Image based authentication using zero-knowledge protocol

One of the most critical concerns in information security today is user authentication. There is a great security when using the text-based strong password schemes but often remembering those good passwords is very hard and users writing them down on a piece of paper or saving inside the smart phone. There is an alternative solution to the text-based authentication which is the Graphical User Authentication (GUA) or simply image-based Password based on the fact that humans tend to memorize images better. This type of approach allows users to create and remember passwords easily. However, one big issues that is plaguing GUA is shoulder surfing attack that can capture the users mouse clicks and eavesdropping. In this paper, a new algorithm that using zero-knowledge protocol as the solution to solving the eavesdropping and shoulder surfing attack to provide better system security. In zero-knowledge protocol, users prove that they know the graphical password without sending it. In other words, the user does not send the password to the verifier or reveal it to the people nearby. Hackers who try to eavesdrop the password will be failed since the password is not sent over the insecure channel such as Internet nor reveal. Therefore it is a secured approach to prevent interception by unwanted parties or adversary. The result that is going to be yielded in this project is a secured authentication approach which is user-friendly.