Document Sample
BASE PAPER Powered By Docstoc
					  International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 –
  6367(Print), ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME
                             & TECHNOLOGY (IJCET)
 ISSN 0976 – 6367(Print)
 ISSN 0976 – 6375(Online)
 Volume 3, Issue 3, October - December (2012), pp. 490-500
 Journal Impact Factor (2012): 3.9580 (Calculated by GISI)                 ©IAEME


          Mrs. M. A. Patel 1, Ms. Y.U.Kadam 2, Ms. R. Y.Thombare 3, Ms. H. P. Patil 4
         (Department of Computer Engineering, Godavari College of Engineering, Jalgaon,
             (Department of Computer Technology, K. K. Wagh Polytechnic(SS), Nashik,
                   (Department of Computer Engineering, K.K.W.I.E.E.R., Nashik,
          (Department of Computer Engineering, Godavari College of Engineering, Jalgaon,


          The most common computer authentication method is to use alphanumerical
usernames and passwords. This method has been shown to have significant drawbacks. For
example, users tend to pick passwords that can be easily guessed. On the other hand, if a
password is hard to guess, then it is often hard to remember. To address this problem, some
researchers have developed authentication methods that use pictures as passwords. In this paper,
we conduct com-prehensive survey of the existing graphical password techniques. We classify
these techniques into two categories: recognition-based and recall-based approaches. We discuss
the strengths and limitations of each method and point out the future research directions in this
area. We also try to answer two important questions: What are the major design and
implementation issues for graphical passwords. In this paper, we are conducting comprehensive
survey of existing graphical image password authentication techniques. Also we are here
proposing a new technique for graphical authentication.

Keywords: authentication, computer security, graphical passwords, guessing attacks,


          Human factors are often considered the weakest link in a computer security system.
Point out that there are three major areas where human-computer interaction is important:
authentication, security operations, and developing secure systems. Here we focus on the
authentication problem. On the other hand, passwords that are hard to guess or break are often

   International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 –
   6367(Print), ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME

hard to remember. Studies showed that since user can only remember a limited number of
passwords, they tend to write them down or will use the same passwords for different accounts.
To address the problems with traditional username password authentication, alternative
authentication methods, such as bio-metrics, have been used. In this paper, however, we will
focus on another alternative: using pictures as passwords. Graphical password schemes have
been proposed as a possible alternative to text-based schemes, motivated partially by the fact
that humans can remember pictures better than text; psychological studies supports such
assumption. Pictures are generally easier to be remembered or recognized than text. In addition,
if the number of possible pictures is sufficiently large, the possible password space of a
graphical password scheme may exceed that of text-based schemes and thus presumably offer
better resistance to dictionary attacks. Because of these advantages, there is a growing interest in
graphical password. In addition to workstation and web log-in applications, graphical passwords
have also been applied to ATM machines and mobile devices. In this paper, we conduct a
comprehensive survey of the existing graphical password techniques. We will discuss the
strengths and limitations of each method. In this paper, we want to answer the following
1. Are graphical passwords as secure as text passwords?
2. What are the major design and implementation issues for graphical passwords?
It is useful for researchers who are interested in developing new graphical password algorithms
as well as industry practitioners who are interested in deploying graphical password techniques

Current authentication methods can be divided into three main areas:

   1. Token base authentication
   2. Biometric based authentication
   3. Knowledge based authentication
   2.1 Token based authentication

                      Fig1: Taxonomy of Password Authentication Techniques

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 –
6367(Print), ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME

1.1 Token based techniques such as keycards, bank cards and smart cards are widely used.
Many token-based authentication systems also use knowledge based techniques to enhance
security. For example, ATM cards are generally used together with a PIN number.

1.2 Biometric based authentication technique such as fingerprints, iris scan, or facial
recognition, is not yet widely adopted. The major drawback of this approach is that such
systems can be expensive, and the identification process can be slow and often unreliable.
However, this type of technique provides the highest level of security.

1.3 Knowledge based authentication are the most widely used authentication techniques and
include both text-based and picture-based passwords. The picture-based techniques can be
further divided into two categories:

1.3.1 Recognition- based techniques:
      Using recognition-based techniques, a user is presented with a set of images and the user
passes the authentication by recognizing and identifying the images he or she selected during
the registration stage.

1.3.2 Recall-based graphical techniques:
      Using recall-based techniques, a user is asked to reproduce something that he or she
created or selected earlier during the registration stage.


        Usually user authentication involves confirming with a certain degree of confidence
that the electronic form of user’s identity represented in the IT System corresponds to the real
life identity of the user. There are three factors of user authentication that may be used in
combination to increase the level of confidence in the claimed identity of a user.

2.1 Single Factor/Knowledge-Based Authentication: This type of authentication technique
consists of text base that uses passwords or Personal Identification Numbers (PINs) and
graphic based authentication that uses graphics for authentication. Knowledge based
authentication uses secret information. When user provides some information to authenticate
himself as a legitimate user, the system processes this information and suggests whether the
user is legitimate or not Knowledge based authentication is based on “Something You Know”
assumption, in which the user types a password to login to a computer or enters his Personal
Identification Number (PIN) to access his/her bank account from an ATM. The classic form of
single factor authentication is user ID and Password where the user claims his/her identity by
presenting a user ID to the IT access control system. The system then checks the password for
the claimed identity against its secure list of known identities and passwords. If the user ID
and Password pair entered by the user match the User Id and password stored in the IT access
control system then the user is judged to be authentic and given access to the system.

2.2 Two Factor / Token Based Authentication: This scheme uses some physical items called
tokens such as smart cards, passports and physical keys. Authentication token or simply a
token may be a physical device that an authorized user of computer is given to aid in
authentication. Such a token may be physically connected or plugged into the client system.
The term may refer to software token as well. Hardware tokens are typically small enough to
be carried out in a pocket or purse and often are designed to attach to the user’s keychain.

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 –
6367(Print), ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME

Some may store cryptographic keys such as a digital signatures or biometric data such as a
fingerprint. Other may include small keypads to allow the entry of a PIN. Token based
authentication is based on
“Something You Have” assumption, in which the user carries a wallet full of credentials (a
driver’s license, credit card, a university ID card) to certify his/her identity (as a driver, as a
credit worthy consumer, or as a student). This system uses both forms of authentication. i.e. it
involves using “Something You Know” ( i.e. a PIN) and “ Something You Have” ( i.e. a
token). Most widely used forms of two factor authentication are.

2.1.1 Automated Teller Machine (ATM) or Cash point Machine Card and PIN.

2.1.2 Access Control Token and PIN at an ATM, the user puts his/her Cash point/ATM card
into the ATM and the ATM requests the user to enter his/her PIN. The information held on
magnetic stripe of the card together with the PIN, encrypted in a secure block of data, is sent
to the Bank’s Central authentication System, where the PIN entered by the user, is compared
with the PIN held on file against the user’s account number and details. However, in this
scheme, personally designed unique information is used as token. Each user is registered
against that unique token which becomes his identifying label of the token. Stored information
is presented to the system (e.g. ATM card) as well as PIN code to authenticate a user.

2.3 Three Factor / Biometric Based Authentication: Three factor authentication or Biometric
based authentication involves using an access control token such as smart card, a PIN to
access the smart card and a biometric value held in the central database. The card is entered
into a reader, the PIN is entered, the biometric is read and encrypted under a cryptographic key
held on the smart card. The user ID read from the smart card together with the encrypted
biometric are sent to the central database, where the biometric can be decrypted and compared
with the value on the central access control system/database. It is to be noted that the user’s
PIN is not sent to the central access control system but is checked locally by the smart card.
Bio-metrics is the technologies that analyze human characteristics for automated personal
authentication. In this scheme, behavioral characters (i.e. voice signature, gait of a human) as
well as psychological characters (i.e. finger-print, hand, iris, retina, face) describing human
characteristics are used for authentication. Biometric based authentication is used for both
authentications as well as for identification. In short, this system uses some physical or
behavioral traits of a human for authentication.

Comparison among Authentication Schemes Knowledge based authentication has the
following flaws
• It is harder to remember passwords for a long time. With the passage of time, as the user’s
need, when user involves in more than one password based authentication systems, it becomes
difficult for the user to distinguish among passwords used for different applications and to
correctly remember those passwords. As time passes on, and by using many password based
applications, forgetfulness of passwords is more probable to occur.
• When a user may have more than one account with different passwords, the leakage of one
or more of them are just possible.
A password that is written down can be seen by others and can be stolen.
  • Passwords invented by people are devised to be easy to remember a word in dictionary or
a loved one’s name, a telephone number or a keyboard pattern (i.e. “asdf”) or some
combination thereof. Unfortunately, a password drawn from that significantly smaller space
will be considered easier to guess. This form of authentication is relatively weak because, the

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 –
6367(Print), ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME

same password is used over and over again, giving many opportunities for it to be illicitly
captured. Two factor/ Token based authentication is considered to be stronger than Single
factor/Knowledge based authentication system, where user’s confidence can be increased
beyond what Single factor/Knowledge based authentication method provides by requiring that
multiple independent method be used to authenticate individuals. This is known as multifactor
authentication and the combination of two independent methods is known as Two Factor
authentication. Here ignorance of the “Something You Know” (a PIN) makes it difficult for an
attacker to benefit from stealing the “Something You Have” (a bank card). As knowledge
based and token based authentication techniques are considered to be very effective, but for
the reason that passwords and tokens are liable to be stolen, forgotten or shared with some un-
authorized users due to which credibility reduces. On the one hand, software tokens are
flexible and less expensive than the hardware based solution. But on the other hand, software
tokens have the following flaws.

•   Software tokens are inherently vulnerable to malware and key logger attacks. They
    typically try to retrieve the user’s credentials when they are typed in.
•   Software tokens are vulnerable to visual spoofing attacks.
•   They need installation of token driver on the system.

These problems are difficult to solve. However, key logger attacks can be partially solved by
displaying a keyboard on the client’s screen having the user type in his credentials using this
keyboard in client-server architecture. Taking hardware token in consideration, carrying token
all the times is inconvenient for users. Since biometric data cannot be readily changed, a user
whose data has been leaked might be compelled to use different finger for authentication (e.g.
in fingerprint authentication system) and so the possibility of reuse due to leakage of enrolled
data is impossible as to impersonate the legitimate user for illegitimate purposes.


3.1. Dhamija and Perrig method: Dhamija and Perrig proposed a graphical authentication
scheme based on the Hash Visualization technique. In their system, the user is asked to select
a certain number of images from a set of random pictures generated by a program. Later, the
user will be required to identify the pre selected images in order to be authenticated.
 The results showed that 90% of all participants succeeded in the authentication using this
technique, while only 70% succeeded using text-based passwords and PINS. The average
log-in time, however, is longer than the traditional approach. A weakness of this system is
that the server needs to store the seeds of the portfolio images of each user in plaintext. Also,
the process of selecting a set of pictures from the picture database can be tedious and time
consuming for the user. Akula and Devisetty's algorithm [10] is similar to the technique
proposed by Dhamija and Perrig [4]. The difference is that by using hash function SHA-1,
which produces a 20 byte output, the authentication is secure and require less memory. The
authors suggested a possible future improvement by providing persistent storage and this
could be deployed on the Internet, cell phones and PDA's. Kirkpatrick [11] sketched several
authentication schemes, such as picture recognition, object recognition, and pseudo word
recognition, and conducted a number of user studies. In the picture recognition study, a user
is trained to recognize a large set of images (100-200 images) selected from a database of
20,000 images. After one to three months, users in their study were able to recognize over
90% of the images in the training set.

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 –
6367(Print), ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME

                    Figure2. Random images used by Dhamija and Perrig

This study showed that pictures are the most effective among the three schemes tested.
Pseudo codes can also be used, but require proper setting and training. Sobrado and Birget
developed a graphical password technique that deals with the shoulder-suffering problem. In
the first scheme, the system will display a number of pass-objects (pre-selected by user)
among many other objects. To be authenticated, a user needs to recognize pass-objects and
click inside the convex hull formed by all the pass-objects. In order to make the password
hard to guess, Sobrado and Birget suggested using 1000 objects, which makes the display
very crowded and the objects almost indistinguishable, but using fewer objects may lead to a
smaller password space, since the resulting convex hull can be large. In their second
algorithm, a user moves a frame (and the objects within it) until the pass object on the frame
lines up with the other two pass-objects. The authors also suggest repeating the process a few
more times to minimize the likelihood of logging in by randomly clicking or rotating. The
main drawback of these algorithms is that the log in process can be slow.
Manetal. [14] proposed another shoulder-suffering resistant algorithm. In this algorithm, a
user selects a number of pictures as pass-objects. Each pass-object has several variants and
each variant is assigned a unique code. During authentication, the user is challenged with
several scenes. Each scene contains several pass-objects (each in the form of a randomly
chosen variant) and many decoy-objects. The user has to type in a string with the unique
codes corresponding to the pass-object variants present in the scene as well as a code
indicating the relative location of the pass objects in reference to a pair of eyes. The argument
is that it is very hard to crack this kind of password even if the whole authentication process
is recorded on video because where is no mouse click to give away the pass-object

3.2 Hong’s Method:
       Hong[7] proposed another shoulder-surfing resistant algorithm. In this approach to
allow the user to assign their own codes to pass-object variants .
 Fig.3 shows the log-in screen of this graphical password scheme. However, this method still
forces the user to memorize many text strings and therefore suffer from the many drawbacks
of text-based passwords.

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 –
6367(Print), ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME

          Figure3. Another shoulder suffering resistant scheme developed by Hong


        In this section we discuss recent types of click based graphical password techniques:
4.1. Pass Points (PP)
4.2 Persuasive Cued Click- Points (PCCP)
4.3. Cued Click Points (CCP)

4.1 Pass point (PP):
Based on Blonder’s original idea [7], Pass Points (PP) [7] is a click-based graphical password
system where a password consists of an ordered sequence of five click-points on a pixel-
based image as shown in Fig.4

                                     Figure 4. Pass Points

To login, a user must click within some system-defined tolerance region for each click-point.
The image acts as a cue to help users remember their password click-points.

4.2 Persuasive Cued Click-Points (PCCP):
To address the issue of hotspots, PCCP was proposed [7].As with CCP, a password consists
of five click points, one on each of five images. During password
creation, most of the image is dimmed except for a small view port area that is randomly
positioned on the image as shown in Fig 5.

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 –
6367(Print), ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME

                       Figure 5: The PCCP password creation interface

Users must select a click-point within the view port. If they are unable or unwilling to select a
point in the current view port, they may press the Shuffle button to randomly reposition the
view port. The view port guides users to select more random passwords that are less likely to
include hotspots. A user who is determined to reach a certain click-point may still shuffle
until the view port moves to the specific location, but this is a time consuming and more
tedious process

4.3 Cued Click Points (CCP):
CCP [1] was developed as an alternative click based graphical password scheme where users
select one point per image for five images Fig.6: The interface displays only one image at a
time; the image is replaced by the next image as soon as a user selects a click point. The
system determines the next image to display based on the user’s click-point on the current
image. The next image displayed to users is based on a deterministic function of the point
which is currently selected. It now presents a one to-one cued recall scenario where each
image triggers the user’s memory of the one click-point on that image. Secondly, if a user
enters an incorrect click-point during login, the next image displayed will also be incorrect.
Legitimate users who see an unrecognized image know that they made an error with their
previous click-point. Conversely, this implicit feedback is not helpful to an attacker who does
not know the expected sequence of images

5. DETAILED DESCRIPTION OF METHOD                              GRAPHICAL          PASSWORD

        Cued Click Points (CCP) is a proposed alternative to Pass Points. In CCP, users click
one point on each of c = 5 images rather than on five points on one image. It offers cued-
recall and introduces visual cues that instantly alert valid users if they have made a mistake
when entering their latest click-point(at which point they can cancel their attempt and retry
from the beginning).

It also makes attacks based on hotspot analysis more challenging, as we discuss later. As
shown in Fig.6, each click results in showing a next image, in effect leading users down a
“path" as they click on their sequence of points. A wrong click leads down an incorrect path,
with an explicit indication of authentication failure only after the final click. Users can

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 –
6367(Print), ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME

choose their images only to the extent that their click-point dictates the next image. If they
dislike the resulting images, they could create a new password involving different click-
points to get different images. We envision that CCP fits into an authentication model where
a user has a client device (which displays the images) to access an online server (which
authenticates the user). We assume that the images are stored server-side with client
communication through SSL/TLS.
For implementation, CCP initially functions like Pass Points. During password creation, a
discretization method (e.g., see [1]) is used to determine a Click point's tolerance square and
corresponding grid. For each click-point in a subsequent login attempt, this grid is retrieved
and used to determine whether the click point

       Figure 6: CCP passwords can beregarded as a choice-dependent path of images

falls within tolerance of the original point. With CCP, we further need to determine which
next-image to display. Similar to the Pass Points studies, our example system had images of
size 451x331 pixels and tolerance squares of 19x19 pixels. If we used robust discretization
[1], we would have 3 overlapping candidate grids each containing approximately 400 squares
and in the simplest design, 1200 tolerance squares per image (although only 400 are used in a
given grid). We use a function f(username, current Image, currentToleranceSquare) that
uniquely maps each tolerance square to a next image. This suggests a minimum set of one
argument against using fewer 1200 images required at each stage. Images, and having
multiple tolerance squares map to the same next image, is that this could potentially result in
misleading implicit feedback in (albeitrare) situations where users click on an incorrect point
yet still see the correct next-image. Each of the 1200 next-images would have 1200 tolerance
squares and thus require 1200 next images of their own. The number of images would
quickly become quite large. So we propose reusing the image set across stages. By reusing
images, there is a slight chance that users see duplicate images. During the 5 stages in
password creation, the image indices i1, ..., i5 for the images in the password sequence are
each in the range 1= ij = 1200. When computing the next-image index, if any is a repeat (i.e.,
the next ij is equal to ik for some (k < j), then the next-image selection function f is
deterministically perturbed to select a distinct image.
A user's initial image is selected by the system based on some user characteristic (as an
argument to f above; we used username). The sequence is regenerated on-the-y from the
function each time a user enters the password. If a user enters an incorrect click-point, then
the sequence of images from that point onwards will be incorrect and thus the login attempt

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 –
6367(Print), ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME
will fail. For an attacker who does not know the correct sequence of images, this cue will not be
helpful. We expect that hotspots [6, 16] will appear as in Pass Points, but since the number of images
is significantly increased, analysis will require more effort which increases proportionally with the
configurable number of images in the system. For example, if attackers identify thirty likely Click
Points on the first image, they then need to analyze the thirty corresponding second images (once they
determine both the indices of these images and get access to the images themselves), and so on,
growing exponentially.       A major usability improvement over Pass Points is the fact that legitimate
users get immediate feedback about an error when trying to log in. When they see an incorrect image,
they know that the latest click-point was incorrect and can immediately cancel this attempt and try
again from the beginning. The visual cue does not explicitly reveal “right" or “wrong" but is evident
using knowledge only the legitimate user should possess. As with text passwords, Pass Points can
only safely provide feedback at the end and cannot reveal the cause of error. Providing explicit
feedback in Pass Points before the final click-point could allow Pass Point attackers to mount an
online attack to prune potential password subspaces, whereas CCP's visual cues should not help
attackers in this way. Another usability improvement is that being cued to recall one point on each of
five images appears easier than remembering an ordered sequence of five points on one image


        Now-a-days, all business, government and academic organizations are investing a lot of
money, time and computer memory for the security of information. Online password guessing attacks
have been known since the early days of the Internet, there is little academic literature on prevention
techniques. This project deals with guessing attacks like brute force attacks and dictionary attacks.

This project proposes a click-based graphical password system. During password creation, there is a
small view port area that is randomly positioned on the image. Users must select a click-point within
the view port. If they are unable or unwilling to select a point in the current view port, they may press
the Shuffle button to randomly reposition the view port. The view port guides users to select more
random passwords that are less likely to include hotspots. Therefore this works encouraging users to
select more random, and difficult passwords to guess.
Brute force and dictionary attacks on password only remote login services are now widespread and
ever increasing. Enabling convenient login for legitimate users while preventing such attacks is a
difficult problem. Automated Turing Tests (ATTs) continue to be an effective, easy to deploy
approach to identify automated malicious login attempts with reasonable cost of inconvenience to
users. This project proposes a new Password Guessing Resistant Protocol (PGRP), derived upon
revisiting prior proposals designed to restrict such attacks. While PGRP limits the total number of
login attempts from unknown remote hosts, legitimate users in most cases (e.g., when
attempts are made from known, frequently used machines) can make several failed login attempts
before being challenged with an ATT. This proposed system also provides protection against key
logger spy ware. Since, computer mouse issued rather than the keyboard to enter our graphical
password; this protects the password from key loggers.


       The past decade has seen a growing interest in using graphical passwords as an alternative to
the traditional text-based passwords. In this paper, we have conducted a comprehensive survey of
existing graphical password techniques. The current graphical password techniques can be classified
into two categories: recognition-based and recall-based techniques. Although the main argument for
graphical passwords is that people are better at memorizing graphical passwords than text-based
passwords, the existing user studies are very limited and there is not yet convincing evidence to
support this argument. Our preliminary analysis suggests that it is more difficult to break graphical
passwords using the traditional attack methods such as brute force search, dictionary attack, or
spyware. However, since there is not yet wide deployment of graphical password systems, the
vulnerabilities of graphical passwords are still not fully understood

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 –
6367(Print), ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME


[1] Sonia Chiasson, P.C. van Oorschot, and Robert Biddle, “Graphical Password
Authentication Using Cued Click Points” ESORICS, LNCS 4734, pp.359-374, Springer
Verlag Berlin Heidelberg 2007
[2] Manu Kumar, Tal Garfinkel, Dan Boneh and Terry Winograd, “Reducing Shoulder-
surfing by Using Gaze based Password Entry”, Symposium on Usable Privacy and Security
(SOUPS), July 8-20,2007, Pittsburgh, PA, USA
[3] Zhi Li, Qibin Sun, Yong Lian, and D. D. Giusto, “An association-based graphical
password design resistant to shoulder surfing Attack”, International Conference on
Multimedia and Expo (ICME), IEEE.2005
[4] R. Dhamija and A. Perrig, "Deja Vu: A User Study Using Images for Authentication," in
Proceedings of 9th USENIX Security Symposium, 2000
[5] S. Akula and V. Devisetty, "Image Based Registration and Authentication System,” in
Proceedings of Midwes Instruction and Computing Symposium, 2004
[6] L. Sobrado and J.-C. Birget, "Graphical passwords," The Rutgers Scholar, An Electronic
Bulletin for Undergraduate Research, vol. 4, 2002
[7] Sonia Chiasson, Alain Forget, Robert Biddle, P. C. van Oorschot, “User interface design
affects security: patterns in click-based graphical passwords”, Springer-Verlag 2009
[8] International Journal of Video & Image Processing and Network Security IJVIPNS Vol:
10 No: 04 Comparative Study Of Authentication Techniques"
[9] S. Man, D. Hong, and M. Mathews, " A Shoulder surfing resistant graphical password
scheme, “in Proceedings of International Conference on security and management. Las
Vegas, NV, 2003
[10] A. Adams and M. A. Sasse, "Users are not the enemy: why users compromise computer
security mechanisms and how to take remedial measures," Communications of the ACM, vol.
42, pp. 41-46, 1999
[11] I. Jermyn, A. Mayer, F. Monrose, M. K.Reiter and A.D. Rubin, "The Design and
Analysis of Graphical Passwords," in Proceedings of the 8th USENIX Security Symposium,
[12] Alain Forget, Sonia Chiasson, and Robert Biddle, “Shoulder-Surfing Resistance with
Eye Gaze Entry in Cued-Recall Graphical Passwords”, ACM 978- 1-60558-929-9/10/04,
April 10 – 15, 2010
[13] Md. Asraful Haque, Babbar Imam and Nesar Ahmad, “2-Round Hybrid Password
Scheme” International journal of Computer Engineering & Technology (IJCET), Volume3,
Issue2, 2012, pp. 579 - 587, Published by IAEME
[14] Kapil Tomar, Niraj Singhal and Sunil Kumar, “Software As A Service Security:
Challenges And Solutions” International journal of Computer Engineering & Technology
(IJCET), Volume2, Issue1, 2011, pp. 53 - 60, Published by IAEME
[15] Gurudatt Kulkarni, Jayant Gambhir and Amruta Dongare, “Security In Cloud
Computing” International journal of Computer Engineering & Technology (IJCET),
Volume3, Issue1, 2012, pp. 258 - 265, Published by IAEME
[16] Srikanth T.N. and Prabhudeva S, “Explicit Study On Security Issues In Multimedia
Streaming In Peer To Peer Network” International journal of Computer Engineering &
Technology (IJCET), Volume3, Issue2, 2012, pp. 588 - 602, Published by IAEME


Shared By: