A Secure Authentication Using Graphical Password Authentication System: GPAS

Abstract

Now a days majority of computer systems, passwords are the method of choice for authenticating users. A process by which a system verifies the identity of a user is known as ‘Authentication’. Authentication may also be generalized by saying that “to authenticate” means “to authorize”. Authentication is the first line of defense against compromising confidentiality and integrity. The most widely and commonly used authentication is traditional “Username” and “Password”. For such authentication generally text (alphanumeric) is used. It is well-known, however, that passwords are susceptible to attack: users tend to choose passwords that are easy to remember, and often this means that they are also easy for an attacker to obtain by searching for candidate passwords . Token and biometric based authentication systems were introduced as an alternative for that schemes. However, these schemes are very costy . Thus, Graphical scheme was introduced as a variation to the login/password scheme. In this paper we explore an approach to user authentication that generalizes the notion of a textual password and that, in many cases, improves the security of user authentication over that provided by textual passwords. In this proposed system we have used a new technique for authentication. It is a variation to the login/password scheme using graphical password used in an graphical manner. We have introduced a framework of our proposed Graphical Password Authentication System (GPAS), which is immune to the common attacks suffered by other authentication schemes. We try to answer most important question “Are graphical passwords as secure and easy to use as text-based passwords”? Nowadays with the use of mobile phones, users can access any information including banking and corporate database. In this proposed work, we specifically target the mobile banking domain and propose a new and intelligent authentication scheme. However, our proposal can also be used in other domains where confidentiality and integrity are the major security requirements. Keywords: Authentication, security, Graphical password, mobile banking.