You are here

Home » Content

GRAFİK TABANLI ŞİFRELERİN GÜVENLİK ANALİZİ İÇİN BİR YAKLAŞIM

A Novel Approach for Security Analysis of Graphical Passwords

Journal Name:

  • Uludağ Üniversitesi Mühendislik-Mimarlık Fakültesi Dergisi

Publication Year:

  • 2006

Key Words:

Keywords (Original Language):

Author NameUniversity of AuthorFaculty of Author
Abstract (2. Language): 
Graphical passwords are different from classic alphanumeric based passwords such that graphical passwords are based on clicking some pixels on a system screen for system entry. The alphabet set of the alphanumeric passwords consists of nearly 70 alphanumeric characters whereas the alphabet size of graphical passwords would be more than 1000 depending on the resolution of the image used for graphical password. Thus using graphical passwords instead of alphanumeric ones would increase the security of the authentication systems. However, some images used for graphical passwords may not have high entropies. In order to say that the graphical passwords are better than the alphanumeric ones there should be a tool that computes or estimates the entropy of the graphical passwords. In this study an entropy estimation algorithm for graphical passwords is proposed to be used in security analysis of graphical passwords. The proposed algorithm is tested on several password images. The numerical result shows that the proposed entropy estimation algorithm can be used successfully in graphical password based authentication systems.
Bookmark/Search this post with
Abstract (Original Language): 
Grafik tabanlı şifreler, alfanümerik şifrelerden farklı olarak sistem ekranında görüntülenen bir imge üzerindeki bazı bölgelerin şifre olarak seçilmesi prensibine dayanmaktadır. Alfanümerik tabanlı şifrelere ait alfabe seti yaklaşık 70 karakterden oluşurken, grafik tabanlı şifrelerde alfabe boyutu kullanılan imgenin çözünürlüğüne bağlı olarak 1000 veya daha fazla olabilir. Bu da sistem güvenliğini önemli ölçüde arttırmaktadır. Bununla birlikte her yüksek çözünürlüklü imge yüksek entropiye sahip olmayabilir. Grafik şifrelerin alfanümerik şifrelere oranla daha güvenli olduğunu söyleyebilmek için kullanılan imgeye bağlı olarak grafik şifre entropisinin hesaplanması gerekmektedir. Bu çalışmada grafik şifrelerin güvenlik analizinde kullanılmak üzere bir grafik şifre entropi kestirim algoritması geliştirilmiştir. Geliştirilen algoritma grafik tabanlı şifrelemede kullanılan çeşitli imgeler üzerinde denenmiştir. Elde edilen sonuçlar önerilen algoritmanın grafik şifreleme sistemlerinde kullanılabileceğini göstermiştir.
FULL TEXT (PDF): 
PDF icon arastirmax-grafik-tabanli-sifrelerin-guvenlik-analizi-icin-bir-yaklasim.pdf
  • 2
23-32
  • Turkish

REFERENCES

References: 

1. Birget, J. C., Hong, D. and Memon, N. (2003) Robust discretization with application to graphical passwords,
Cryptology ePrint Archive.
2. Blonder, G. (1996) Graphical passwords, United States Patent, (5559961).
3. Boroditsky, M. (2002) Passlogix password schemes, http://www.passlogix.com.
4. Comaniciu, D. and Meer, P. (1999) Mean shift analysis and applications, 7th International Conference on Computer
Vision, pages 1197-1203.
5. Comaniciu, D. and Meer, P. (2002). Mean shift: A robust approach toward feature space analysis, IEEE Transactions
on pattern analysis and machine intelligence, 24(5):603-619.
6. Elias, G., Sherwin, G. and Wise, J. (1984) Eye movements while viewing ntsc format television, SMPTE Psychophysics,
Subcommittee white paper, Mar.
7. Findlay, J. (1980) The visual stimulus for saccadic eye movement in human observers, Perception, (9):7-21, Sept.
8. Jain, A., Hong, L. and Pankanti (2000) S. Biometric identification. CACM 43, pages 91-98.
9. Jermyn, I., Mayer A., Monrose, F., Reiter, MK., Rubin, AD. (1999) The design and analysis of graphical passwords,
8th Security Symposium, Washington DC.
10. Osberger, W. and Maeder, A. J. (1998) Automatic identification of perceptually important regions in an image,
Proceedings of Fourteenth International Conference on Pattern Recognition.
11. Patrick, A. S., Long, A. C. and Flinn, S. (2004) Hci and security systems, Proceedings of the SIGCHI Conference
on Human Factors in Computing Systems, pages 24-29. ACM.
12. Senders, J. (1997) Distribution of attention in static and dynamic scenes, Proceedings SPIE 3016, pages 186-194.
SPIE, Feb.
13. Tsudik, G. (1992) Message Authentication with One-Way Hash Functions, Proceedings of IEEE INFOCOM
1992, May.
14. Uludag, U., Pankanti, S., Prabhakar, S. and A. K. Jain (2004) Biometric Cryptosystems: Issues and Challenges,
Proceedings of the IEEE, Special Issue on Enabling Security Technology for Digital Rights Management, Vol. 92,
No. 6, pp. 948-960.
15. Wiedenbeck, S., Waters, J., Birget, J.C., Brodskiy, A., Memon, N. (2005) PassPoints: Design and longitudinal
evaluation of a graphical password system, International J. of Human-Computer Studies (Special Issue on HCI
Research in Privacy and Security), 63, 102-127.
16. Yarbus, A. (1967) Eye Movements and Vision, Plenum Press, New York, NY.
17. Zhao, J., Shimazu,Y., Ohta, K., Hayasaka, R. and Matsushita, Y. (1996) An outstandingness oriented image segmentation
and its application. ISSPA, pages 45-48.

Thank you for copying data from http://www.arastirmax.com