Graphical Password authentication using Hmac
-
Upload
arpana-shree -
Category
Technology
-
view
450 -
download
3
description
Transcript of Graphical Password authentication using Hmac
Passwords
Presented by: Lakshmi.V Arpana
Shree.A
Outline
GPAIntroduction Overview of the Authentication MethodsThe survey
Recognition Based Techniques Recall Based Techniques
Discusssion Security Usability
Conclusion
04/12/23
2
Passwords
Introduction
How about text-based passwords ? Difficulty of remembering passwords
easy to remember -> easy to guess hard to guess -> hard to remember
Users tend to write passwords down or use the same passwords for different accounts
An alternative: Graphical Passwords Psychological studies: Human can remember pictures
better than text
04/12/23
3
Passwords
Graphical Password Scheme
If the number of possible pictures is sufficiently large, the possible password space may exceed that of text-based schemes, thus offer better resistance to dictionary attacks.
can be used to: workstation web log-in application ATM machines mobile devices
04/12/23
4
Passwords
Overview of the Authentication Methods
Token based authentication
Biometric based authentication
Knowledge based authentication
04/12/23
5
Passwords
Recognition Based Techniques
Dhamija and Perrig SchemePick several pictures out of many choices, identify them laterin authentication.
04/12/23
6
Passwords
Recall Based Techniques
Sobrado and Birget Scheme System display a number of pass-objects (pre-selected by
user) among many other objects, user click inside the convex hull bounded by pass-objects.
04/12/23
7
Passwords
Recognition Based Techniques
Other Schemes
Using human faces as password
Select a sequence of images as password
04/12/23
8
Passwords
Recall Based Techniques
Draw-A-Secret (DAS) SchemeUser draws a simple picture on a 2D grid, the coordinates of
the grids occupied by the picture are stored in the order of drawing
04/12/23
9
Passwords
Recall Based Techniques
“PassPoint” SchemeUser click on any place on an image to create a password. A tolerance around each chosen pixel is calculated. In order to be authenticated, user must click within the tolerances in correct sequence.
04/12/23
10
Passwords
Recall Based Techniques
Other Schemes
Grid Selection Scheme
Signature Scheme
04/12/23
11
Passwords
Schemes Not In This Paper
Using distorted images to prevent revealing of passwords
Using images with random tracks of geometric graphical shapes
04/12/23
12
Passwords
Security
Is a graphical password as secure as text-based passwords?
04/12/23
13
Passwords
Usability
Pictures are easier to remember than text strings
Password registration and log-in process take too long
Require much more storage space than text based passwords
04/12/23
14
Passwords
Conclusion
main argument for graphical passwords: people are better at memorizing graphical passwords than text-based passwords
It is more difficult to break graphical passwords using the traditional attack methods such as:burte force search, dictionary attack or spyware.
Not yet widely used, current graphical password techniques are still immature
04/12/23
15
Passwords
HMAC-OTP
04/12/23
16
Passwords
What is 2FA
AuthenticationServer
Provisioning
Retrieval
Validation-1
Transport
(OTP-Token,(OTP-Validation Service)
349382
Validation-2
04/12/23
17
Passwords
Trend
HOTP value(1997
)
Trunc(HOT
P value)(2005
)
Different way of
entering (2012)
04/12/23
18
Passwords
Definition
HOTP- HMAC based one time password algorithmDefinition: Let k-secrete key c-counter HMAC(K,C) = SHA1(K ⊕ 0x5c5c… ∥ SHA1(K ⊕
0x3636… )) Then HOTP(K,C) is mathematically defined by HOTP(K,C) = Truncate(HMAC(K,C)) &
0x7FFFFFFF
04/12/23
19
Passwords
HOTP Value
HOTP-Value = HOTP(K,C)
mod 10d, where d is the desired number of digits
04/12/23
20
Passwords
Notation & Symbols
s: string
|s|:length of the string
n:number
|n|:length of the number
04/12/23
21
Passwords
Contd..
s[i]:string at ith bit
stToNum: function that as i/p a string s returns the number whose binary representation is s
Example: stToNum(110)=6
04/12/23
22
Passwords
Symbols
C:Counter value, moving factor
K:screate key b/w client and server
S:Synchronization parameter
Digit:number of digit in an HOTP Value
04/12/23
23
Passwords
Generation of HOTP Value
Step-1 Generate HMAC Value(HMAC-SHA-1) Let HS=HMAC-SHA-1(k,c) [ HS=20 bytes (say)]Step-2 Generate 4byte string(DT) sbits=DT(HS) [returns 32-bit
string]Step-3 Compute HOTP Value Let Snum=stToNum(sbits) return D=Snum mod 10^Digit
04/12/23
24
Passwords
Why DT?
The purpose of DT is to extract a 4 byte dynamic binary code from 160 bit(20byte)
04/12/23
25
Passwords
Cryptographic Hash function
Hello
Hai Dear
How are you
CHF
CHF
CHF
DX006YT YGC4
HG902E5E UR84
TYUR FGBV DB
BLOCKS DIGEST
04/12/23
26
Passwords
Definition
HMAC (K,m) = H((K ⊕ opad) ∥ H((K ⊕ ipad) ∥ m))where
H is a cryptographic hash function, ||: concatenation
⊕ : exclusive or (XOR)
opad is the outer padding (0x5c5c5c…5c5c) ipad is the inner padding (0x363636…3636).
04/12/23
27
Passwords
Implementation
function hmac (key, message) { if (length(key) > blocksize) then key = hash(key) end if if (length(key) < blocksize) then key = key ∥ [0x00 * (blocksize - length(key)) end if o_key_pad = [0x5c * blocksize] ⊕ key i_key_pad = [0x36 * blocksize] ⊕ key return hash(o_key_pad ∥ hash(i_key_pad ∥ message))End of function
04/12/23
28
Passwords
THANK YOU
04/12/23
29
Passwords