Image Authentication Schemes against Key-Logger Spyware

Spywares has become major problem now days. This type of software may track user activities online and offline, provide targeted advertising and/or hold in other types of uninvited activities. Password collection by spywares is increasing at a shocking pace [1]. The problem of entering sensitive data, such as passwords, from an untrusted machine, is obviously undesirable, however roaming users generally have no other option. They are in no point to review the security status of Internet cafe or business center machines, and as no alternative to typing the password. We consider whether it is possible to enter data to confuse spyware assumed to be running on the machine in question. The difficulty of mounting a collusion attack on a single userpsilas password makes the problem more tractable than it might appear. This problem of password security can be improved by biometric based authentication and graphical authentication, however availability and cost of biometric authentication is considerable problem. In this paper, we present an alternative user authentication based on Images that is resistant to keylogger spywares. We have design and implemented a method that uses a strengthened cryptographic hash function to compute fast and secure passwords for arbitrarily many accounts while requiring the user to memorize only few memorable points in the image. In addition to keylogger spywares our design is also highly resistant to brute force attacks and prone to Dictionary attack, allowing users to retrieve their passwords from any location so long as they can execute our program and remember a short secret. This combination of security and usability will attract users to adopt our scheme. This paper will be useful for information security researchers and practitioners who are interested in finding an alternative to spyware resistant user authentication.