Authors:
Xiaoyuan Suo, Ying Zhu and G. Scott. Owen
Presented by: Lin Jie



Introduction
Overview of the Authentication Methods
The survey
◦ Recognition Based Techniques
◦ Recall Based Techniques

Discusssion
◦ Security
◦ Usability

Conclusion



Introduction
Overview of the Authentication Methods
The survey
◦ Recognition Based Techniques
◦ Recall Based Techniques

Discusssion
◦ Security
◦ Usability

Conclusion

How about text-based passwords ?
◦ Difficulty of remembering passwords
 easy to remember -> easy to guess
 hard to guess -> hard to remember
◦ Users tend to write passwords down or use the
same passwords for different accounts

An alternative: Graphical Passwords
◦ Psychological studies: Human can remember
pictures better than text


If the number of possible pictures is sufficiently
large, the possible password space may exceed
that of text-based schemes, thus offer better
resistance to dictionary attacks.
can be used to:
◦ workstation
◦ web log-in application
◦ ATM machines
◦ mobile devices



Conduct a comprehensive survey of the
existing graphical password techniques
Discuss the strengths and limitations of each
method
Point out future research directions



Introduction
Overview of the Authentication Methods
The survey
◦ Recognition Based Techniques
◦ Recall Based Techniques

Discusssion
◦ Security
◦ Usability

Conclusion

Token based authentication
◦ key cards, band cards, smart card, …

Biometric based authentication
◦ Fingerprints, iris scan, facial recognition, …

Knowledge based authentication
◦ text-based passwords, picture-based passwords, …
◦ most widely used authentication techeniques



Introduction
Overview of the Authentication Methods
The survey
◦ Recognition Based Techniques
◦ Recall Based Techniques

Discusssion
◦ Security
◦ Usability

Conclusion

Recognition Based Techniques
◦ a user is presented with a set of images and the
user passes the authentication by recognizing and
identifying the images he selected during the
registration stage

Recall Based Techniques
◦ A user is asked to reproduce something that he
created or selected earlier during the registration
stage



Introduction
Overview of the Authentication Methods
The survey
◦ Recognition Based Techniques
◦ Recall Based Techniques

Discusssion
◦ Security
◦ Usability

Conclusion

Dhamija and Perrig Scheme
Pick several pictures out of many choices, identify them later
in authentication.
◦ using Hash Visualization, which,
given a seed, automatically
generate a set of pictures
◦ take longer to create graphical
passwords
password space: N!/K! (N-K)!
( N-total number of pictures; K-number of pictures selected as passwords)

Sobrado and Birget Scheme
System display a number of pass-objects (pre-selected by
user) among many other objects, user click inside the convex
hull bounded by pass-objects.
◦ authors suggeated using 1000
objects, which makes the display
very crowed and the objects almost
indistinguishable.
password space: N!/K! (N-K)!
( N-total number of picture objects; K-number of pre-registered objects)

Other Schemes
Using human faces as password
Select a sequence of
images as password



Introduction
Overview of the Authentication Methods
The survey
◦ Recognition Based Techniques
◦ Recall Based Techniques

Discusssion
◦ Security
◦ Usability

Conclusion

Draw-A-Secret (DAS) Scheme
User draws a simple picture on a 2D grid, the coordinates of the
grids occupied by the picture are stored in the order of drawing
redrawing has to touch the
same grids in the same
sequence in authentication
 user studies showed the
drawing sequences is hard to
Remember


“PassPoint” Scheme
User click on any place on an image to create a password. A tolerance
around each chosen pixel is calculated. In order to be authenticated,
user must click within the tolerances in correct sequence.
can be hard to remember the
sequences

Password Space: N^K
( N -the number of pixels or smallest
units of a picture, K - the number of
Point to be clicked on )

Other Schemes
Grid Selection Scheme
Signature Scheme
Using images with random
tracks of geometric graphical
shapes
Using distorted images
to prevent revealing of
passwords



Introduction
Overview of the Authentication Methods
The survey
◦ Recognition Based Techniques
◦ Recall Based Techniques

Discusssion
◦ Security
◦ Usability

Conclusion

Is a graphical password as secure as textbased passwords?
◦ text-based passwords have a password space of 94^N
(94 – number of printable characters, N- length of passwords).
Some graphical password techniques can compete: Draw-A-Secret Scheme,
PassPoint Scheme.
◦ Brute force search / Dictionary attacks
The attack programs need to automatically generate accurate mouse motion
to imitate human input, which is more difficult compared to text passwords.
◦ Guessing
◦ Social engineering
◦ …



Introduction
Overview of the Authentication Methods
The survey
◦ Recognition Based Techniques
◦ Recall Based Techniques

Discusssion
◦ Security
◦ Usability

Conclusion



Pictures are easier to remember than text
strings
Password registration and log-in process take
too long
Require much more storage space than text
based passwords



Introduction
Overview of the Authentication Methods
The survey
◦ Recognition Based Techniques
◦ Recall Based Techniques

Discusssion
◦ Security
◦ Usability

Conclusion

main argument for graphical passwords:
people are better at memorizing graphical passwords than
text-based passwords


It is more difficult to break graphical passwords
using the traditional attack methods such as:burte
force search, dictionary attack or spyware.
Not yet widely used, current graphical password
techniques are still immature

Questions?