Research On Authentication Scheme Based On Graphical Password

Graphical password authentication is the most convenient way to authenticate users:a user firstly registers to a remote server with her/his username and graphical password,after that the server generates and saves an authentication credential derived from her/his graphical password.Such a method provides a convenient way to authenticate users,how-ever,it suffers from credential leakage.On the one hand,since the graphical password of a user is low-entropy,an attacker can exhaust the entire candidates,calculate their cre-dentials,and compare them with the user's credential stored in the server until the correct password is found.Such an attack is called a password guessing attack.Credential leakage is the most vulnerable security incident in enterprises and has caused great losses to users and enterprises.Therefore,protecting users' passwords against password guessing attack makes sense.On the other hand,current techniques proposed to address the credential leakage can not provide a strong guarantee for securing users' graphical passwords in a long time.An attacker can continuously collect important information during a long pe-riod of time and eventually recover users' passwords.Thus,the problem of how to make credential leakage detectable arises.Considering the above challenges,this dissertation delves into the credential leakage problem.The main contributions of this dissertation can be summerized as follows.1.This paper proposes a graphical password authentication scheme to address pass-word guessing attacks caused by credential leakage,dubbled GADL.GADL introduces a new mechanism which employs several key servers to generate credentials by salting and hashing passwords.Such a mechanism enables these servers to share a server-aside key in a distributed way and then assists in generating the salt in user login phase.In addition,GADL addresses the single-point-of-failure issue,such that an attacker cannot recover the server-aside key even they can obtain several shares stored on key servers,providing a stronger security gurangee for passwords.2.This paper proposes a graphical password scheme to detect credential leakage,dubbled DCSE.DCSE introduces honeywords which are a series of possible passwords generated by the server,and their credentials are stored with users' real password creden-tials together.An attacker cannot distinguish real passwords and honeywords,and once they try to log in with honeywords which are recovered from the leaked credential,the server can detect this action and determine that the credential has been compromised.To assist the server in distinguishing users' graphical passwords and honeywords,DCSE uti-lizes a distributed index calculation method which allows the server and honey checkers to collaborate in generating users' graphical passwords indexes.Such a method can prevent an attack that users' graphical password information is stored in a single server.