1

The Design and Analysis of Graphical Passwords

Presenter : Ta Duy Vuong

taduyvuo@comp.nus.edu.sg

Ian JermynNew York University

Alain Mayer, Fabian Monrose, Michael

K.ReiterBell Labs, Lucent

Technologies

Aviel D.RubinAT&T Labs-Research

2

OUTLINE

1. Introduction2. Textual Passwords with Graphical

Assistance3. Purely Graphical Passwords4. Other graphical password scheme5. Summary6. References

3

1.INTRODUCTION

• Passwords: method of choice for user authentication.

• In practice, passwords are susceptible to attacks.

• Exploit features of graphical input displays to achieve better security.

4

1.INTRODUCTION

•Used for any devices with graphical input display •Primarily for PDAs: Palm Pilot, HP iPAQ,…

5

1.INTRODUCTION• Observation: temporal order &

position• Textual password input via keyboard:

• Graphical password

simplepass123456789

6

2.TEXT WITH GRAPHICAL ASSISTANCE

GRAPHICAL PASSWORD

TEXTUAL PASSWORD WITH GRAPHICAL ASSISTANCE

DRAW-A-SECRET SCHEME

7

2.TEXT WITH GRAPHICAL ASSISTANCE

• Use textual passwords augmented by some graphical capabilities.

• Aim: to decouple temporal order & position of input.

8

2.TEXT WITH GRAPHICAL ASSISTANCE

• Example: password is “tomato”.• Usual way of input:

Conventional

9

2.TEXT WITH GRAPHICAL ASSISTANCE

With graphical assistance

10

2.TEXT WITH GRAPHICAL ASSISTANCE

• Formally:

•k : number of characters in password •A : set of allowed characters•m : number of positions (m>=k)

• Textual : f = {1,…,k} A• Graphical : f’ = {1,…,k} A x

{1,…,m}

11

2.TEXT WITH GRAPHICAL ASSISTANCE

• One k-character conventional password yields:

m!/(m-k)! graphical passwords

Ex: Password is “ILoveNus”• k=8 (characters)• Choose m=10 (positions) approximately 1.8 x 106 graphical

passwords

12

3.DRAW-A-SECRET (DAS) SCHEME

GRAPHICAL PASSWORD

TEXTUAL PASSWORD WITH GRAPHICAL ASSISTANCE

DRAW-A-SECRET SCHEME

13

3.DRAW-A-SECRET (DAS) SCHEME

3.1 Introduction• Password is picture drawn on a grid.

• Users freed from having to remember alphanumeric string.

• What is good about picture-based password?

14

3.DRAW-A-SECRET (DAS) SCHEME

3.2 Password input

(5,5) is pen-up indicator(2,2) (3,2) (3,3) (2,3) (2,2)

(2,1) (5,5)

15

3.DRAW-A-SECRET (DAS) SCHEME

3.3 Encryption Tool for PDA

Process of making keys for Triple-DES

Key k

Triple-DES

Sequence of coordinates of password P

Hashed using SHA-1

Derived to make keys

•Use Triple-DES to encrypt/decrypt data stored on PDA

16

3.DRAW-A-SECRET (DAS) SCHEME

3.3 Encryption Tool for PDA

ressult = P ??

Key k’

restult=Dk’(Ek(P))

Sequence of coordinates P’

Hashed using SHA-1

Process of verifying password

Store Ek(P)

Key k

Ek(P)

Sequence of coordinates P

Hashed using SHA-1

Process of setting password

17

3.DRAW-A-SECRET (DAS) SCHEME

3.4 Security of the DAS Scheme

• Textual passwords are susceptible to attacks because:– Users do not choose passwords uniformly.– Attackers have significant knowledge about

the• distribution of user passwords (users often

choose passwords based their own name…)• information about gross properties (words in

English dictionary are likely to be chosen)

18

3.DRAW-A-SECRET (DAS) SCHEME

3.4 Security of the DAS Scheme

• Knowledge about the distribution of user password is essential to adversary.

• DAS scheme gives no clues about user choice of passwords.

• Harder to collect data on PDAs than networked computers.

19

3.DRAW-A-SECRET (DAS) SCHEME

3.4 Security of the DAS Scheme• Size of Password space:

Lmax P : password∏(Lmax,G) = ∑ P(L,G) Grid size GxG

L=1 L : length of passwordLmax : maximum length of

password l=L N: number of strokes

P(L,G) = ∑ P(L-l,G)N(lG) l : length of stoke l=1

N(l,G) = ∑ n(x,y,l,G) n : number of strokes of length l (x,y)∈[1..G]x[1..G] (x,y) : ending cell

20

3.DRAW-A-SECRET (DAS) SCHEME

3.4 Security of the DAS Scheme

• New password scheme cannot be proven better than old scheme because of human factor !

• However, above table shows raw size of graphical password space surpasses that of textual passwords.

21

4. Another graphical password scheme

•To login, user is required to click within the circled red regions (chosen when created the password) in this picture. The choice for the four regions is arbitrary •Known since the mid 1990s, starting with G.Blonder in his paper “Graphical Passwords”

22

5. SUMMARY

• Textual passwords with graphical assistance: conventional passwords equipped with graphical capabilities.

• Improvements over textual passwords:– Decouple positions of input from temporal

order– Larger password space

23

5. SUMMARY

• Draw-A-Secret (DAS) Scheme:– Pictures are easier to remember– Attackers have no knowledge of the

distribution of passwords– Larger password space– Decouple position of inputs from

temporal order

24

6. REFERENCES• “The Design and Analysis of Graphical Passwords

” by Ian Jermyn, Alain Mayer, Fabian Monrose, Michael K.Reiter, Aviel D.Rubin

• “Graphical passwords” by Leonardo Sobrado, Jean-Camille Birget, Department of Computer Science, Rutgers University

• “Graphical Dictionaries and the Memorable Space of Graphical Passwords” by Julie Thorpe, P.C. van Oorschot

• “Human Memory and the Graphical Password” by David Bensinger, Ph.D.

• “Passwords: the weakest link?” CNET News.com

25

THANK YOU .