A Simple Text Based Graphical Password Scheme to Overcome Shoulder Surfing Attacks

There are no text-based shoulder surfing resistant graphical password schemes which are both secure and efficient enough. So, the proposed scheme which is simple text based efficient graphical password scheme using pointers. In which we have considered 64 characters of which 24 Upper cases and 24 Lower cases which also includes all special symbols and alphanumeric characters.It consist of two phases, Registration Phase and Login Phase. In registration phase When the user register for the first time he/she has to enter his/her password K of length L characters and select one pointer which will be a default pointer out of given 8 pointers. The user has to register an e-mail address for enabling his disabled account. The Registration phase should not be working in a Shoulder Surfing environment. In addition, a secure channel should be established between the system and the user during the registration phase by using SSL/TLS or any other secure transmission mechanism. The user’s textual password gain by the system from the user’s entry in password table should be encrypted by the system key To login the system the user have to go through the following algorithm known as text based graphical password MANS algorithm. Step 1: The user request to login into the system. Step 2: The system shows a circle composed of 8 equally sized sectors, and places 64 characters in which the 8 sectors randomly so that each sector contains some characters. All the characters are in three typefaces in that the 26 upper case letters are in bold typeface, the 26 lower case letters and the Special symbols are in regular typeface, and the 10 alphanumeric characters are in italic typeface. It alsodisplays, the button for rotating clockwise, the button for rotating anticlockwise, the “Confirm” button, and the “Login” button are also displayed on the login screen. All the shown characters can be simultaneously rotated into either the sectors clockwise by clicking the “clockwise” button once or the adjacent sector anticlockwise by clicking the “anticlockwise” button once, and the rotation operations can also be performed by scrolling the mouse wheel. Let i = 1.The user has to select the rotating sector containing the i-th character of his password K, denoted by K_i, into his pointer , and then Click on the “Confirm” button. Let i = i + 1. Step 4: If i< L, the system randomly shows all 64 characters, and then GOTO Step 3. Otherwise, the user has to click the “Login” button to complete the login process. If the account is unsuccessfully authenticated for three consecutive times, this account will be disabled and the system will send to the user’s registered e-mail address an e-mail containing the secret link that can be used by the own user to re-enable his disabled account. The user has to rotate the sector containing K_i into his pointer.The user can easily and simply login into the system without using any on-screen keyboard or normal keyboard. Finally, we have analyzed the resistances of the proposed scheme to shoulder surfing and accidental login.

http://www.ijarcce.com/upload/2015/march-15/IJARCCE%2087.pdf