Saturday, November 03, 2007

Picture This! Password Technology To Draw Upon

This Triangle Scheme example [Figure 12 – Sobrado and Birget 2002] of a pass-go “Graphical Password” process as delivered in a thesis submitted by Hai Tao, University of Ottawa, June 2006 - Ottawa, Canada -- Image Credit: Pass-Go, a New Graphical Password Scheme – Hai Tao Thesis

Picture This! Password Technology To Draw Upon

A new layer to the security to mobility devices comes to us, not in the form of words at all, but through drawing something on a picture.

Scientists discovered that a drawn graphical sequence that uses a photo as a backdrop for reference points is an extremely effective way to secure the use of a mobility device to a specific user.

The user turns on the handheld computer or PDA/Phone and the display opens up with a photo picture image. If this PDA is not yours, one thinks … Nice picture!

The user/owner takes out the stylus and draws an overlay graphic in the same way the user/owner registered himself/herself upon the photo picture image and … Presto! … Device enabled.

One of the major advantages the scientists found through this type of “Graphical Password” process is that the entry was easier to remember for the user/owner with a thousand times greater breech protection posed from outside threats to unwanted entry.

Researchers at Newcastle University had concerns about this common need of passwords and security, and came up with innovative Graphical Passwords system, an innovative software which allows the users to access a handheld device by simply draw a picture/graphic overlayed on a picture visable on your smartphones, iPhones or PDA’s touchscreen. Image Credit: My Digital Life

This excerpted from Newcastle University in the UK -

Scientists draw on new technology to improve password protection
Published at the Association for Computing Machinery Conference on Computer and Communications Security in Washington on 30th October

An inventive way of improving password security for handheld devices such as iPhones, Blackberry and Smartphone has been developed at Newcastle University.

The software, which uses pictures instead of letters and numbers, has been initially designed for handheld devices, but could soon be expanded to other areas.
Researchers now want to examine the system’s potential for helping people with language difficulties, such as dyslexia.

Today, the use of passwords is commonplace in everything from mobile phones to cash machines and computers. But in the wake of growing concerns about traditional ‘weak’ passwords created from words and numbers, Newcastle University computer scientists have been developing alternative software which lets the user draw a picture password, known as a ‘graphical password’.

“Many people find it difficult to remember a password so choose words that are easy to remember and therefore more susceptible to hackers,” explained computer scientist Jeff Yan, a lecturer at Newcastle University.

Along with his PhD student Paul Dunphy, Dr Yan has taken the emerging Draw a Secret (DAS) technology, a graphical password scheme where users draw their secret password as a free-form image on a grid, and taken this a step further.

In DAS, the user draws an image, which is then encoded as an ordered sequence of cells. The software recalls the strokes, along with the number of times the pen is lifted.

By superimposing a background over the blank DAS grid, the Newcastle University researchers have created a system called BDAS: Background Draw a Secret. This helps users remember where they began the drawing they are using as a password and also leads to graphical passwords that are less predictable, longer and more complex.

The BDAS software encouraged people to draw more complicated password images e.g. with a larger stroke count or length, that were less symmetrical and didn’t start in the centre. This makes them much harder for people or automated hacker programs to guess. 'In essence, this is a very simple idea as it’s intuitive,” said Mr Yan. 'It may take longer to create the password initially but it’s easier to remember and more secure as a result.'

For example, if a person chooses a flower background and then draws a butterfly as their secret password image onto it, they have to remember where they began on the grid and the order of their pen strokes. It is recognised as identical if the encoding is the same, not the drawing itself, which allows for some margin of error as the drawing does not have to be re-created exactly.
After creating their secret password images on the grid, they
[testers] were asked to repeat what they had initially drawn. One week later, they were asked to re-create the same image and 95% BDAS users were able to do so within three attempts.

'The recalled BDAS passwords were, on average, more complicated than their DAS counterparts by more than 10 bits,' said Dr Yan. 'This means that the memorable BDAS passwords improved security by a factor of more than 1024. They were also more secure than current textual passwords by an even larger factor.'

He added that, of those who attempted to draw something, the creations were very much dependent on the participants’ artistic ability

Dr. Yan with PDA/Smartphone -- Image Credit: Newcastle University

'The most exciting feature is that a simple enhancement simultaneously provides significantly enhanced usability and security,' concluded Mr Yan.

The full paper: Do Background Images Improve “Draw a Secret” Graphical Passwords?, will be published at the Association for Computing Machinery Conference on Computer and Communications Security in Washington on 30th October.
Reference Here>>

You know, that if this process really catches on, it will give a whole new meaning to the expression ... "Graphical User Interface"!

No comments: