion

Page 4: Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen

How about text-based passwords ?◦ Difficulty of remembering passwords

easy to remember -> easy to guess hard to guess -> hard to remember

◦ Users tend to write passwords down or use the same passwords for different accounts

An alternative: Graphical Passwords◦ Psychological studies: Human can remember

pictures better than text

Page 5: Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen

If the number of possible pictures is sufficiently large, the possible password space may exceed that of text-based schemes, thus offer better resistance to dictionary attacks.

can be used to:◦ workstation◦ web log-in application◦ ATM machines◦ mobile devices

Page 6: Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen

Conduct a comprehensive survey of the existing graphical password techniques

Discuss the strengths and limitations of each method

Point out future research directions

Page 7: Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen

Introduction Overview of the Authentication Methods The survey

◦ Recognition Based Techniques◦ Recall Based Techniques

Discusssion◦ Security◦ Usability

Conclusion

Page 8: Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen

Token based authentication◦ key cards, band cards, smart card, …

Biometric based authentication◦ Fingerprints, iris scan, facial recognition, …

Knowledge based authentication◦ text-based passwords, picture-based passwords,

…◦ most widely used authentication techeniques

Page 9: Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen

Introduction Overview of the Authentication Methods The survey

◦ Recognition Based Techniques◦ Recall Based Techniques

Discusssion◦ Security◦ Usability

Conclusion

Page 10: Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen

Recognition Based Techniques◦ a user is presented with a set of images and the

user passes the authentication by recognizing and identifying the images he selected during the registration stage

Recall Based Techniques◦ A user is asked to reproduce something that he

created or selected earlier during the registration stage

Page 11: Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen

Introduction Overview of the Authentication Methods The survey

◦ Recognition Based Techniques◦ Recall Based Techniques

Discusssion◦ Security◦ Usability

Conclusion

Page 12: Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen

Dhamija and Perrig SchemePick several pictures out of many choices, identify them

laterin authentication.

◦ using Hash Visualization, which, given a seed, automatically generate a set of pictures◦ take longer to create graphicalpasswords

password space: N!/K! (N-K)!( N-total number of pictures; K-number of pictures selected as passwords)

Page 13: Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen

Sobrado and Birget Scheme System display a number of pass-objects (pre-selected by

user) among many other objects, user click inside the convex hull bounded by pass-objects.

◦ authors suggeated using 1000 objects, which makes the display very crowed and the objects almostindistinguishable.

password space: N!/K! (N-K)!( N-total number of picture objects; K-number of pre-registered objects)

Page 14: Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen

Other Schemes

Using human faces as password

Select a sequence of images as password

Page 15: Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen

Introduction Overview of the Authentication Methods The survey

◦ Recognition Based Techniques◦ Recall Based Techniques

Discusssion◦ Security◦ Usability

Conclusion

Page 16: Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen

Draw-A-Secret (DAS) SchemeUser draws a simple picture on a 2D grid, the coordinates of

the grids occupied by the picture are stored in the order of

drawing

redrawing has to touch thesame grids in the same sequence in authentication user studies showed the drawing sequences is hard to Remember

Page 17: Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen

“PassPoint” SchemeUser click on any place on an image to create a password. A

tolerance around each chosen pixel is calculated. In order to be authenticated, user must click within the tolerances in correct sequence.

can be hard to remember the sequences

Password Space: N^K( N -the number of pixels or smallest units of a picture, K - the number ofPoint to be clicked on )

Page 18: Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen

Other Schemes

Grid Selection Scheme

Signature Scheme

Page 19: Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen

Using distorted images to prevent revealing of passwords

Using images with random tracks of geometric graphical shapes

Page 20: Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen

Introduction Overview of the Authentication Methods The survey

◦ Recognition Based Techniques◦ Recall Based Techniques

Discusssion◦ Security◦ Usability

Conclusion

Page 21: Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen

Is a graphical password as secure as text-based passwords?◦ text-based passwords have a password space of 94^N (94 – number of printable characters, N- length of passwords).

Some graphical password techniques can compete: Draw-A-Secret Scheme, PassPoint Scheme.

◦ Brute force search / Dictionary attacksThe attack programs need to automatically generate accurate mouse motionto imitate human input, which is more difficult compared to text passwords.

◦ Guessing ◦ Social engineering◦ …

Page 22: Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen

Introduction Overview of the Authentication Methods The survey

◦ Recognition Based Techniques◦ Recall Based Techniques

Discusssion◦ Security◦ Usability

Conclusion

Page 23: Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen

Pictures are easier to remember than text strings

Password registration and log-in process take too long

Require much more storage space than text based passwords

Page 24: Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen

Introduction Overview of the Authentication Methods The survey

◦ Recognition Based Techniques◦ Recall Based Techniques

Discusssion◦ Security◦ Usability

Conclusion

Page 25: Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen

main argument for graphical passwords: people are better at memorizing graphical passwords than text-based passwords

It is more difficult to break graphical passwords using the traditional attack methods such as:burte force search, dictionary attack or spyware.

Not yet widely used, current graphical password techniques are still immature

Page 26: Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen

Questions?