Graphical Passwords

Graphical Passwords

Graphical Passwords

(1) Why graphical passwords? Pictures are easy to remember or recognized than text..

(2) Are graphical passwords as secure as text passwords?

(3) What are the major design and implementation issues for graphical passwords?

Random Image

Based on hash visualization techniques.

Passfaces

Passlogix

Pass Point

Based on JPEG 2000

Random Image

Random Image

Based on hash visualization techniques.

Draw-A-Secret (DAS)

Drawing Grid

Graphical Passwords Design

Recognition Based Techniques

Recall Based Techniques (1) Produce a drawing (2) Repeat a sequence of actions

Attack on Graphical Passwords

(1) Brute force search (2) Dictionary attacks(3) Guessing * different person has different choice. * human have some common selections.(4) Spy ware(5) Shoulder surfing(6) Social engineering

Research on Graphical Passwords

(1) Design a new graphical password scheme * can return a random length text password

(2) Use graphical password in public key cryptosystem. * User generate a big number from graphical password. * Convert the big number into a signing private key. * Get a certificate from CA with the generated key. * Embed graphical password into application such as webmail. * User log on webmail, generate his signing key without key file or smart card. * User sign his mail use javascript in the browser without his key exposed.

owHtWU1sJNld3yTAIYhDIiEhwaFc9tJtbVW1WBuPLLunep0ea7S0UD1o+TFTbldVetQededFZHu1hRkx50hcIJccc0E5RdyCFI4oHDkhhISQkLiCEMcc896r71fvs7o8O7H89+501fv+1f/7//7mt772wVe/8bMf/2Twix/+9O1X/v6Dr/zaP377q9/+9rNv/uApePD09S/7APdPjxAfAj1CfAj0CPEh0CPEh0CPEB8CPUJ8CPQI8SHQI8SHQI8Q