Capability Of Kbam Using Persuasion Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Most of the existing authentication system has certain drawbacks for that reason graphical passwords are most preferable authentication system where users click on images to authenticate themselves. An important usability goal of an authentication system is to support users for selecting the better password. User creates memorable password which is easy to guess by an attacker and strong system assigned passwords are difficult to memorize. So researchers of modern days gone through different alternative methods and conclude that graphical passwords are most preferable authentication system. The proposed system combines the existing cued click point technique with the persuasive feature to influence user choice, encouraging user to select more random click point which is difficult to guess.

Index Terms- Authentication, graphical passwords, images, usable security.


The problem of Knowledge based authentication typically text based password are well known. The goal of an authentication system is to support users in selecting the superior password. An alternative to alphanumeric password is the graphical password. Graphical password uses images or representation of an image as a password. Human brains easily recognize pictures than the text. Most of the time user create memorable password which is easy to guess but strong system assigned password are difficult to remember. [1] An authentication system should allow user choice while influencing user towards stronger passwords.

An important usability goal of Knowledge based authentication system is to support users in selecting password of higher security with larger password space. Basically persuasion is used to influence user choice in click based graphical password, encouraging user to select more random click point which is difficult to guess. In the proposed system, the task of selecting weak password which is easy for an attacker to guess is more tedious, discouraging users from making such choices. In consequence, this approach chooses the more secure password the path of least resistance. Instead of increasing the burden on users it's easier to track the system suggestions for a secure password which is the feature lacking in most of the schemes.

Nomenclature of Authentication

The following figure 1 shows the representation of current authentication methods. Biometric based authentication techniques are somewhat expensive, slow and unreliable and thus not preferred by many [3]. Token

Prof. P. S. Mohod Computer Science & Engg, GHRIETW Nagpur

based authentication system has high security and usability and accessibility then the others. Also the system uses the knowledge based techniques to enhance the security of token based system. But the problem with token based system is that if token get lost, the security get also lost [2].

Fig 1: Categorization of Password Authentication Techniques

So the Knowledge based authentication techniques are most preferable technique to improve the real high security. Graphical Password is one of the knowledge based technique and it is categorized into Recognition based and Recall based [11].

Literature Review

G. E. Blonder [4] proposed graphical password scheme in which user click on several different predefined location on a predetermined image. During login, the user has to click on the approximate area of those locations. Basically the image helps the user to recollect their passwords and therefore this method is considered more suitable than unassisted recall. The problem with this system is that boundaries are predefined which results various attacks are easily possible.

Fig 2: Blonder's Scheme

S. Wiedenbeck et al. [5][6][7] proposed pass-point graphical password scheme in which password consists of a sequence of 5 different click point on a given image. During password creation user can select any pixel in the image as a click-points and during authentication the user has to repeat the same sequence of clicks in correct order within a system defined tolerance square of original click-points. Pass-point used the robust discreatization technique. The problem with this scheme is that HOTSPOT (area of an image where user more likely to select the click-point) and pattern formation attacks are easily possible.

Fig 3: Pass-Point

S. Chaisson et al. [8] proposed cued click -point which was intended to reduce the HOTSPOT and pattern formation attack. CCP uses one click point on five different images instead of five click-points on one image. The next image to be displayed is based on previous click-point and the user specific random value by using a deterministic function. Here the password entry becomes a true cued recall scenario wherein each image triggers the memory of corresponding click-point. For legitimate users it provides implicit feedback such that while logging if user unable to recognize the image then it automatically alters the user that their previous click-point is incorrect and user can restart the password entry where as explicit indication is provided after the final click point. CCP also used the robust discreatization technique. The problem with this technique is false accept and false reject is possible.

Fig 4: Cued Click point

A. Forget et al. [10] proposed persuasive text password (PTP) scheme which employs a persuasive technology principles to persuade users in creating more secure passwords. During password creation, the user select his own password, the PTP improve its security by placing the random characters at random positions into the password. Users can shuffle the random characters until they find the combination to be memorable. Basically PTP is a user-chosen text password system which guides user to make their password more secure.

Proposed System

The proposed system is based on click based graphical password system that not only guides and helps the user for password selection but also encourages the user to select more random distributed password. The proposed system is based on Persuasive Technology which motivates and influence people to behave in a desired manner [9]. The proposed system combines the Persuasive features with the cued click-point to make authentication system more secure. Basically during password creation small viewport is positioned on the image and user has to select the click-point within the viewport and if the user is unable to select the click-point then he can move the viewport by pressing the shuffle button. The viewport guides users to select more random passwords that are less likely to include hotspots. Therefore this works encouraging users to select more random, and difficult passwords to guess. During Login, images are displayed normally and user has to select the click-point as chosen at the time of password creation but this time viewport is not present as viewport only provides the system suggestion. An important usability goal of proposed system is to support users in selecting password of higher security with larger password space. The proposed system removes the pattern formation attack and Hotspot attack (it is an area of an image where most of the user is selecting it as the click-point).

Security Analysis of Graphical Password

Dictionary attack

In Graphical Password scheme dictionary attack is not possible because here user gives an input using mouse where as in case of text password user provides input through the keyboard which results dictionary attack is easily possible.


The most basic guessing attack is Brute-force attack. Some Graphical Password system is vulnerable to guessing attack.

Shoulder Surfing

Like text password Graphical password is also vulnerable to Shoulder-Surfing attack.

Spy ware

Key logging or key listening spy ware cannot be used to break graphical passwords system. Mouse motion alone is not enough to break graphical passwords.

• Social engineering

It is very difficult for a user to discuss regarding the graphical password as compare to text password. So Graphical Password Systems are free from Social Engineering attack.


A major advantage of proposed scheme is that it provides larger password space then the alphanumeric passwords. For Graphical passwords there is a rising interest is that they are better than the Text based passwords, although the main argument for graphical passwords are that people are better at memorizing graphical passwords than text-based passwords. Also it removes the pattern formation and hotspot attack since it provides the system suggestion.