Poster Paper Proc. of Int. Joint Colloquium on Emerging Technologies in Computer Electrical and Mechanical 2011
Secured Authentication Through Coloured Passwords Implementation Sharath Yaji Dept. of PG Studies(CSE) Jnana Sangama, VTU, Belgaum, Karnataka, India sharath_yaji@yahoo.com Abstract—For authentication, generally text (alphanumeric) is used. It is well-known, however, that passwords are susceptible to attack: users tend to choose passwords that are easy to remember, and often this means that they are also easy for an attacker to obtain by searching for candidate passwords. Internet banking passwords, Email id passwords, server passwords and serial keys, which is used for authentication are no more safer. In this paper I have updated the way of representing passwords and serial keys .In this paper, I have introduced Bold, Italic, Different font sizes and colours to passwords. This makes fully secure password and serial keys.
II. BASIC IDEA Generally the text based passwords follow the following guidelines: At least 8 characters long and alphanumeric. Should not be easy to relate to the user (e.g. last name, phone number, birth year). Should not be a word that can be found in a dictionary or public dictionary. Should combine upper and lower case letters and digits. Because of the above mentioned guidelines the text based password scheme has many problems and difficulties which the user will have to face.Considering the above problems faced by the user using text based password scheme it has been found that colour password scheme is a better alternative to this. Human brain has the remarkable ability of remembering things that it sees than abstract things like sequence of letters. This is true with passwords that contain sequence of letters and is evident from number of times we forget our passwords. The authentication system that is in use today is more convenient for machine than human beings. If we use an image related password then clearly it will be easy to remember. So, we will get more user friendly authentication method. This is the basic idea behind the project.[4]
Index Terms— Graphical Passwords, authentication, Security, colour passwords, Strong Secured Passwords. Serial Keys.
I. INTRODUCTION Currently all internet and PC banking services use some form of passwords or PIN for authentication. It is widely accepted that this approach leaves a lot to be desired. Users dislike passwords because they are difficult to remember. Institutions dislike passwords because they are insecure, especially since most customers write them in order to remember them. Ankesh[1] pointed out that there are three major areas where human computer interaction is important: authentication, security operations and developing secure systems. Computer and Information security is very much dependent on password for the authentication of the users and are common in practice. The password design methods include text method, Biometrics. Biometrics scheme cannot be used widely. Text method is most widely used, since it is easy to implement and use. Three basic features of PASSWORD: 1. Passwords should be easy to remember. 2. User authentication protocol should be executed quickly and easily. 3. Passwords should be secure (random, hard to guess and not in plain text).[7] One of the main pitfalls in text-based password is the difficulty of remembering it. Studies have shown that users tend to pick short and easy passwords that can be used by them easily. But, these passwords can also be easily guessed or broken. Text based password scheme is lacking the above essential points mostly. Colour based passwords might be a solution to the problems.
© 2011 ACEEE DOI: 02.CEM.2011.01.504
III. COLOR PASSWORD AUTHENTICATION TECHNIQUE Usually passwords are cracked in attacker mode, if we introduce the passwords with BOLD, ITALLIC different font size and for more security introduce colours for passwords then it becomes difficult to crack passwords. For example: Below is the Secured password saved in .doc “ K2W78bf “ In all attack, what attacker gets password as:
63
Poster Paper Proc. of Int. Joint Colloquium on Emerging Technologies in Computer Electrical and Mechanical 2011 large password space. In case of text based passwords, the password space is 94^N, where N is the length of the password, 94 is the number of printable characters excluding SPACE. [16] 4.4 Spyware: Except for a few exceptions, key logging or key listening spyware cannot be used to break coloured passwords.[16] 4.5 Shoulder Surfing: Like text based passwords, most of the coloured passwords are vulnerable to shoulder surfing. At this point, only a few recognition-based techniques are designed to resist shoulder-surfing. None of the recall-based based techniques are considered should-surfing resistant.[8]
Comparison of passwords cracked:
V.
MAJOR DESIGN ISSUES AND IMPLEMENTATION
This section will explain about major design issues and implementation of colored passwords. Issues: A. Usability: One of the main arguments for coloured password is that are not easier to remember than text strings.However, current user studies are still very limited, involving only a small number of users.[3] In above table K is italic,2 is of green colour, w is of BOLD,7 is of 18 size font,8is of red colour, b and f are of italic. By using passwords like RAMA used we can increase the accuracy. 3.1 Development:
B. Reliability: The major design issue for recall-based methods is the reliability and accuracy of user input recognition. In this type of method, the error tolerances have to be set carefully – overly high tolerances may lead to many false positives while overly low tolerances may lead to many false negatives.[3]. C. Storage And Communication: It also requires much more storage space than text-based passwords. Thousands and thousands of passwords with colour has to be stored in the centralized database. [3]
Above fig. shows simple PAP authentication method. In this either ID and Password uses data type of “VARCHAR/ VARCHAR2” or the data type which supports only alphabets and numbers. It doesn’t support BOLD, italic, font size or any colours for text. So here we have to build new data type which supports afore features. And for passwords while signing up itself we should give afore feature options.(should similar to BLOB or CLOB data types). Remembering passwords: To remember passwords, save the passwords in .doc or .rtf format, yes these types can’t be used for Boot up passwords. Same thing can be adopted for SERIAL KEYS.
VI.
The data analysis focuses on the user acceptance of the Colour authentication, suggestions. A. User Acceptance From the sample, generally 66.7 percent of the lecturers agree that it is feasible to use colour as authentication. only 33% of the respondent feels that it is not feasible to use colour as password. Some of the reasons for this rejection is that they felt that the traditional method is more secure and it is more easier to remember.[5]
IV. COLOUR PASSWORDS OVER TEXT PASSWORDS We may have below mentioned attacks while for text passwords. 4.1 Dictionary Attacks: One of the problems with text based passwords is dictionary attacks. Since recognition based colour passwords involve the user to input using mouse instead of keyboard, it is impractical to carry out dictionary attacks against this type of passwords. So, we can say that colour passwords are less vulnerable to dictionary attacks.[16] 4.2 Brute Force Search: The main defence against the brute force search or exhaustive search is to have a sufficiently © 2011 ACEEE DOI: 02.CEM.2011.01.504
RESULTS AND ANALYSIS
64
Poster Paper Proc. of Int. Joint Colloquium on Emerging Technologies in Computer Electrical and Mechanical 2011
REFERENCES
VII.
[1]. Ankesh Khandelwal, Shashank Singh, Niraj Satnalika, ‘Authentication by Secured Graphical Password Implementation’, 2010 International Journal of Computer Applications (0975 8887).Volume 1 – No. 25. [2]. Schalk Peach , Johannes Vorster ,Renier van Heerden , ‘Heuristic Attacks Against Graphical Password Generators’, Council for Scientific and Industrial Research. [3]. Ali Mohamed Eljetlawi , Norafida Ithnin ,‘Graphical Password: Comprehensive study of the usability features of the Recognition Base Graphical Password methods’, , Third 2008 International Conference on Convergence and Hybrid Information Technology. [4]. Haichang Gao, Xiyang Liu, Ruyi Dai, Design and Analysis of a Graphical Password Scheme, 2009 Fourth International Conference on Innovative Computing, Information and Control. [5]. Mohd Ali Bin Mohd Is, Mohd Nor Hajar Hasrol Jono, Mohamad Yusof Darus, Norkhushaini Awang,’ User Perceptions Towards the Use of Colour as Authentication Method: Focus on FTMSK Lecturer ‘., Proceedings of the International Conference on Computer and Communication Engineering, May 13-15, 2008 Kuala Lumpur, Malaysia [6]. Amirali Salehi-Abari, Julie Thorpe, and P.C. van Oorschot, ‘On Purely Automated Attacks and Click-Based Graphical Passwords’. 2008 Annual Computer Security Applications Conference. [7]. Susan Wiedenbeck, Jean-Camille Birget, Alex Brodskiy ‘Authentication Using Graphical Passwords: Effects of Tolerance and Image Choice’, On Usable Privacy and Security (SOUPS) 2005, July 6-8, 2005, Pittsburgh, PA, USA [8]. Wei Hu,Xiaoping Wu, Guoheng Wei, The Security Analysis of Graphical Passwords, 2010 International Conference on Communications and Intelligence Information Security. [9]. , Daniel LeBlanc, Alain Forget and Robert Biddle,Guessing Click-Based Graphical Passwords by Eye Tracking 2010 Eighth Annual International Conference on Privacy, Security and Trust. [10] Eric Cole, Hackers beware, ISBN 0-7357-1009-0 First Edition August 2001. [11] James F. Kurose, Keith W.Ross, Computer networking a top Down Approach Featuring the internet. ISBN 81-7808-787-1,2nd Edition 10th print 2005. [12]Andrew S. Tanenbaum, Computer Networks, ISBN 81-7758165-1,4th Edition 2005. [13]Behrouz . A.Forouzan, Data Communications and Networking, 4th Edition 2006. [14]Jeff Yan,Alan Blackwell, Ross Anderson, Alasdair Grant, Password memorability and security:Empirical Results. IEEE SECURITY AND PRIVACY ,Sep/Oct 2004. [15]Muxiang Zhang, Breaking an Improved Password Authenticated Key Exchange Protocol for Imbalanced Wireless Networks.IEEE Communication Letters, Vol-9.No 3.March 2005. [16] Wei Hu,Xiaoping Wu, Guoheng Wei, The Security Analysis of Graphical Passwords, International Conference on Communications and Intelligence Information Security,2010
CONCLUSION AND FUTURE WORK
The past decade has seen a growing interest in understanding and implementing coloured password as an alternative to the traditional text-based passwords. Although the main argument for coloured passwords is that people are not better at memorizing coloured passwords than common text-based passwords. Our preliminary analysis suggests that it is more difficult to break graphical passwords using the traditional attack methods such as brute force search, dictionary attack, or spyware. However, since there is not yet wide deployment of graphical password systems, the vulnerabilities of graphical passwords are still not fully understood. Much more research and user studies are needed for graphical password techniques to reach higher levels of usefulness. Preliminary analysis suggests that it is more difficult to break coloured passwords using the traditional attack methods. To secure passwords we need to introduce extra features while creating passwords itself. It may difficult to decrypt the colour passwords at first. We can create Passwords at first by giving some standard colours. Then develop that for more colours to make secured passwords/ serial keys. The Drawback of this method is if the hacker gives interface as server then passes password to original server then this password can be cracked. I have assumed that server is using well firewall. This type of serial keys cannot be cracked. While in future we can develop Algorithm which supports Encryption and Decryption of afore featured data type. Overall, the current text password techniques are still immature. Much more research and user studies are needed for coloured password techniques to achieve higher levels of maturity and usefulness.
© 2011 ACEEE DOI: 02.CEM.2011.01.504
65