1

I have developed a graphical password technique to over come weakness we face with text password such as shoulder surfing attack, dictionary attack etc. I have implemented the technique in php used mysql and html. I want to know where this technique lies in the big picture of network security and network communication.

If i assume pre shared key for encryption and my proposed graphical password for authentication, can I call it together Application layer protocol ? If yes why and if no Why not?

and how this scheme related to authentication protocols (mutual and one way authentication) and kerberos? Thank you in advance

Azra Mahrukh
  • 151
  • 1
  • 14
  • what weakness did you find in other approaches ? Would you little bit more explore your graphical password approach ? – Khurram Ali May 09 '15 at 15:49
  • @KhurramAli Text based password are if complex then tough to remember and if easy to remember they are guessable/predictable one of many reason.... – Azra Mahrukh May 09 '15 at 15:51

1 Answers1

0

Such logging technique need to be put at the operatingSystem logon screen, where user logs into his/her account, by implementing custom credentials provider. To find out how you may read very good resources listed at Documentation for creating a Custom Credential Provider in Windows

During this logon system creates a Kerberos TGS ticket and stores it in Kerberos cache. Afterwards, once user is logged in to her/his account and opens a webpage with SSO, a browser uses underlying mechanisms, which (using this TGS ticket from cache) obtain for the browser a Kerberos service ticket, which browser uses to log into a website.

Community
  • 1
  • 1
greenmarker
  • 1,599
  • 1
  • 21
  • 29
  • can be used at Automatic teller machine for withdrawing cash and also as login mechanism for emails...I have reached at the conclusion that it can be called application layer authentication protocol. do you agree? – Azra Mahrukh May 17 '15 at 06:45