Two Step Endorsement: Text Password and Graphical Password: Chirag Jagani, Pooja Kalola, Dr. Bankim Radadiya
Two Step Endorsement: Text Password and Graphical Password: Chirag Jagani, Pooja Kalola, Dr. Bankim Radadiya
org
(Department of CS& IT, Shree M. & N. Virani Science College, Saurashtra University (SU), Rajkot, India) (Department of IT, Patel College of Sci. &Tech.,Rajiv Gandhi Proudyogiki Vishwavidyalaya, Indore, India) 3 (Director of Information Technology, Navsari Agricultural University, Navsari (Gujarat), India)
I.
INTRODUCTION
Text passwords have been widely used for user authentication, e.g., by almost all web-sites on the Internet. However, it is well-known that text passwords are insecure for a variety of reasons. For example, users tend to choose simple passwords in favor of memorability, making them subject to dictionary attacks; and text passwords can be stolen by malicious software (e.g., keystroke loggers) when being entered from keyboards. Phishing is another serious threat to text passwords, by which, a user could be persuaded to visit a forged website and enter their passwords. Such an attack is made possible in part due to the fact that text passwords do not allow users to authenticate a server; by design they provide only one-way user authentication, and server authentication is not a design objective of text passwords alone. We propose a two-step authentication method to strengthen text passwords by combining them with graphical passwords. In this approach, called Dual Step, users continue to use text passwords as a first step, but then must also enter a graphical password, providing the following advantages: 1. 2. 3. 4. Users current sign-in experience is largely pre-served. A text password alone which is stolen (e.g., by phishing) does not compromise an account. Users can be alerted if not seeing the graphical password cuing image after providing their text passwords, implicitly providing server authentication. It can be implemented in software alone, increasing the potential for large scale adoption on the Internet.
II.
Given that text passwords are easy to deploy and to use, we believe that they will continue to be popular. Thus, we suggest that effort should be made to enhance text pass-words with an easy to use additional defense mechanism that can address common pass-word attacks, such as brute-force and phishing attacks. To this end, we propose Dual Step, a combination of text passwords and recognition-based graphical passwords. The latter can complement text passwords being less subjective to phishing attacks which require prior knowledge of users image portfolios, and to naive key logger attacks. In step one, a user is asked for her user name and text password. After supplying this, and independent of whether or not it is correct, in step two, the user is presented with an image portfolio. The user must correctly select all images (one or more) pre-registered for this account in each round of graphical password verification. Otherwise, account access is denied despite a valid text password. Using text passwords in step one preserves the existing user sign-in experience. If the users text password or graphical password is correct, the image portfolios presented are those as defined during password creation. Otherwise, the image portfolios (including their layout dimensions) presented in first and a next round are random but respectively a deterministic function of the user name and text password string entered, and the images selected in the previous round. More specifically, the image portfolio in round n is pseudo-randomly generated from a seed value derived from the entered user name and text password when n=1, and from the images selected in round n-1 when n 2.Seeing a portfolio including no familiar image allows a legitimate user to immediately realize that
www.iosrjournals.org
37 | P a g e
Fig. 1 Selection panel in graphical step For a given image portfolio, each image is associated with an index number. Images along with their index numbers are displayed in a random order on the screen. Below the displayed image portfolio is a selection panel with all index numbers dis-played incrementally. To select an image, the user identifies the image and then clicks the corresponding index number on the lower selection panel. In the case that several images must be chosen from a portfolio, the selection panel can help the user keep track of which images have www.iosrjournals.org 38 | P a g e
III.
3.1 Password Strength Wediscuss the strength ofDual Step, measured by entropy in bits, by considering both the entropy of the text password and the graphical password parts. A text password of lengthlcharacters has entropy ofl log2c bits if characters are selected uniformly at random and independently from an alphabet of c characters. For example, a randomly generated 8-character password consisting of digits, lowercase, and uppercase has8 log262 = 47.6Bits of entropy. Letr be the number of rounds of our graphical password verification. For each round, let nbe the size of the image portfolio, andk < n the total number of images selected from the portfolio as the graphical password. The entropy of a randomly selected graphical password conforming to this policy is r log2t, where = () and !/( )!for un-ordered and ordered images respectively. As an example, considerr = 1, n= 36, k= 3, and unordered image selection, meaning one round of verification by selecting3images in any order from a portfolio of size36. The entropy is l 12.8bits. For r = 2, in theory this doubles to 25.6bits, though in practice we might expect less unpredictability due to patterns in user choice [5]. Choosing different parameters k, n, r, and tcan increase security, but also changes usability. In addition, password guessing attacks in Dual Step must be done online (interacting with the server), which is more costly than offline attacks. Note that text passwords used in practice are generally far from randomly and in-dependently selected, and often lowercase only ([10]),decreasing entropy. For example, an 8-character lowercase password has entropy about 37.6 bits if all characters were selected randomly and independently. But in practice, they perhaps have only 20-35 bits on average and less for some subsets of users. Relative to this more realistic estimate, the 25.6bits (or even12.8 bits) of added security from the graphical part is quite significant, against both targeted single-account exhaustive attacks, and system-wide multi-account attacks that might attempt as few as 3-5 guesses per account. 3.2 Mitigating Naive Key logging Attacks Keylogging is a common method for stealing user text passwords. A keylogger is malicious software which intercepts keystrokes on an infected machine as a user types. For example, Microsoft Windows provides (un-documented) interfaces facilitating interception of system events including keystrokes. With Dual Step, a user would use the keyboard for the text password part, and mouse clicks for the graphical parts. Thus, a naive keylogger cannot obtain the graphical parts. More sophisticated malware can capture both user screen contents and mouse clicks to recover a graphical password, with more effort. 3.3 Mitigating Phishing Attacks Phishing [7] is another common technique for stealing passwords by fooling users to enter such information into a fraudulent website spoofing a legitimate one (e.g., a bank site). Social engineering tactics are often used (e.g., urgent account update, requests to verify fake transactions, etc.). In Dual Step, while users text password part can still be stolen by phishing, obtaining their graphical password parts is more difficult: without knowledge of users image profiles, the phisher does not know what images to present in order to extract a graphical password. 3.4 Mitigating Active MITM Attacks An active man-in-the-middle (MITM) attack allows an attacker to become an intervening proxy and control all communication be-tween the user and the website [9]. SSL cannot mitigate this attack since an attacker can use SSL on both communication segments individually, so users (and end website) appear to be operating securely. The proxy can be either malware on a users local machine or located on a remote server (controlled by an attacker) to which the user is drawn by phishing techniques. Such an attacker can gain access to any information exchanged between a user and a website, thus can defeat Dual Step. It appears difficult to prevent this active MITM attack if the end-user machine is infected by malicious software. In fact, it seems all software-only defenses fail for such compromised end-machines. On the other hand, if the active MITM proxy is located remotely, as in DNS server pharming-based MITM attacks, consistency check techniques involving alternative communication paths could be used to detect if requests intended to be sent to one server actually terminate at another. This provides protection to Dual Step against active MITM proxies. www.iosrjournals.org 39 | P a g e
Two Step Endorsement: Text Password And Graphical Password IV. Related Work
Graphical passwords can be largely classified into three categories: recognition-based, cued-recall, or recall-based. In recognition-based graphical passwords, users are required to recognize and then select a set of preselected images from a larger set. In cued-recall, the images cue the user, for example, to click a set of points on an image [3]. In recall-based, users are required to recall a password without any cues, such as drawing a doodle in Draw-A-Secret [12]. We focus the remainder of our review here on recognition-based schemes. For a broader survey, [1] [6] is a recognition-based graphical password, which makes use of random art images, instead of photographs, to discourage users from selecting predictable images. While randomly generated images can improve security, they also reduce usability. For example, it takes longer for users to remember random art images than photos, and less time to forget them. Passfaces [4] is another recognition-based scheme, using human faces as authentication images. A users password consists of k faces, each of which must be chosen from a set of n >1 faces in each round of the selection. While human faces are more memorable than text passwords, it was also found [5] that users usually choose predictable faces as their passwords, e.g., faces of their own race. In addition, female faces and attractive faces are chosen more often than male faces. Those biases make human faces less suitable as password components.Story [5] is similar to passfaces, but uses a variety of photos to form image portfolios, and encourages users to select photos to form a storyto improve memorability. In Winchells scheme [15], a user is asked to answer a sequence of questions based on a shared set of images with the server. This scheme can resistshoulder-surfing attacks, but requires significant training and has usability issues, as well as security issues [11].
References
[1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] S. Chiasson. Usable Authentication and Click-Based Graphical Passwords. PhD thesis, Carleton University,Ottawa, Canada, January 2009. S. Chiasson, A. Forget, R. Biddle, and P.C. van Oorschot. Influencing Users towards Better Passwords: Persuasive Cued ClickPoints. InProc. of HCI08, September 2008. S. Chiasson, P.C. van Oorschot, and R. Biddle. Graphical Password Authentication Using Cued Click Points. InProc. of ESORICS07, volume 4734, pages 359374, September 2007. Real User Corporation. The Science Behind Passfaces, September 2001. D. Davis, F. Monrose, and M. Reiter. On User Choice in Graphical Password Schemes. In Proc. of13th USENIX Security Symposium, August 2004. R. Dhamija and A. Perrig. Deja Vu: A User Study Using Images for Authentication. InProc. Of 9th USENIX Security Symposium, August 2000. R. Dhamija, J. Tygar, and M. Hearst. Why Phishing Works. In Human Factors in Computing Systems, April 2006. 51Logon: Simplifying SignInExperience. http://www.51Logon.com (in Chinese). E. Felton, D. Balfanz, D. Dean, and D. Wallach. Web Spoofing: An Internet Con Game. In Proc. of the20th National Information systems Security Conference, October 1997. D. Florencio and C. Herley. A Large-Scale Study of Web Password Habits. InProc. of the 2007 World Wide Web, 2007. D. P. Golle and D. Wagner. Cryptanalysis of a Cognitive Authentication Schemes (Extended Abstract). InProc. of the 2007 IEEE Symposium on Security and Privacy, May 2007. I. Jermyn, A. Mayer, F. Monrose, M.K. Reiter, and A. Rubin. The Design and Analysis of Graphical Passwords. InProc. of the 8th USENIX Security Symposium, August 23-26 1999. M. Kumar, Tal Garfinkel, D. Boneh, and T. Winograd. Reducing Shoulder-surfing by Using Gaze-based Password Entry. InProc. of SOUPS07, July 2007. Rabkin. Personal Knowledge Questions for Fallback Authentication. In Proc. of the 2008 Symposium On Usable Privacy and Security (SOUPS), July 23-25 2008. D. Weinshall. Cognitive Authentication Schemes Safe against Spyware (Short Paper). In Proc. of the 2006 IEEES ymposium on Security and Privacy, May 2006.
www.iosrjournals.org
40 | P a g e