Measuring the revised guessability of graphical passwords

There is no widely accepted way of measuringthe level of security of a recognition-based graphical password against guessing attacks. We aim to address this by examining the influence of predictability of user choice on the guessability and proposing a new measure of guessability. Davis et al. showed that these biases exist for schemes using faces and stories, we support this result and show these biases exist in other recognition-based schemes. In addition, we construct an attack exploiting predictability, which we term “Semantic Ordered Guessing Attack” (SOGA). We then apply this attack to two schemes (the Doodles scheme and a standard recognition-based scheme using photographic images) and report the results. The results show that predictability when users select graphical passwords influence the level of security to a varying degree (dependent on the distractor selection algorithm). The standard passimages scheme show an increase on guessability of up to 18 times more likely than the usual reported guessability, with a similar set up of nine images per screen and four screens, the doodles scheme shows a successful guessing attack is 3.3 times more likely than a random guess. Finally, we present a method of calculating a more accurate guessability value, which we call the revised guessability of a recognition-based scheme. Our conclusion is that to maximise the security of a recognition-based graphical password scheme, we recommend disallowing user choice of images

Attribute Based Secure Data Retrieval System for Decentralized Disruption Tolerant Military Networks

There are partitions in military environments such as a battlefield or a hostile region.They are likely to suffer from intermittent network connectivity.They having frequent partitions. Disruption-tolerant network DTN technologies are is a true and easy solutions.DTN is a Disruption-tolerant network.It allow devices which are wireless and carried by peoples in a military to interact with each other.These devices access the confidential information or command reliably by exploiting external storage nodes. In these networking environments DTN is very successful technology. When there is no wired connection between a source and a destination device, the information from the source node may need to wait in the intermediate nodes for a large amount of time until the connection would be correctly established.one of the challenching approach is a ABE.that is attribute-based encryption which fulfills the requirements for secure data retrieval in DTNs. The another concept is Cipher text Policy ABE (CP-ABE).it gives a appropriate way of encryption of data. the encryption includes the attribute set that the decryption needs to possess in order to decrypt the cipher text.hence, Many users can be allowed to decrypt different parts of data according to the security policy

Exploring the Effect of Resolution on the Usability of Locimetric Authentication

Locimetric authentication is a form of graphical authentication in which users validate their identity by selecting predetermined points on a predetermined image. Its primary advantage over the ubiquitous text-based approach stems from users' superior ability to remember visual information over textual information, coupled with the authentication process being transformed to one requiring recognition (instead of recall). Ideally, these differentiations enable users to create more complex passwords, which theoretically are more secure. Yet locimetric authentication has one significant weakness: hot-spots. This term refers to areas of an image that users gravitate towards, and which consequently have a higher probability of being selected. Although many strategies have been proposed to counter the hot-spot problem, one area that has received little attention is that of resolution. The hypothesis here is that high-resolution images would afford the user a larger password space, and consequently any hot-spots would dissipate. We employ an experimental approach, where users generate a series of locimetric passwords on either low- or high-resolution images. Our research reveals the presence of hot-spots even in high-resolution images, albeit at a lower level than that exhibited with low-resolution images. We conclude by reinforcing that other techniques - such as existing or new software controls or training - need to be utilized to mitigate the emergence of hot-spots with the locimetric scheme.Comment: 10 pages, 2 figure

Complexity metrics and user strength perceptions of the pattern-lock graphical authentication method

One of the most popular contemporary graphical password approaches is the Pattern-Lock authentication mechanism that comes integrated with the Android mobile operating system. In this paper we investigate the impact of password strength meters on the selection of a perceivably secure pattern. We first define a suitable metric to measure pattern strength, taking into account the constraints imposed by the Pattern-Lock mechanism's design. We then implement an app via which we conduct a survey for Android users, retaining demographic information of responders and their perceptions on what constitutes a pattern complex enough to be secure. Subsequently, we display a pattern strength meter to the participant and investigate whether this additional prompt influences the user to change their pattern to a more effective and complex one. We also investigate potential correlations between our findings and results of a previous pilot study in order to detect any significant biases on setting a Pattern-Lock. © 2014 Springer International Publishing

Complexity metrics and user strength perceptions of the pattern-lock graphical authentication method

One of the most popular contemporary graphical password approaches is the Pattern-Lock authentication mechanism that comes integrated with the Android mobile operating system. In this paper we investigate the impact of password strength meters on the selection of a perceivably secure pattern. We first define a suitable metric to measure pattern strength, taking into account the constraints imposed by the Pattern-Lock mechanism's design. We then implement an app via which we conduct a survey for Android users, retaining demographic information of responders and their perceptions on what constitutes a pattern complex enough to be secure. Subsequently, we display a pattern strength meter to the participant and investigate whether this additional prompt influences the user to change their pattern to a more effective and complex one. We also investigate potential correlations between our findings and results of a previous pilot study in order to detect any significant biases on setting a Pattern-Lock. © 2014 Springer International Publishing

A novel hybrid password authentication scheme based on text and image

Considering the popularity and wide deployment of text passwords, we predict that they will be used as a prevalent authentication mechanism for many years to come. Thus, we have carried out studies on mechanisms to enhance text passwords. These studies suggest that password space and memorability should be improved, with an additional mechanism based on images. The combination of text and images increases resistance to some password attacks, such as brute force and observing attacks. We propose a hybrid authentication scheme integrating text and recognition-based graphical passwords. This authentication scheme can reduce the phishing attacks because if users are deceived to share their key passwords, there is still a chance to save the complete password as attackers do not know the users' image preferences. In addition to the security aspect, the proposed authentication scheme increases memorability as it does not require users to remember long and complex passwords. Thus, with the proposed scheme users will be able to create strong passwords without sacrificing usability. The hybrid scheme also offers an enjoyable sign-in/log-in experience to users

CAPTCHA AS GRAPHICAL PASSWORDS—A NEW SECURITY PRIMITIVE BASED ON HARD AI PROBLEMS

Many security primitives are based on hard mathematical problems. Using hard AI problems for security is emerging as an exciting new paradigm, but has been under-explored. In this paper, we present a new security primitive based on hard AI problems, namely, a novel family of graphical password systems built on top of Captcha technology, which we call Captcha as graphical passwords (CaRP). CaRP is both a Captcha and a graphical password scheme. CaRP addresses a number of security problems altogether, such as online guessing attacks, relay attacks, and, if combined with dual-view technologies, shoulder-surfing attacks. Notably, a CaRP password can be found only probabilistically by automatic online guessing attacks even if the password is in the search set. CaRP also offers a novel approach to address the well-known image hotspot problem in popular graphical password systems, such as PassPoints, that often leads to weak password choices. CaRP is not a panacea, but it offers reasonable security and usability and appears to fit well with some practical applications for improving online security

INTRODUCING A NEW SECURITY PRIMITIVE IN INHIBITING LEXICON OCCURRENCE

Several quantities of graphical password schemes were suggested in literature within the traditional works. Captcha is really a standard security way in which has accomplished a restricted success when in comparison to cryptographic primitives on foundation of tough math problems. Within our work we setup a cutting-edge security primitive based on unsolved tough problems. It's graphical password system family which include Captcha expertise in addition to graphical passwords.  The machine deals a great deal of online dictionary attacks on passwords which were most significant security threat for various online services for example protection against relay attacks, difficult to shoulder-surfing attacks when coupled with dual-view understanding. The machine is click-based graphical passwords, by which number of clicks a picture derives your password and need fixing challenging in every login and effect on usability is reduced by way of adapting image complexity level according to login good reputation for account in addition to machine accustomed to sign in. Several schemes are transformed into CaRP schemes that are clicked-based graphical passwords