This paper presents an innovative framework for user authentication based on images. Common user authentication based on passwords has the main drawback of the human difficulty in recalling them. Images are instead easier to remember than passwords. Moreover, modern compression and transmission techniques make image exchange between different devices (e.g. mobile phones, personal digital assistants, laptops, and workstations) in heterogeneous networks practically feasible. In the proposed approach, images are coded using the emerging JPEG2000 standard and taking advantage of many of its features (e.g. image scalability, embedded bitstream, image tiling, and interactivity protocol). The described image based authentication is more secure than the common approach based on password.

An authentication system based on character strings as password is very vulnerable. An attacker can guess the user password when people use words that are easy to remember or he can use the well known dictionary attacks methods for discovering the password. An authentication method based on images can improve the security of the user authentication compared to that of textual password. An image based authentication system has two advantages: the user can remember images more easily than passwords [1]; the system will be less vulnerable to hacker attack techniques [2,3]. For this reason, the use of personal/personalized images can be a means of user authentication more effective than string based (password) authentication. An authentication system can collect user images to be used by a challenge and response protocol for authenticating the user. Functionalities such as scalability, progressive image transmission, client/server interactivity are undoubtedly necessary in order to make the image exchange and user authentication process feasible. The emerging JPEG2000 standard for image coding published by the JPEG committee (ISO/IEC JTC 1/SC 29/WG 1) provides the required feature for the framework described in this paper. Furthermore, at the 31st JPEG Meeting, a new call for technology [4] was issued with the goal of providing standard specifications for an authentication protocol in an image based authentication system based on the JPEG 2000 standard. This paper proposes an innovative framework for image based authentication (IBA) which takes full advantage of JPEG 2000’s functionalities and JPEG 2000’s interactivity protocol [5]. The rest of the paper is organized as follows. A brief analysis of the related work is presented in Section 2. The IBA framework is described in Section 3. Finally, Section 4 concludes this paper. 2. RELATED WORK There are some graphical/image based authentication approaches proposed in the literature. In [6], a user is required to select some predetermined points on an image (“graphical password”) in a particular order for being authenticated. Two graphical password schemes were proposed in [7]. The first method was a simple enhancement of the input of textual passwords using graphical techniques. The second method required the user to draw a secret design on a display grid. These schemes achieved better security than conventional textual passwords. The requirements of a recognition-based authentication system were examined in [8]. In this approach, the user authentication depends on his ability to recognize previously seen images

Free download research paper