Persuasive Cued Click-Points: Design, implementation & evaluation of a knowledge-based authentication mechanism
This project presents an integrated evaluation of the Persuasive Cued Click-Points graphical password scheme, including usability and security evaluations, and implementation considerations. An important usability goal for knowledge-based authentication systems is to support users in selecting passwords of higher security, in the sense of being from an expanded effective security space. We use persuasion to influence user choice in click-based graphical passwords, encouraging users to select more random, and hence more difficult to guess, click-points.
The problems of knowledge-based authentication, typically text-based passwords, are well known. Users often create memorable passwords that are easy for attackers to guess, but strong system-assigned passwords are difficult for users to remember.Text passwords are the most popular user authentication method, but have security and usability problems. Alternatives such as biometric systems and tokens have their own drawbacks. Graphical passwords offer another alternative.
We applied this approach to create the first persuasive click-based graphical password system, Persuasive Cued Click-Points (PCCP), and conducted user studies evaluating usability and security. Here we presents a consistent assimilation of earlier work and two unpublished web studies, reinterprets and updates statistical analysis incorporating larger datasets, provides new evaluation of password distributions, extends security analysis including relevant recent attacks, and presents important implementation details.
This systematic examination provides a comprehensive and integrated evaluation of PCCP covering both usability and security issues, to advance understanding as is prudent before practical deployment of new security mechanisms. Through eight user studies, we compared PCCP to text passwords and two related graphical password systems. Results show that PCCP is effective at reducing hotspots (areas of the image where users are more likely to select click-points) and avoiding patterns formed by click-points within a password, while still maintaining usability.
Implementation is the stage of the project when the theoretical design is turned out into a working system. Thus it can be considered to be the most critical stage in achieving a successful new system and in giving the user, confidence that the new system will work and be effective.
The implementation stage involves careful planning, investigation of the existing system and it’s constraints on implementation, designing of methods to achieve changeover and evaluation of changeover methods.
1. Persuasive Technology:
Persuasive Technology using to motivate and influence people to behave in a desired manner. An authentication system which applies Persuasive Technology should guide and encourage users to select stronger passwords, but not impose system-generated passwords. To be effective, the users must not ignore the persuasive elements and the resulting passwords must be memorable. As detailed below, PCCP accomplishes this by making the task of selecting a weak password more tedious and time consuming. The path-of-least resistance for users is to select a stronger password (not comprised entirely of known hotspots or following a predictable pattern). The formation of hotspots across users is minimized since click-points are more randomly distributed. PCCP’s design follows Fogg’s Principle of Reduction by making the desired task of choosing a strong password easiest and the Principle of Suggestion by embedding suggestions for a strong password directly within the process of choosing a password.
Hotspots are areas of the image that have higher likelihood of being selected by users as password click-points. Attackers who gain knowledge of these hotspots through harvesting sample passwords can build attack dictionaries and more successfully guess PassPoints passwords. Users also tend to select their click-points in predictable patterns(e.g., straight lines), which can also be exploited by attackers even without knowledge of the background image; indeed, purely automated attacks against PassPoints based on image processing techniques and spatial patterns are a threat.
3. Spatial Patterns:
The click-point distributions of PCCP along the x and y-axes fell within the range for random distributions with 95% probability, while those of PassPoints. showed a clear progression from top-left to bottomright based on the ordinal position of the click-points within the password. We believe that the difference is users’ selection strategy is based on whether the clickpoints are selected on one image, as in PassPoints, or distributed across several images. With one image, as in PassPoints, users tend to start at one corner of the image and progress across the image with each subsequent click-point. However, with CCP and PCCP, users see a new image for each click-point and tend to select each click-point independently, with no regard to its ordinal position within the password.Click-points within PassPoints were much closer together (i.e., shorter segments between successive click-points), while CCP’s segments were the longest and within range of the random distributions. PCCP’s segments were slightly shorter than CCP’s. Given that no other spatial patterns are apparent for PCCP, we suspect that these shorter segments are an artifact of the viewport positioning algorithm, which slightly favoured more central areas of the image. With respect to angles and slopes formed between adjacent line segments within passwords, analysis shows that PCCP passwords have large angles and favour no particular direction. In contrast, PassPoints passwords often form straight horizontal or vertical lines. Similarly, the frequency distributions for the overall shapes formed by following the path from the first to last click-point for PCCP are within the range of the random datasets. PassPoints passwords were much more likely to form identifiable shapes.
A precursor to PCCP, Cued Click-Points (CCP) was designed to reduce patterns and to reduce the usefulness of hotspots for attackers. Rather than five click-points on one image, CCP uses one click-point on five different images shown in sequence. The next image displayed is based on the location of the previously entered click-point, creating a path through an image set. Users select their images only to the extent that their click-point determines the next image. Creating a new password with different click-points results in a different image sequence.
H/W System Configuration:-
Processor - Pentium –III
RAM - 512 MB(min)
Hard Disk - 180 GB
Floppy Drive - 1.44 MB
Key Board - Standard Windows Keyboard
S/W System Configuration:-
Operating System :Windows95/98/2000/XP
Front End : java, jdk1.6
Database : My sqlserver 2005
1. Secure Online Access.
2. MultiLevel Security for Remote Access
3. Security For Banking Sectors