Follow us on Facebook

Header Ads

Persuasive Cued Click-Points: Design, Implementation, and Evaluation of a Knowledge-Based Authentication Mechanism


Persuasive Cued Click-Points: Design, Implementation, and Evaluation of a Knowledge-Based Authentication Mechanism

ABSTRACT:
This paper presents an integrated evaluation of the Persuasive Cued Click-Points graphical password scheme, including usability and security evaluations, and implementation considerations. An important usability goal for knowledge-based authentication systems is to support users in selecting passwords of higher security, in the sense of being from an expanded effective security space. We use persuasion to influence user choice in click-based graphical passwords, encouraging users to select more random, and hence more difficult to guess, click-points.

EXISTING SYSTEM:
The problems of knowledge-based authentication, typically text-based passwords, are well known. Users often create memorable passwords that are easy for attackers to guess, but strong system-assigned passwords are difficult for users to remember

DISADVANTAGES OF EXISTING SYSTEM:
Although Pass Points is relatively usable, security weaknesses make passwords easier for attackers to predict.

Hotspots are areas of the image that have higher likelihood of being selected by users as password click-points. Attackers who gain knowledge of these hotspots through harvesting sample passwords can build attack dictionaries and more successfully guess Pass Points passwords. Users also tend to select their click-points in predictable patterns (e.g., straight lines), which can also be exploited by attackers even without knowledge of the background image; indeed, purely automated attacks against Pass Points based on image processing techniques and spatial patterns are a threat

PROPOSED SYSTEM:
A password authentication system should encourage strong passwords while maintaining memorability. We propose that authentication schemes allow user choice while influencing users toward stronger passwords. In our system, the task of selecting weak passwords (which are easy for attackers to predict) is more tedious, discouraging users from making such choices. In effect, this approach makes choosing a more secure password the path of least resistance. Rather than increasing the burden on users, it is easier to follow the system’s suggestions for a secure password—a feature lacking in most schemes. We applied this approach to create the first persuasive click-based graphical password system, Persuasive Cued
Click-Points (PCCP).




ADVANTAGES OF PROPOSED SYSTEM:
This systematic examination provides a comprehensive and integrated evaluation of PCCP covering both usability and security issues, to advance understanding as is prudent before practical deployment of new security mechanisms.

Results show that PCCP is effective at reducing hotspots (areas of the image where users are more likely to select click-points) and avoiding patterns formed by click-points within a password, while still maintaining usability.

MODULES:
Create Password interface Module
Shuffles Module
Password Entry Times Module
Varying System Parameters Module
Usability Results Module
MODULES DESCRIPTION:
Create Password interface Module
PCCP encourages users to select less predictable passwords, and makes it more difficult to select passwords where all five click-points are hotspots. Specifically, when users create a password, the images are slightly shaded except for a viewport. The viewport is positioned randomly, rather than specifically to avoid known hotspots, since such information might allow attackers to improve guesses and could lead to the formation of new hotspots. The viewport’s size is intended to offer a variety of distinct points but still cover only an acceptably small fraction of all possible points. Users must select a click-point within this highlighted viewport and cannot click outside of the viewport, unless they press the shuffle button to randomly reposition the viewport. While users may shuffle as often as desired, this significantly slows password creation. The viewport and shuffle button appear only during password creation. During later password entry, the images are displayed normally, without shading or the viewport, and users may click anywhere on the images.

Shuffles Module
During password creation, PCCP users may press the shuffle button to randomly reposition the viewport. Fewer shuffles lead to more randomization of click-points across users. The shuffle button was used moderately. For example, since PCCP Lab passwords involved five images, the mean number of shuffles per password would be 3 _ 5 ¼ 15. PCCP Lab study users who shuffled a lot had higher login success rates than those who shuffled little, and the result was statistically significant.

Password Entry Times Module
Times are reported in seconds for successful password entry on the first attempt. For login and recall, we also report the “entry time”: the actual time taken from the first click-point to the fifth click-point. The analogous measure was not recorded for text passwords. During password creation, this can partially be explained by participants who used the shuffle mechanism repeatedly. During recall, this may be because PCCP participants had to recall different passwords (since by design, it is impossible to reuse PCCP passwords), whereas over half of Text participants reused passwords or had closely related passwords, suggesting a reduced memory load.

Varying System Parameters Module
Success rates were very high for login; participants could successfully log in after a short time regardless of number of click-points or image size.

Mean times for each condition are generally elevated compared to times in the studies with smaller theoretical password spaces. No clear pattern emerges in the times taken to create passwords. A general increase in times can be seen in both the login and recall phases as more click points or larger images are used. As should be expected, participants took much longer to reenter their passwords after two weeks (recall), reflecting the difficulty of the task.

Usability Results Module
We first summarize the studies with comparable theoretical password spaces (i.e., including PCCP 2wk S5). Overall, PCCP has similar success rates to the other authentication schemes evaluated (CCP, PassPoints, and text). PCCP password entry takes a similar time to the other schemes in the initial lab sessions, but the results indicate longer recall times for PCCP when recalling passwords beyond the initial session. Users who shuffled more had significantly higher success rates in the PCCP Lab study, but the difference in success rates between high and low shufflers was not statistically significant for the two-week or web studies. Furthermore, users reported favorable opinions of PCCP in post-task questionnaires.
HARDWARE REQUIREMENTS

                     SYSTEM             : Pentium IV 2.4 GHz
                     HARD DISK        : 40 GB
                     FLOPPY DRIVE  : 1.44 MB
                     MONITOR           : 15 VGA colour
                     MOUSE               : Logitech.
                     RAM                    : 256 MB
                     KEYBOARD       : 110 keys enhanced.

SOFTWARE REQUIREMENTS

                     Operating system           :-  Windows XP Professional
                     Front End             :-  Microsoft Visual Studio .Net 2008
                     Coding Language : - C# .NET.
                     Database              :- SQL Server 2005
REFERENCE:
Sonia Chiasson, Elizabeth Stobert, Alain Forget, Robert Biddle, and Paul C. van Oorschot, “Persuasive Cued Click-Points: Design, Implementation, and Evaluation of a Knowledge-Based Authentication Mechanism”, IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 9, NO. 2, MARCH/APRIL 2012.