Graphical Cryptographic Verification System

A Graphical Cryptographic Verification System that restores the static digital pictures naturally used in graphical password systems with personalized physical tokens, here in the form of digital pictures showed on a physical user-owned device such as a mobile phone. Users present these pictures to a scheme camera and then enter their password as a sequence of selections on live video of the token. Extremely distinctive optical characteristics are extracted from these selections and utilized as the password. We present three probability studies of examining its consistency, usability, and safety against surveillance. The consistency study Graphical Cryptographic Verification System demonstrates that imagefeature based passwords are viable and suggests appropriate system thresholds password items should include a minimum of seven features, 40% of which must geometrically equal unique stored on an authentication server in order to be moderator equivalent. The usability study calculates task completion times and error rates, revealing these to be 7.5 s and 9%, broadly comparable with preceding graphical password systems that use static digital images. In the end, the safety study highlights Graphical Cryptographic Verification System conflict to observation attack three attackers are able to compromise a password using shoulder surfing, camera based observation, or malware. These results indicate that Graphical Cryptographic Verification System shows promise for safety while maintaining the usability of current graphical password schemes. Keywords— Graphical Cryptographic, Graphical password, input, live video, observation, user study.

[1]  Krzysztof Golofit Click Passwords Under Investigation , 2007, ESORICS.

[2]  Michael K. Reiter,et al.  The Design and Analysis of Graphical Passwords , 1999, USENIX Security Symposium.

[3]  Hai Tao,et al.  Pass-Go: A Proposal to Improve the Usability of Graphical Passwords , 2008, Int. J. Netw. Secur..

[4]  Nasir D. Memon,et al.  Modeling user choice in the PassPoints graphical password scheme , 2007, SOUPS '07.

[5]  Julie Thorpe,et al.  Purely Automated Attacks on PassPoints-Style Graphical Passwords , 2010, IEEE Transactions on Information Forensics and Security.

[6]  Paul C. van Oorschot,et al.  On countering online dictionary attacks with login histories and humans-in-the-loop , 2006, TSEC.

[7]  Benny Pinkas,et al.  Securing passwords against dictionary attacks , 2002, CCS '02.

[8]  Nasir D. Memon,et al.  PassPoints: Design and longitudinal evaluation of a graphical password system , 2005, Int. J. Hum. Comput. Stud..

[9]  Michael K. Reiter,et al.  On User Choice in Graphical Password Schemes , 2004, USENIX Security Symposium.

[10]  Alain Forget,et al.  Influencing users towards better passwords: persuasive cued click-points , 2008 .

[11]  Robert Biddle,et al.  Graphical passwords: Learning from the first twelve years , 2012, CSUR.

[12]  Daphna Weinshall,et al.  Cognitive authentication schemes safe against spyware , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[13]  John Langford,et al.  CAPTCHA: Using Hard AI Problems for Security , 2003, EUROCRYPT.

[14]  Julie Thorpe,et al.  On predictive models and user-drawn graphical passwords , 2008, TSEC.

[15]  Julie Thorpe,et al.  Human-Seeded Attacks and Exploiting Hot-Spots in Graphical Passwords , 2007, USENIX Security Symposium.