03473nam a2200133Ia 4500100002000000100005100020245010700071260001400178260001000192260000900202300001000211500307700221700004103298  aPIT-004/2 (PHD)  aShah Zaman aSupervisor Dr. Syed Raheel Hassan 2aA Authentication Frome Work For Improving Security and Memorability Of Textuel Password   (Phd Thesis)  aNawabshah  bQUEST  c2018  a138p.  aABSTRACT

Authentication using passwords (knowledge widely long time due to ease of use deployment. Textual password scheme is very famous in knowledge base authentication, however this technique has many security issues such as offline guessing and recordability. In order deficiencies of traditional textual password many graphical are proposed but none has frilly replaced the textual password scheme, only Android unlock pattern scheme has got wide acceptance from users in the domain of phones but this scheme has many security issues. Problem with graphical password schemes is that some schemes are easy to use but not secure while other schemes are secure but very difficult to use. Another issue is that. users have to remember a new category of passwords (graphical) along with traditional alphanumeric passwords, which add extra load on memory. 
In this research a framework for user authentication is designed which is called Enhanced Password Authentication (EPA) framework, for resolving security and memorability issues of traditional textual passwords. In EPA framework one registration process and three login methods are designed. Alphanumeric characters and images are used for password creation. In the registration screen users can add visual cues to alphanumeric passwords for memorizing strong textual passwords. The login methods (called easy, moderate and secure) improve password security against guessability, observability and recordability attacks. Easy login method is similar to traditional textual password scheme, this method is designed for the applications where the account if compromised have no impact on users such as newsletter or One time password accounts. Moderate login method provides mid-level security for authentication process. This method is designed for the applications where the account if compromised have some impact on users but not financial losses, for example email or important social network accounts. Secure login method provides better resistance among all the three login methods. This method is suitable for the applications which contain sensitive information or financial data. 
EPA framework was tested by the users of two institutes for analysing security, usability and memorability. The testing results suggest that majority of users' utilized visual cues for password creation, which ultimately improved password security and memorability. Passwords of the users were consist of alphanumeric characters and images in such a way that small percentage of the passwords were cracked through dictionary attack. Another advantage of the EPA framework is that it can be easily replaced with traditional textual password scheme because same alphanumeric passwords can be used inside the EPA framework. 
Furthermore, an evaluation model for knowledge based authentication schemes has been proposed in this research, the evaluation model is called TQ-Model. Based upon TQ-Model a comparative study has been presented in this thesis between EPA framework and well-known knowledge based authentication schemes.
  aDepartment of Information Technology