A novel hybrid password authentication scheme based on text and image

Considering the popularity and wide deployment of text passwords, we predict that they will be used as a prevalent authentication mechanism for many years to come. Thus, we have carried out studies on mechanisms to enhance text passwords. These studies suggest that password space and memorability should be improved, with an additional mechanism based on images. The combination of text and images increases resistance to some password attacks, such as brute force and observing attacks. We propose a hybrid authentication scheme integrating text and recognition-based graphical passwords. This authentication scheme can reduce the phishing attacks because if users are deceived to share their key passwords, there is still a chance to save the complete password as attackers do not know the users' image preferences. In addition to the security aspect, the proposed authentication scheme increases memorability as it does not require users to remember long and complex passwords. Thus, with the proposed scheme users will be able to create strong passwords without sacrificing usability. The hybrid scheme also offers an enjoyable sign-in/log-in experience to users

Novel Schemes for Authentication

Authentication is one of the most basic process to provide security to any resource and application from unauthorized access. It covers two security goals confidentiality and integrity. Passwords are used as private identity for an individual. The password also has to be protected from several threats like stealing, shoulder surfing, eavesdropping and guessing. The most common method used for user Authentication is textual password using alphanumeric usernames and alphanumeric passwords. The issues which should be kept in mind while choosing a password is the how strong the password is and how good it is to memorize. Sometimes the stronger passwords are not easier to remember and easier passwords are not so secure. One more criteria for a good password, that should satisfy is, the password should be easy to type, such that any intruder, if any, is there beside you should not be able guess it or any camera behind you can’t capture the actual movements. To overcome the drawbacks of traditional textual schemes the new methods like graphical passwords are used. The easiness in remembering them and a strong resistance towards the brute force and dictionary attacks made them more popular. In this project, we have concentrated to protect our password from the above threats and to develop a system which has a strong resistant to above stated threats. We have implemented a varying password scheme which provides a better resistant to shoulder surfing, eavesdropping and guessing. This is an untraditional approach to use a not very complex and not very strong password in unsafe environments like public places. We have implemented the virtual keyboard and to make it more effective we are using multilingual keys. And also a hybrid system is designed by mixing three schemes: textual passwords, Recognition based passwords and Recall based password. All three are working together to remove the drawbacks of each scheme

Ubic: Bridging the gap between digital cryptography and the physical world

Advances in computing technology increasingly blur the boundary between the digital domain and the physical world. Although the research community has developed a large number of cryptographic primitives and has demonstrated their usability in all-digital communication, many of them have not yet made their way into the real world due to usability aspects. We aim to make another step towards a tighter integration of digital cryptography into real world interactions. We describe Ubic, a framework that allows users to bridge the gap between digital cryptography and the physical world. Ubic relies on head-mounted displays, like Google Glass, resource-friendly computer vision techniques as well as mathematically sound cryptographic primitives to provide users with better security and privacy guarantees. The framework covers key cryptographic primitives, such as secure identification, document verification using a novel secure physical document format, as well as content hiding. To make a contribution of practical value, we focused on making Ubic as simple, easily deployable, and user friendly as possible.Comment: In ESORICS 2014, volume 8712 of Lecture Notes in Computer Science, pp. 56-75, Wroclaw, Poland, September 7-11, 2014. Springer, Berlin, German

An Advanced Knowledge Based Graphical Authentication Framework with Guaranteed Confidentiality and Integrity

The information and security systems largely rely on passwords,which remain the fundamental part of any authentication process. The conventional authentication method based on alphanumerical username and password suffer from significant disadvantages. The graphical password-based authentication system has recently been introduced as an effective alternative. Although the graphical schemes effectively generate the passwords with better flexibility and enhanced security, the most common problem with this is the shoulder surfing attack. This paper proposes an effective 3D graphical password authentication system to overcome such drawbacks. The system is based on the selection of click points for generating passwords. The proposed work involved a training phase for evaluating the model in terms of the success rate. The overall evaluations of the model in terms of password entropy, password space, login success rates, and prediction probability in the shoulder surfing and guessing attacks proved that the model is more confidential and maintains a higher range of integrity than the other existing models

Ray's Scheme: Graphical Password Based Hybrid Authentication System for Smart Hand Held Devices

Passwords provide security mechanism for authentication and protection services against unwanted access to resources. One promising alternatives of textual passwords is a graphical based password. According to human psychology, human can easily remember pictures. In this paper, I have proposed a new hybrid graphical password based system. The system is a combination of recognition and pure recall based techniques and that offers many advantages over the existing systems and may be more convenient for the user. My approach is resistant to shoulder surfing attack and many other attacks on graphical passwords. This scheme is proposed for smart hand held devices (like smart phones i.e. PDAs, ipod, iphone, etc) which are more handy and convenient to use than traditional desktop computer systems. Keywords: smart phones, graphical passwords, authentication, network securit

A Hybrid Graphical User Authentication Scheme in Mobile Cloud Computing Environments

User authentication is a critical security requirement for accessing resources in cloud computing systems. A text-based password is a standard user authentication way and it is still extensively used so far. However, textual passwords are difficult to remember, which forces users to write it down and compromise security. In recent years, graphical user authentication methods have been proposed as an alternative way used to verify the identity of users. The most critical challenges cloud-computing users face is to post their sensitive data on external servers that are not directly under their control and that can be used or managed by other people. This paper proposes a question-based hybrid graphical user authentication scheme for portable cloud-computing environments. The proposed scheme comprises advantages over both recognition- and recall-based techniques without storing any sensitive information on cloud servers. The experimental study and survey have been conducted to investigate the user satisfaction about the performance and usability aspects of the proposed scheme. The study results show that the proposed scheme is secure, easy to use, and immune to potential password attacks such as brute force password guessing attacks and shoulder surfing attack