IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
Graphical password authentication using Pass facesIJERA Editor
Authentication is one of the most important security primitive. Alphanumeric password authentication is most widely used authentication mechanism. This mechanism has been shown to have several drawbacks and is prone to various attacks such as brute force attack, shoulder surfing attack, dictionary attack. Thus to overcome the drawbacks of alphanumeric passwords, we propose Graphical passwords as an alternative to alphanumeric passwords. This is because humans tend to remember visuals better than text. This paper attempts to highlight the existing graphical Passface system, its usability features and then develop a new graphical password system that combines both graphic and texts passwords to fortify the authentication process on desktop systems.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
A novel multifactor authentication system ensuring usability and securityijsptm
User authentication is one of the most important part of information security. Computer security most
commonly depends on passwords to authenticate human users. Password authentication systems will be
either been usable but not secure, or secure but not usable. While there are different types of authentication
systems available alphanumeric password is the most commonly used authentication mechanism. But this
method has significant drawbacks. An alternative solution to the text based authentication is Graphical
User Authentication based on the fact that humans tends to remember images better than text. Graphical
password authentication systems provide passwords which are easy to be created and remembered by the
user. However, the main issues of simple graphical password techniques are shoulder surfing attack and
image gallery attack. Studies reveals that most of the graphical passwords are either secure but not usable
or usable but not secure. . In this paper, a new technique that uses cued click point graphical password
method along with the use of one-time session key is proposed. The goal is to propose a new authentication
mechanism using graphical password to achieve higher security and better usability levels. The result of
the system testing is evaluated and it reveals that the proposed system ensures security and usability to a
great extent.
Graphical password authentication using Pass facesIJERA Editor
Authentication is one of the most important security primitive. Alphanumeric password authentication is most widely used authentication mechanism. This mechanism has been shown to have several drawbacks and is prone to various attacks such as brute force attack, shoulder surfing attack, dictionary attack. Thus to overcome the drawbacks of alphanumeric passwords, we propose Graphical passwords as an alternative to alphanumeric passwords. This is because humans tend to remember visuals better than text. This paper attempts to highlight the existing graphical Passface system, its usability features and then develop a new graphical password system that combines both graphic and texts passwords to fortify the authentication process on desktop systems.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
A novel multifactor authentication system ensuring usability and securityijsptm
User authentication is one of the most important part of information security. Computer security most
commonly depends on passwords to authenticate human users. Password authentication systems will be
either been usable but not secure, or secure but not usable. While there are different types of authentication
systems available alphanumeric password is the most commonly used authentication mechanism. But this
method has significant drawbacks. An alternative solution to the text based authentication is Graphical
User Authentication based on the fact that humans tends to remember images better than text. Graphical
password authentication systems provide passwords which are easy to be created and remembered by the
user. However, the main issues of simple graphical password techniques are shoulder surfing attack and
image gallery attack. Studies reveals that most of the graphical passwords are either secure but not usable
or usable but not secure. . In this paper, a new technique that uses cued click point graphical password
method along with the use of one-time session key is proposed. The goal is to propose a new authentication
mechanism using graphical password to achieve higher security and better usability levels. The result of
the system testing is evaluated and it reveals that the proposed system ensures security and usability to a
great extent.
ABSTRACT
Authentication based on passwords is used largely in applications for computer security and privacy. However, human actions such as choosing bad passwords and inputting passwords in an insecure way are regarded as ”the weakest link” in the authentication chain. Rather than arbitrary alphanumeric strings, users tend to choose passwords either short or meaningful for easy memorization. With web applications and mobile apps piling up, people can access these applications anytime and anywhere with various devices. This evolution brings great convenience but also increases the probability of exposing passwords to shoulder surfing attacks. Attackers can observe directly or use external recording devices to collect users’ credentials. To overcome this problem, we proposed a novel authentication system PassMatrix, based on graphical passwords to resist shoulder surfing attacks. With a one-time valid login indicator and circulative horizontal and vertical bars covering the entire scope of pass-images, PassMatrix offers no hint for attackers to figure out or narrow down the password even they conduct multiple camera-based attacks. We also implemented a PassMatrix prototype on Android and carried out real user experiments to evaluate its memorability and usability. From the experimental result, the proposed system achieves better resistance to shoulder surfing attacks while maintaining usability.
Keywords:- Graphical Passwords, Authentication, Shoulder Surfing Attack.
Authentication Schemes for Session Passwords using Color and ImagesIJNSA Journal
Textual passwords are the most common method used for authentication. But textual passwords are vulnerable to eves dropping, dictionary attacks, social engineering and shoulder surfing. Graphical passwords are introduced as alternative techniques to textual passwords. Most of the graphical schemes are vulnerable to shoulder surfing. To address this problem, text can be combined with images or colors to generate session passwords for authentication. Session passwords can be used only once and every time a new password is generated. In this paper, two techniques are proposed to generate session passwords using text and colors which are resistant to shoulder surfing. These methods are suitable for Personal Digital Assistants.
An Enhanced Security System for Web Authentication IJMER
Web authentication has low security in these days. Todays, For Authentication purpose,
Textual passwords are commonly used; however, users do not follow their requirements. Users tend to
choose meaningful words from dictionaries, which make textual passwords easy tobreak and vulnerable
to dictionary or brute force attacks. Also, Textual passwords can be identified by 3rd
party software’s.
Many available graphicalpasswords have a password space that is less than or equal to the textual
passwordspace. Smart cards or tokens can be stolen.There are so many biometric authentications have
been proposed; however, users tend to resistusing biometrics because of their intrusiveness and the effect
on their privacy. Moreover,biometrics cannot be evoked.In this paper, we present and evaluate our
contribution,i.e., the OTP and 3-D password. A one-time password (OTP) is a password that isvalid for
only one login session or transaction. OTPs avoid a number of shortcomingsthat are associated with
traditional (static) passwords. The most important shortcoming that is addressed by OTPs is that, in
contrast to static passwords, they are not vulnerable to replay attacks. It means that a potential intruder
who manages to record an OTPthat was already used to log into a service or to conduct a transaction
will not be able toabuse it, since it will be no longer valid. The 3-D password is a multifactor
authenticationscheme. To be authenticated, we present a 3-D virtual environment where the
usernavigates and interacts with various objects. The sequence of actions and interactionstoward the
objects inside the 3-D environment constructs the user’s 3-D password.
— A CAPTCHA means "Completely Automated
Public Turing test to tell Computers and Humans Apart". It is a
type of challenge-response test used in computing to determine
whether or not the user is human. CaRP is both a Captcha and a
graphical password scheme. CaRP addresses a number of
security problems altogether, such as online guessing attacks,
relay attacks, and, if combined with dual-view technologies,
shoulder-surfing attacks. Particularly, a CaRP password can be
found only probabilistically by automatic online guessing attacks,
even if the password is in the search set. CaRP also offers an
approach to address the well-known image hotspot problem in
popular graphical password systems, such as PassPoints, which
often leads to weak password choices. Thus, a variant to the
login/password scheme, using graphical scheme was introduced.
But it also suffered due to shoulder-surfing and screen dump
attacks. Thus it introduces a framework to proposed (IPAS)
Implicit Password Authentication System, which is protected to
the common attacks suffered by other authentication schemes.
Graphical password authentication using pccp with sound signatureeSAT Journals
Abstract
Persuasive Cued-Click Point is an advanced method of cued click point of graphical password technique which includes usability and security evaluations. It also useful for reduces hotspot problem and hence it helps the user in selecting password of higher security. This paper includes the persuasion to influence user choice in click based graphical passwords, so that users select more desultory and more difficult to guess the passwords. In this paper includes sound signature for recover the password if user forgot password or click point ,then playing the sound signature which is selected at registration time then it set new password and access the account. This paper include dead zone new concept to avoiding Shoulder surfing attack in graphical password authentication.
Keywords: Graphical Password, Authentication, Password Images, and PCCP etc…
Graphical Based Password for Android Phones using Keystroke Dynamics - A SurveyIJSRD
Technology has elevated to grab an important position in humans life, the best example is smartphones. They offer access to network as well as online banking transactions, where simplification of human labour affects security and user authentication, and passwords are first line of defense, it’s crucial to pick a strong password. Online banking applications currently use alphanumerical usernames and passwords for authentication, which are exposed to eves dropping, attacks, and shoulder surfing. Users often choose either easy to remember passwords, which can be easily guessed or difficult ones, which tend to be forgotten. The paper revolves around the views, limitation of current system and offers a dynamic biometrics, as it can be easily integrated into the existing computer security systems with minimal alteration and user intervention. The main objective is to secure using cued click point (CCP), which is one click based graphical password scheme for sequence of images and measuring, assessing humans typing rhythm, it’s based upon the human tendency to memorize graphical passwords more comfortably.
GENERATION OF SECURE ONE-TIME PASSWORD BASED ON IMAGE AUTHENTICATIONcscpconf
Phishing, a serious security threat to Internet users is an e-mail fraud in which the perpetrator
sends out an email which looks like legitimate, in an order to gather personal and financial
information of the receiver. It is important to prevent such phishing attacks. One of the ways to
prevent the password theft is to avoid using passwords and to authenticate a user without a text
password. In this paper, we are proposing an authentication service that is image based and
which eliminates the need for text passwords. Using the instant messaging service available in
internet, user will obtain the One Time Password (OTP) after image authentication. This OTP
then can be used by user to access their personal accounts. The image based authentication
method relies on the user’s ability to recognize pre-chosen categories from a grid of pictures.
This paper integrates Image based authentication and HMAC based one time password to
achieve high level of security in authenticating the user over the internet. These algorithms are
very economical to implement provided they are time synchronized with the user.
Database Security Two Way Authentication Using Graphical PasswordIJERA Editor
As data represent a key asset for today's organizations. The problem is that how to protect this data from
attackers, theft and misuse is at the forefront of any organization’s mind. Even though today several data
security techniques are available to protect database and computing infrastructure, many such as network
security and firewalls tools are unable to prevent attacks from insider. Insider is a person working in
organization who can try to access the sensitive data. This paper proposes a two-way authentication method
which fuses knowledge-based secret and personal trait information.
Authentication Scheme for Session Password using matrix Colour and Text IOSR Journals
The most common method used for authentication is Textual passwords. But textual passwords are
in risk to eves dropping, dictionary attacks, social engineering and shoulder surfing. Graphical passwords are
introduced as alternative techniques to textual passwords. Most of the graphical schemes are helpless to
shoulder surfing. To address this problem, text can be combined with images or colors to generate session
passwords for authentication. Session passwords can be used only once and every time a new password is
generated. In this paper, two techniques are proposed to generate session passwords using text and colors
which are resistant to shoulder surfing. These methods are suitable for Personal Digital Assistants.
A Novel Crave-Char Based Password Entry System Resistant to Shoulder-Surfingijcoa
Authentication is the process of allowing an authorized user to access a computer system. The commonly used system of authentication is the traditional Text password-based authentication mechanism. Though the traditional alpha-numeric driven text password entry system is well known for its higher state of security, it even experiences some drawbacks. To replace the traditional schemes and overcome their shortcomings, alternative solutions like graphical password schemes have been introduced. The graphical password systems are less prone to dictionary attacks and are easy to use visually. However, these graphical password schemes suffer from a potential drawback of being more vulnerable to shoulder surfing attacks when compared to conventional text driven passwords. In this paper, we propose a text-graphic password entry system which protects the user’s password from being observed by attackers and prone to shoulder surfing and spyware attacks.
ABSTRACT
Authentication based on passwords is used largely in applications for computer security and privacy. However, human actions such as choosing bad passwords and inputting passwords in an insecure way are regarded as ”the weakest link” in the authentication chain. Rather than arbitrary alphanumeric strings, users tend to choose passwords either short or meaningful for easy memorization. With web applications and mobile apps piling up, people can access these applications anytime and anywhere with various devices. This evolution brings great convenience but also increases the probability of exposing passwords to shoulder surfing attacks. Attackers can observe directly or use external recording devices to collect users’ credentials. To overcome this problem, we proposed a novel authentication system PassMatrix, based on graphical passwords to resist shoulder surfing attacks. With a one-time valid login indicator and circulative horizontal and vertical bars covering the entire scope of pass-images, PassMatrix offers no hint for attackers to figure out or narrow down the password even they conduct multiple camera-based attacks. We also implemented a PassMatrix prototype on Android and carried out real user experiments to evaluate its memorability and usability. From the experimental result, the proposed system achieves better resistance to shoulder surfing attacks while maintaining usability.
Keywords:- Graphical Passwords, Authentication, Shoulder Surfing Attack.
Authentication Schemes for Session Passwords using Color and ImagesIJNSA Journal
Textual passwords are the most common method used for authentication. But textual passwords are vulnerable to eves dropping, dictionary attacks, social engineering and shoulder surfing. Graphical passwords are introduced as alternative techniques to textual passwords. Most of the graphical schemes are vulnerable to shoulder surfing. To address this problem, text can be combined with images or colors to generate session passwords for authentication. Session passwords can be used only once and every time a new password is generated. In this paper, two techniques are proposed to generate session passwords using text and colors which are resistant to shoulder surfing. These methods are suitable for Personal Digital Assistants.
An Enhanced Security System for Web Authentication IJMER
Web authentication has low security in these days. Todays, For Authentication purpose,
Textual passwords are commonly used; however, users do not follow their requirements. Users tend to
choose meaningful words from dictionaries, which make textual passwords easy tobreak and vulnerable
to dictionary or brute force attacks. Also, Textual passwords can be identified by 3rd
party software’s.
Many available graphicalpasswords have a password space that is less than or equal to the textual
passwordspace. Smart cards or tokens can be stolen.There are so many biometric authentications have
been proposed; however, users tend to resistusing biometrics because of their intrusiveness and the effect
on their privacy. Moreover,biometrics cannot be evoked.In this paper, we present and evaluate our
contribution,i.e., the OTP and 3-D password. A one-time password (OTP) is a password that isvalid for
only one login session or transaction. OTPs avoid a number of shortcomingsthat are associated with
traditional (static) passwords. The most important shortcoming that is addressed by OTPs is that, in
contrast to static passwords, they are not vulnerable to replay attacks. It means that a potential intruder
who manages to record an OTPthat was already used to log into a service or to conduct a transaction
will not be able toabuse it, since it will be no longer valid. The 3-D password is a multifactor
authenticationscheme. To be authenticated, we present a 3-D virtual environment where the
usernavigates and interacts with various objects. The sequence of actions and interactionstoward the
objects inside the 3-D environment constructs the user’s 3-D password.
— A CAPTCHA means "Completely Automated
Public Turing test to tell Computers and Humans Apart". It is a
type of challenge-response test used in computing to determine
whether or not the user is human. CaRP is both a Captcha and a
graphical password scheme. CaRP addresses a number of
security problems altogether, such as online guessing attacks,
relay attacks, and, if combined with dual-view technologies,
shoulder-surfing attacks. Particularly, a CaRP password can be
found only probabilistically by automatic online guessing attacks,
even if the password is in the search set. CaRP also offers an
approach to address the well-known image hotspot problem in
popular graphical password systems, such as PassPoints, which
often leads to weak password choices. Thus, a variant to the
login/password scheme, using graphical scheme was introduced.
But it also suffered due to shoulder-surfing and screen dump
attacks. Thus it introduces a framework to proposed (IPAS)
Implicit Password Authentication System, which is protected to
the common attacks suffered by other authentication schemes.
Graphical password authentication using pccp with sound signatureeSAT Journals
Abstract
Persuasive Cued-Click Point is an advanced method of cued click point of graphical password technique which includes usability and security evaluations. It also useful for reduces hotspot problem and hence it helps the user in selecting password of higher security. This paper includes the persuasion to influence user choice in click based graphical passwords, so that users select more desultory and more difficult to guess the passwords. In this paper includes sound signature for recover the password if user forgot password or click point ,then playing the sound signature which is selected at registration time then it set new password and access the account. This paper include dead zone new concept to avoiding Shoulder surfing attack in graphical password authentication.
Keywords: Graphical Password, Authentication, Password Images, and PCCP etc…
Graphical Based Password for Android Phones using Keystroke Dynamics - A SurveyIJSRD
Technology has elevated to grab an important position in humans life, the best example is smartphones. They offer access to network as well as online banking transactions, where simplification of human labour affects security and user authentication, and passwords are first line of defense, it’s crucial to pick a strong password. Online banking applications currently use alphanumerical usernames and passwords for authentication, which are exposed to eves dropping, attacks, and shoulder surfing. Users often choose either easy to remember passwords, which can be easily guessed or difficult ones, which tend to be forgotten. The paper revolves around the views, limitation of current system and offers a dynamic biometrics, as it can be easily integrated into the existing computer security systems with minimal alteration and user intervention. The main objective is to secure using cued click point (CCP), which is one click based graphical password scheme for sequence of images and measuring, assessing humans typing rhythm, it’s based upon the human tendency to memorize graphical passwords more comfortably.
GENERATION OF SECURE ONE-TIME PASSWORD BASED ON IMAGE AUTHENTICATIONcscpconf
Phishing, a serious security threat to Internet users is an e-mail fraud in which the perpetrator
sends out an email which looks like legitimate, in an order to gather personal and financial
information of the receiver. It is important to prevent such phishing attacks. One of the ways to
prevent the password theft is to avoid using passwords and to authenticate a user without a text
password. In this paper, we are proposing an authentication service that is image based and
which eliminates the need for text passwords. Using the instant messaging service available in
internet, user will obtain the One Time Password (OTP) after image authentication. This OTP
then can be used by user to access their personal accounts. The image based authentication
method relies on the user’s ability to recognize pre-chosen categories from a grid of pictures.
This paper integrates Image based authentication and HMAC based one time password to
achieve high level of security in authenticating the user over the internet. These algorithms are
very economical to implement provided they are time synchronized with the user.
Database Security Two Way Authentication Using Graphical PasswordIJERA Editor
As data represent a key asset for today's organizations. The problem is that how to protect this data from
attackers, theft and misuse is at the forefront of any organization’s mind. Even though today several data
security techniques are available to protect database and computing infrastructure, many such as network
security and firewalls tools are unable to prevent attacks from insider. Insider is a person working in
organization who can try to access the sensitive data. This paper proposes a two-way authentication method
which fuses knowledge-based secret and personal trait information.
Authentication Scheme for Session Password using matrix Colour and Text IOSR Journals
The most common method used for authentication is Textual passwords. But textual passwords are
in risk to eves dropping, dictionary attacks, social engineering and shoulder surfing. Graphical passwords are
introduced as alternative techniques to textual passwords. Most of the graphical schemes are helpless to
shoulder surfing. To address this problem, text can be combined with images or colors to generate session
passwords for authentication. Session passwords can be used only once and every time a new password is
generated. In this paper, two techniques are proposed to generate session passwords using text and colors
which are resistant to shoulder surfing. These methods are suitable for Personal Digital Assistants.
A Novel Crave-Char Based Password Entry System Resistant to Shoulder-Surfingijcoa
Authentication is the process of allowing an authorized user to access a computer system. The commonly used system of authentication is the traditional Text password-based authentication mechanism. Though the traditional alpha-numeric driven text password entry system is well known for its higher state of security, it even experiences some drawbacks. To replace the traditional schemes and overcome their shortcomings, alternative solutions like graphical password schemes have been introduced. The graphical password systems are less prone to dictionary attacks and are easy to use visually. However, these graphical password schemes suffer from a potential drawback of being more vulnerable to shoulder surfing attacks when compared to conventional text driven passwords. In this paper, we propose a text-graphic password entry system which protects the user’s password from being observed by attackers and prone to shoulder surfing and spyware attacks.
a study on various techniques on graphical password authentication.
A key area in security research is authentication. Access to system is mostly based on the use of alpha numeric passwords. User felt difficult in remembering the password as that is long and randomly selected and how many passwords will user remember?, it made a complex procedure.
It presents comparison between Persuasive Cued Click Point Graphical Password scheme and Improved Persuasive Cued Click Points. One such category is click-based graphical passwords where a password is composed of a series of clicks on one or more pixel-based images .To log in, user re-select their click-points in the correct order. Click-points that fall within some acceptable tolerance of the original points should be accepted by the system since it is unrealistic to expect users to accurately target individual pixels.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
Technical engineering in industrial ippc as a key tool for ambient air qualit...eSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
Near equatorial orbit small sar constellation for developing nationseSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
Influence of alkaline substances (carbonates and bicarbonates of sodium) in w...eSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
Passblot: A Highly Scalable Graphical One Time Password SystemIJNSA Journal
User authentication is necessary to secure the data and process on Internet and in digital devices. Static text based authentication are most widely employed authentication systems for being inexpensive and highly scalable. But they are prone to various types of active and passive attacks. The constant need of extending them to increase security is making them less usable. One promising alternative is Graphical
authentication systems, which if implemented properly are more secure but have their own drawbacks. In this paper, we discuss in detail the extension of our previous work Passblot [18], a unique graphical authentication system. It generates pseudo random one time passwords using a set of inkblots, unique to
each user. Properties of one time passwords ensure the resistance towards various common attacks and the uniqueness of human perception makes it usable. We demonstrate how our system effectively mitigates various attacks and analyse the results from various experiments conducted.
Graphical Based Password for Android Phones using Keystroke Dynamics - A SurveyIJSRD
Technology has elevated to grab an important position in humans life, the best example is smartphones. They offer access to network as well as online banking transactions, where simplification of human labour affects security and user authentication, and passwords are first line of defense, it’s crucial to pick a strong password. Online banking applications currently use alphanumerical usernames and passwords for authentication, which are exposed to eves dropping, attacks, and shoulder surfing. Users often choose either easy to remember passwords, which can be easily guessed or difficult ones, which tend to be forgotten. The paper revolves around the views, limitation of current system and offers a dynamic biometrics, as it can be easily integrated into the existing computer security systems with minimal alteration and user intervention. The main objective is to secure using cued click point (CCP), which is one click based graphical password scheme for sequence of images and measuring, assessing humans typing rhythm, it’s based upon the human tendency to memorize graphical passwords more comfortably.
AN INNOVATIVE PATTERN BASED PASSWORD METHOD USING TIME VARIABLE WITH ARITHMET...ijistjournal
In today’s world, securing the assets is necessary that can be done by password. But imagine if password is stolen or hacked then what about the security of assets? In this Paper, we have discussed the major attacks as well as password authentication / security methods and techniques. We have proposed a password security method, where arithmetic operations are performed on user selected pattern from time variables to generate secure password. The task of validating the password or authentication of user can be done on both client and server side. We have analysed how proposed scheme defends across brute force, dictionary, phishing, shoulder surfing, key logger, video recording and replay attacks. To the best of our knowledge, our pattern based time variable password method with arithmetic operation is the one which is able to defend against the all major attacks together.
Graphical Password by Watermarking for securityIJERA Editor
The most common authentication method is to use alphanumerical usernames and passwords. This method has
been shown to have considerable disadvantage. For example, users tend to pick passwords that can be easily
guessed. On the other hand, if a password is very difficult to guess, then it is often difficult to remember. To
address this problem, some researchers have developed authentication methods that use pictures as passwords.
Graphical Password based on the fact that humans tend to remember images better. In this paper, we will
propose a new algorithm that using watermarking technique as the solution to solving image gallery attacks and
using the random character set generation for each image for resistance to shoulder surfing attack to provide
better system security. All the information images in registration phase will be process by copy right protection
of watermarking where the login page will check this information for security purposes.
A Novel Passwordless Authentication Scheme for Smart Phones Using Elliptic Cu...ADEIJ Journal
Today, a large number of people access internet through their smart phones to login to their bank accounts, social networking accounts and various other blogs. In such a scenario, user authentication has emerged as a major security issue in mobile internet. To date, password based authentication schemes have been extensively used to provide authentication and security. The password based authentication has always been cumbersome for the users because human memory is transient and remembering a large number of long and complicated passwords is impossible. Also, it is vulnerable to various kinds of attacks like brute force, rainbow table, dictionary, sniffing, shoulder surfing and so on. As the main contribution of this paper, a new passwordless authentication scheme for smart phones is presented which not only resolves all the weaknesses of password based schemes but also provide robust security. The proposed scheme relieves users from memorizing and storing long and complicated passwords. The proposed scheme uses ECDSA which is based on Elliptic Curve Cryptography (ECC). ECC has remarkable strength and efficiency advantages in terms of bandwidth, key sizes and computational overheads over other public key cryptosystems. It is therefore suitable for resource constraint devices like smart phone. Furthermore, the proposed scheme incorporate CAPTCHA which play a very important role in protecting the web resources from spamming and other malicious activities. To the best of our knowledge, until now no passwordless user authentication protocol based on ECC has been proposed for smart phones. Finally, the security and functionality analysis shows that compared with existing password based authentication schemes, the proposed scheme is more secure and efficient.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
Abstract: In an online security, authentication plays a crucial role in shielding resources against unauthorized and illegal use of information. Authentication processes may differ from simple password based authentication system to complex, costly and computation strengthened authentication systems. In recent days, increasing security has always been an important issue since Internet and Web Development came into actuality. Text based password is not enough to counter such problems, which is also an obsolete approach now. Consequently, this demands the need for something more secure along with being more user-friendly. Therefore, we have strained to rise the security by involving a multiple level security tactic, involving Text based using Cryptography, Grid Authentication and Image Based Password. The cryptography technique is very essential for the text based password while encrypting it with the principle of substitution method like Caesar Cipher. Session passwords are also necessary for eliminating the time factor attacks such as Brute Force attack. Grid Authentication makes the system more dynamic due ever changing nature. Image based authentication makes the system more user friendly, reliable and secure.Keywords: Cryptography, Grid Authentication, Image Based Password, Shoulder Attack.
Title: Multilevel Security and Authentication System
Author: Pratik Anap, Sanjay Gholap, Prasad Anpat, Abhijit Bhapkar
International Journal of Recent Research in Mathematics Computer Science and Information Technology
ISSN 2350-1022
Paper Publications
ENHANCED AUTHENTICATION FOR WEB-BASED SECURITY USING KEYSTROKE DYNAMICSIJNSA Journal
Current password authentication system was proven not secure enough to protect the information from intruders. However, various research has been done and the results show the value of FRR still low and the value of FAR still high. Thus, one of the methods suggests, is enhancing the current system using keystroke dynamics. Keystroke dynamics is a type of biometric authentication that does not require any special hardware, easy to use as the same routine as normal password authentication. Therefore, this research proposed an authentication system using keystroke dynamics to prevent the system from intruders. A system is developed that consist of two parts which are enrolment and verification. Then, a prototype is developed for testing process that consists of 3 main modules, namely Enrolment, Client/Server Connection
and, Verification and Retraining. Based on the testing, the system proved that the keystroke dynamic authentication system was able to implement in client/server environment and shows the value of EER is low that indicates it provide a better system authentication. In future, the system can be improved by enhancing the security, performance, and user interface.
A Survey of User Authentication Schemes for Mobile DeviceIJMER
International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.
Similar to Count based hybrid graphical password to prevent brute force attack and shoulder surfing attack (20)
Final project report on grocery store management system..pdfKamal Acharya
In today’s fast-changing business environment, it’s extremely important to be able to respond to client needs in the most effective and timely manner. If your customers wish to see your business online and have instant access to your products or services.
Online Grocery Store is an e-commerce website, which retails various grocery products. This project allows viewing various products available enables registered users to purchase desired products instantly using Paytm, UPI payment processor (Instant Pay) and also can place order by using Cash on Delivery (Pay Later) option. This project provides an easy access to Administrators and Managers to view orders placed using Pay Later and Instant Pay options.
In order to develop an e-commerce website, a number of Technologies must be studied and understood. These include multi-tiered architecture, server and client-side scripting techniques, implementation technologies, programming language (such as PHP, HTML, CSS, JavaScript) and MySQL relational databases. This is a project with the objective to develop a basic website where a consumer is provided with a shopping cart website and also to know about the technologies used to develop such a website.
This document will discuss each of the underlying technologies to create and implement an e- commerce website.
Saudi Arabia stands as a titan in the global energy landscape, renowned for its abundant oil and gas resources. It's the largest exporter of petroleum and holds some of the world's most significant reserves. Let's delve into the top 10 oil and gas projects shaping Saudi Arabia's energy future in 2024.
Immunizing Image Classifiers Against Localized Adversary Attacksgerogepatton
This paper addresses the vulnerability of deep learning models, particularly convolutional neural networks
(CNN)s, to adversarial attacks and presents a proactive training technique designed to counter them. We
introduce a novel volumization algorithm, which transforms 2D images into 3D volumetric representations.
When combined with 3D convolution and deep curriculum learning optimization (CLO), itsignificantly improves
the immunity of models against localized universal attacks by up to 40%. We evaluate our proposed approach
using contemporary CNN architectures and the modified Canadian Institute for Advanced Research (CIFAR-10
and CIFAR-100) and ImageNet Large Scale Visual Recognition Challenge (ILSVRC12) datasets, showcasing
accuracy improvements over previous techniques. The results indicate that the combination of the volumetric
input and curriculum learning holds significant promise for mitigating adversarial attacks without necessitating
adversary training.
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...Amil Baba Dawood bangali
Contact with Dawood Bhai Just call on +92322-6382012 and we'll help you. We'll solve all your problems within 12 to 24 hours and with 101% guarantee and with astrology systematic. If you want to take any personal or professional advice then also you can call us on +92322-6382012 , ONLINE LOVE PROBLEM & Other all types of Daily Life Problem's.Then CALL or WHATSAPP us on +92322-6382012 and Get all these problems solutions here by Amil Baba DAWOOD BANGALI
#vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore#blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #blackmagicforlove #blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #Amilbabainuk #amilbabainspain #amilbabaindubai #Amilbabainnorway #amilbabainkrachi #amilbabainlahore #amilbabaingujranwalan #amilbabainislamabad
Count based hybrid graphical password to prevent brute force attack and shoulder surfing attack
1. IJRET: International Journal of Research in Engineering and Technology eISSN: 2319-1163 | pISSN: 2321-7308
__________________________________________________________________________________________
Volume: 03 Special Issue: 07 | May-2014, Available @ http://www.ijret.org 405
COUNT BASED HYBRID GRAPHICAL PASSWORD TO PREVENT
BRUTE FORCE ATTACK AND SHOULDER SURFING ATTACK
M. Ezhilarasan1
, D. Dhanabharathi2
, P. Vasanthakumar3
, B. Ayyanar4
1
Professor, Department of Information Technology, Pondicherry Engineering College, Puducherry, India
2
Final Year Student, Department of Information Technology, Pondicherry Engineering College, Puducherry, India
3
Final Year Student, Department of Information Technology, Pondicherry Engineering College, Puducherry, India
4
Final Year Student, Department of Information Technology, Pondicherry Engineering College, Puducherry, India
Abstract
Graphical passwords are more secure and resistant to dictionary attacks when compared to textual passwords, but they are not fully
resistant to shoulder surfing and brute force attacks. Usually users tend to set their graphical password short and simple for usability
but the problem here is their security is compromised. Another problem in graphical password is most of the graphical passwords
contain hotspots and the users are tempted to set the graphical password with the hotspots by which attackers easily guess the
password. In this work we have proposed a hybrid graphical password system. In our system, we have increased the password space
by proposing count based click point algorithm in recognition based graphical password to make the system resistant to brute force
attack. In the recall based graphical password step of our hybrid graphical password, we have included a gesture based password
which makes the attacker difficult to record or observe and reproduce it to bypass the security.
Keywords: Brute force attack, Gesture, Graphical passwords, hotspots, Password space, shoulder surfing attack, textual
password
--------------------------------------------------------------------***----------------------------------------------------------------------
1. INTRODUCTION
Authentication is important for every system to make it
secure; it plays a major role from high secure applications to
less secure applications. It is important to secure the
information exchanges from daily transactions to daily user
email account. The most critical issue in today’s world is
providing security in applications such as military and ATM
centers which need high security. When it goes to most secure
methods, it requires more time and more bandwidth.
Applications can be classified as applications which need less
security (user held devices) and applications which need more
security (ATM centers). Tightening the security for the first
type is unnecessary and waste of time for the user and also
leaving a weak password for the second type is dangerous.
Popular text based passwords provide security to some extent
but they are easily vulnerable to dictionary and brute force
attacks though they are short and simple to remember. The
biometric authentication system is most secure form of
authentication but the cost of the device to authenticate the
user is very high. The graphical password came into picture
which is more secured than text based graphical password and
easy to remember. Most of the system such as mobile devices
and latest operating systems use graphical password as a mode
of authentication. Pattern lock is the famous example of
graphical password in smart phones.
But the most notable problem with graphical passwords is that
they are vulnerable to shoulder surfing attack and brute force
attack. Many graphical passwords were proposed to eliminate
shoulder surfing attack and brute force attack [1] but most of
the existing graphical passwords failed to prevent these two
attacks.
Shoulder surfing attack [2] is the process of recording or
observing the password when the user inputs and reproducing
it to break the security system. Since graphical passwords are
mostly click type rather than typing it is more vulnerable to
shoulder surfing attacks. Graphical passwords are also easier
to guess [2], [3]. Most of the graphical passwords that were
proposed till now have not eliminated shoulder surfing attack
since it can be easily recorded and reproduced or easily
guessed.
Existing graphical passwords produce a feedback that
indicates the user pattern or user clicks of the graphical
password which can be recorded and reproduced, hence our
system differs from existing system by using point counts as
criteria that is resistant to shoulder surfing attack even if it
recorded. And in our system we have increased the password
space with that point count to make it resistant to brute force
attack.
2. IJRET: International Journal of Research in Engineering and Technology eISSN: 2319-1163 | pISSN: 2321-7308
__________________________________________________________________________________________
Volume: 03 Special Issue: 07 | May-2014, Available @ http://www.ijret.org 406
The key components of our approach are point count and
gesture, it is a hybrid system with two steps of graphical
password, one with recognition based with point count and the
other is recall based graphical password with gesture; so they
both combine to prevent brute force and shoulder surfing
attack respectively.
Our paper is organized as follows, Section 2 contains the
related work, Section 3 contains our Proposed system with
module description, Section 4 contains the Methodologies,
Section 5 contains the Empirical Results and Analysis and the
Section 6 contains the Conclusion and future work followed
by the References.
2. RELATED WORK
Increase in use of computers has paved way for many security
concerns. Authentication is the major security concern which
refers to the process of determining whether someone or
something is, originally, who or what it is declared to be.
Authentication Techniques are classified as follows:
• Textual Passwords
• Biometric schemes
• Graphical Passwords
2.1 Textual Password
Textual password is a combination of alphabets and numbers
but they are easily guessable [4]. Most frequently used
passwords are text based passwords, but they had their own
advantages and disadvantages. Textual passwords are
advantageous since they are easy to use and faster to input the
password. The disadvantages of textual password are, it is
weak and not resistant to several attacks such as dictionary
attack, spyware, guessing and brute force attack.
2.2 Biometric Password
Biometric authentication is the process of validating the user
by the characteristics and traits which include fingerprint, iris,
DNA, hand geometry, face and other human traits. Biometric
authentication is the foolproof and the most secure form of
authentication. But the disadvantage [5]-[7] of biometric is
that it involves additional hardware costs and high deployment
cost.
2.3 Graphical Password Authentication
A graphical password is an authentication system in which the
user is presented with a set of images from which the user
selects images or click points in the image, in some order
during login phase, and the same points or images in the same
order is repeated in the login phase also to authenticate the
user. There are two types of graphical password recall based
and recognition based. In Recall based password, the user is
has to reproduce the same thing he created or selected in the
registration phase of the system. In Recognition based
password, the user has to identify the things he has done or
selected during the registration phase and select the same by
identifying in the login phase of the system. Since our work
depends on the graphical passwords we will consider some of
the notable graphical password techniques and their
advantages and disadvantages.
2.3.1 Perrig and Song
Perrig and Song proposed Hash Visualization technique [8]
which is recognition based graphical password. In this system
the user will be presented with a set of random images and
asked to choose them during the registration stage. Later the
pictures will be randomized and the user must identify and
select those images during the login stage to authenticate. This
technique was able to perform better than textual password it
is easy to remember this Hash visualization password than text
based password. But the problem here is this technique was
not able to prevent brute force attack, shoulder surfing attack
and guessing attack.
2.3.2 Passface
Passface [9] is a technique similar to hash visualization
technique but the difference here is that instead of using some
random images Passface used faces. The user has to recognize
and pick the registered faces during the registration stage. But
this takes longer time than textual password. Advantage here
is that faces are easier to remember. Still this technique was
not able to prevent brute force attack and shoulder surfing
attack.
2.3.3 Sobrado and Birget
Sobrado and Birget [10] proposed a graphical password
technique in which the user has to select the pass objects from
a large amount of objects available in a frame during the
registration stage, during the login stage the objects are
randomized to the user and the user has to identify and select
them to pass the authentication. This technique was able to
prevent shoulder surfing attack by randomizing but the
problem is it can be guessed and this technique is vulnerable
to brute force attack.
2.3.4 Draw-a-Secret (DAS)
Draw a secret [11] technique is a recall based technique in
which user has to draw a symbol or a secret drawing in a grid
displayed to the user, and this drawing or symbol has to be
reproduced to be authenticated. The password space of DAS is
more than textual password, but the problem here is it can be
easily guessed and shoulder surfing attack is not prevented in
this technique.
3. IJRET: International Journal of Research in Engineering and Technology eISSN: 2319-1163 | pISSN: 2321-7308
__________________________________________________________________________________________
Volume: 03 Special Issue: 07 | May-2014, Available @ http://www.ijret.org 407
2.3.5 Persuasive Cued Click Point (PCCP)
PCCP [12] technique prevents the user from selecting easily
guessable spot in the click based graphical passwords known
as hotspots [13]-[14]. Only a random block of image is visible
to user to set their graphical password. Hence it is difficult to
guess the password in this technique. This method is a click
based password [15] in which the user clicks points in a block
of the picture and the same points must be clicked to
authenticate the user. This method is advantageous than other
graphical passwords because it is able to prevent guessing
attack, but the shoulder surfing attack is not been prevented in
this method.
Existing Graphical password limitations:
• Shoulder Surfing Attack and
• Brute force search Attack
We have concentrated in these two attacks because, till now
these two attacks have not been eliminated in existing
graphical passwords.
3. PROPOSED SYSTEM
Our proposed system is Hybrid graphical password system
which is the combination of recognition based and recall based
graphical password. We have designed a recognition based
graphical password known as Count based click point
algorithm in which the user has to click at some points in the
picture, each point having a click count, the same process has
to be reproduced in the login step to be authenticated. Gesture
based graphical password is included in the second step of our
system to prevent shoulder surfing attack. In this gesture based
graphical password step when the user enters the password,
the feedback is not shown in the screen so that it cannot be
recorded or observed and reproduced by the attacker.
Our system has two steps, first step which is count based click
point algorithm which increases the password space since each
point will have any count and hence it prevents brute force
attack. Second step which is a gesture based graphical
password system in which the feedback is not visible when the
user inputs the password and thus preventing shoulder surfing
attack. The system design is explained in the below diagram
with the modules.
Fig -1: System Design
3.1 Registration Process
Fig. 2 shows the flowchart of registration process. During the
registration stage, the user enters the username, and then he
should browse a picture. Then the user has to select the
tolerance [16] value (approximation of the deviation from the
actual point) and also the total point count. Then the user
clicks on multiple points in that picture until the total point
count is not over with a freedom to click the same point
multiple times which the individual point count. The user also
has an option to reset the password if the desired password is
not set by using the reset button. The position of the click
point and the counts of each point are stored in the database.
Now the user is mailed with the first step count based click
point password with the count of each point and the point on
the picture.
Next phase of registration is the gesture based recognition in
which the user makes a single stroke gesture and the gesture is
stored in a picture format. While the user makes the gesture it
is difficult for the attacker or the camera to observe or record
it and reproduce it to crack the password. Hence this gesture
password addresses the shoulder surfing attack.
In the registration phase of our hybrid graphical password
system we have also included an alert mail system. The email
id of the user is got at the registration stage itself so that in
case of invalid login attempts the user is intimated with the
email. And also we have included a password reset feature
with the security question that is also got during the
registration phase of the Hybrid graphical password system
which is asked in the password reset phase to the user.
Fig -2: Registration flowchart
4. IJRET: International Journal of Research in Engineering and Technology eISSN: 2319-1163 | pISSN: 2321-7308
__________________________________________________________________________________________
Volume: 03 Special Issue: 07 | May-2014, Available @ http://www.ijret.org 408
3.2 Login Process
Fig. 3 shows the flowchart of login process. During the login
process the user enters the username and the picture that was
set by the user during the registration stage is automatically
displayed. Now the user inputs the password by clicking the
points on the picture with the count until the password is
entered correctly. At any point or the count mismatches the
user is taken out of login page and asked to renter. Now the
points and the counts are matched with that points and count
that has been recorded during the registration process. If they
match the user goes to the next phase of login otherwise taken
back to login phase again.
In the next phase of the login the user makes the single stroke
gesture. Now the gesture is stored in image format. Now this
login gesture image is compared with that of the gesture image
that was made by the corresponding username during the
registration phase. If this matches the user successfully passes
the authentication system.
Fig -3: Login flowchart
3.3 Encryption
At the end of the registration process the username and its
corresponding click points with their count and the gesture
image are encrypted and stored. Then during the login process
the above encrypted files are decrypted and matched to
authenticate the user.
4. METHODOLOGIES
This section deals about the various algorithms and
methodologies we have used for the count based graphical
password system. This part is classified as three sections
which are count based click point algorithm, gesture matching
algorithm and encryption algorithm.
4.1 Count Based Click Point Algorithm
This is the first step of our Hybrid graphical password system.
This algorithm works as follows: First the user decides the
total number of points and then starts to record the points by
clicking each point any number of times and till total points is
reached. e.g. If total no of points is “5”, the user can click the
first point “2” times, second point “2” times, third point “5”
times, fourth point “2” times and fifth point “6” times. Then
these points are recorded in the database along with the count
and these points have to be repeated in the same order and
same count during the login stage for the user to be
authenticated.
Since the user cannot be accurate in the point of the picture he
clicks always, an approximation function called
“ClickpointApproximationfunction” has been introduced in
which the tolerance can be modified according to the area of
usage and the security level that needed.
Fig -4: Screenshot of the Hybrid graphical password
5. IJRET: International Journal of Research in Engineering and Technology eISSN: 2319-1163 | pISSN: 2321-7308
__________________________________________________________________________________________
Volume: 03 Special Issue: 07 | May-2014, Available @ http://www.ijret.org 409
Approximation Function for the Click Point
Tolerance
p0 – Point which was recorded during the HGP registration
stage
p1 – Point which was recorded during the HGP login stage
X – x co-ordinate of the point
Y -- y co-ordinate of the point
Tolerance – parameter to set the level of approximation
(radius of the circle within with the point is accepted) or the
tolerance value for that point.
4.2 Gesture Matching Algorithm
This is the second step of our Hybrid Graphical Password
system. In this step, gesture recognition is used to authenticate
the user. First during the registration stage the user is asked to
input a gesture and this gesture is recorded into the database.
Then during the login stage the same gesture needs to be
reproduced by the user to be authenticated. The gesture of the
corresponding user is recorded into the database and during
the login stage the recorded gestures in the database is used for
authentication. If the gesture is wrong, the user is given an
alert message through email stating that there was an illegal or
wrong attempt into your account with the time of the wrong
attempt was made in our Hybrid graphical password system to
the user email address that was got and stored in database
during the registration stage.
4.3 Encryption Algorithm
Encryption is necessary because the user details are stored in
the database level and if there is a security exploit in the
database level the user data is under trouble. Hence we have
used TRIPLE DES Encryption algorithm at the database level
to secure the data of the user. And also there is an alert system
in our system which sends an alert mail to the user for every
wrong attempt to his email.
5. EMPIRICAL RESULTS AND ANALYSIS
We considered mainly two parameters when comparing our
system with the existing system. One is password space and
the other parameter is security percentage with respect to
different attacks with the graphical passwords.
5.1 Shoulder Surfing Attack Resistance with
Different Tolerance Values
The experiment was carried out with 8 participants with 5
different images into account and considering 5 click points
with multiple counts of each point. Different images were
consisting of different objects and scenario in it. Each user
were allowed to register a graphical password and asked to
login. And also when the participant is allowed to enter the
login phase, other participants were asked to stand behind
them and observe the password which is entered by the
participant. This process repeated for other participants too.
Table -1: Resistant To Shoulder Surfing Attack of HGP and
PCCP
Sl. No.
Tolerance
Value
(10-1
) cm
Attacker
success
Rate
Security
HGP
(%)
Security
PCCP
(%)
1 5 2/8 75 12.5
2 4 0/8 100 37.5
3 3 0/8 100 62.5
4 2 0/8 100 75
5 1 0/8 100 100
From TABLE I. we can see that the mean success rate by
shoulder surfing attack in our hybrid graphical password
system is very less when compared to existing graphical
passwords and PCCP [12].
Chart -1: Comparison of security % between PCCP and HGP
Chart-1 shows, in Hybrid graphical password (HGP), the
security decreases as the tolerance value increases. The mean
Security percentage of our proposed system is 95% which is a
significant improvement in the security of our hybrid
graphical passwords over the shoulder surfing attack.
ClickpointApproximationfunction(Point p0, Point p1)
{
return (Math.Sqrt(((p00.X - p0.X) * (p00.X - p0.X)) +
((p00.Y - p0.Y) * (p00.Y - p0.Y))) <= tolerance);
}
6. IJRET: International Journal of Research in Engineering and Technology eISSN: 2319-1163 | pISSN: 2321-7308
__________________________________________________________________________________________
Volume: 03 Special Issue: 07 | May-2014, Available @ http://www.ijret.org 410
5.2 Brute Force Attack Resistance with Increased
Password Space
Proposed Hybrid Graphical Password (HGP) shows increased
password space when compared to other click based graphical
passwords. Other existing graphical passwords showed
maximum of N*M*P of click point N and M or dimensions of
the picture and P is the picture count. But proposed Hybrid
Graphical Password (HGP) System provided increased
password space of (N*M) Count where N and M or
dimensions of the picture, and Count represents count of each
point.
5.3 Guessing Attack Resistance
Guessing attack is difficult to be performed in our proposed
system since each point will have a count, even if the attacker
figures out or guess the points the participant clicked in the
picture he was unable to figure out the point count. Nearly out
of 8 participants no one was able to guess the full password
even if they were able to guess partial password.
5.4 Social Engineering Resistance
This attack is convincing the user to get the password by
verbal description and the attacker re-performs the password
to enter the system. Here the verbal description of the
password is very tough since the exact point the user has
clicked cannot be told verbally with their counts.
6. CONCLUSIONS AND FUTURE WORK
Shoulder surfing attack and brute force attack were the major
threat to graphical passwords, and we were able to produce
stronger graphical passwords by increasing the password
space and using a unique count based click point algorithm.
Hybrid Graphical password system was implemented and
empirical results were observed and calculated their
effectiveness over different attacks using a set of participants.
We have obtained most desired results in security and also the
usability of the system. Since the password space is improved
in our count based hybrid graphical password system and
hence our system can also be used for the most secure places
like military and ATM applications.
Future improvement of Hybrid graphical password is that
instead of using pictures for click points, usage of video will
create a better and stronger password with more increased
password space. Video consists of objects will vary for the
frames which produces more security when compared to
picture based graphical passwords.
REFERENCES
[1]. A. Salehi-Abari, J. Thorpe, and P. van Oorschot, “On
Purely Auto-mated Attacks and Click-Based Graphical
Passwords,” Prof Ann. Computer Security Applications Conf.
(ACSAC), 2008
[2]. R. Biddle, S. Chiasson, and P. van Oorschot, “Graphical
passwords: Learning from the first twelve years,”ACM
Computing Surveys (to appear), vol. 44, no. 4, 2012
[3]. P. C. van Oorschot and J. Thorpe. Exploiting
predictability in click-based graphical passwords. Journal of
Computer Security, 2011
[4]. J. Yan, A. Blackwell, R. Anderson, and A. Grant, “The
Memorability and Security of Passwords,” Security and
Usability: De signing Secure Systems That People Can Use, L.
Cranor and S. Garfinkel, eds., ch. 7, pp. 129-142, O‟Reilly
Media, 2005
[5]. L. Jones, A. Anton, and J. Earp, “Towards understanding
user perceptions of authentication technologies,” in ACM
Workshop on Privacy in Electronic Society, 2007
[6]. L. O’Gorman, “Comparing passwords, tokens, and
biometrics for user authentication,”Proceedings of the IEEE,
vol. 91, no. 12, December 2003
[7]. A. Jain, A. Ross, and S. Pankanti, “Biometrics: a tool for
information security,” Transactions on Information Forensics
and Security (TIFS), vol. 1, no. 2, pp. 125–143, 2006
[8]. A. Perrig and D. Song, "Hash Visualization: A New
Technique to Improve Real-World Security," in Proceedings
of the 1999 International Workshop on Cryptographic
Techniques and E-Commerce, 1999
[9]. T. Valentine, "An evaluation of the Passface personal
authentication system," Technical Report, Goldsmiths
College, University of London 1998
[10]. L. Sobrado and J.-C. Birget, "Graphical passwords," The
Rutgers Scholar, An Electronic Bulletin for Undergraduate
Research, vol. 4, 2002
[11]. P. Dunphy and J. Yan, “Do background images improve
Draw a Secretgraphical passwords?” In 14th ACM
Conference on Computer and Communications Security
(CCS), October 2007
[12]. Sonia Chiasson, Elizabeth Stobert, Alain Forget, Robert
Biddle, and Paul C. van Oorschot, “Persuasive Cued Click-
Points: Design, Implementation, and Evaluation of a
Knowledge-Based Authentication Mechanism”, IEEE
transactions on dependable and secure computing, Vol. 9, No.
2, March/April 2012
[13]. S. Chiasson, P. van Oorschot, and R. Biddle, “Graphical
Password Authentication Using Cued Click Points,” Proc.
European Symp. Re-search in Computer Security
(ESORICS), pp. 359-374, Sept. 2007
[14]. Thorpe, J. and van Oorschot, P.C. Human-Seeded
Attacks and Exploiting Hot-Spots in Graphical Passwords.
USENIX Security Symp. 2007
[15]. A. Salehi-Abari, J. Thorpe, and P. van Oorschot, “On
purely automated attacks and click-based graphical
7. IJRET: International Journal of Research in Engineering and Technology eISSN: 2319-1163 | pISSN: 2321-7308
__________________________________________________________________________________________
Volume: 03 Special Issue: 07 | May-2014, Available @ http://www.ijret.org 411
passwords,” in Annual Computer Security Applications Conf.
(ACSAC), 2008
[16]. S. Wiedenbeck, J. Waters, J. Birget, A. Brodskiy, and N.
Memon, “Authentication Using Graphical Passwords: Effects
of Tolerance and Image Choice,” Proc. First Symp. Usable
Privacy and Security (SOUPS), July 2005
BIOGRAPHIES
Dr. M Ezhilarasan is the Professor, in the
Department of Information Technology,
Pondicherry Engineering College,
Puducherry, India. He has completed his PhD
and his Area of Specialization includes
Multimedia Data Processing and Coding,
MultiBiometrics
D Dhanabharathi is Final Year Student, in
Department of Information Technology,
Pondicherry Engineering College,
Puducherry, India. His areas of interest
includes Database, security, and data
structures
P Vasanthakumar is Final Year Student, in
Department of Information Technology,
Pondicherry Engineering College, Puducherry,
India. His areas of interest includes Database,
security, and data structures
B Ayyanar is Final Year Student, in
Department of Information Technology,
Pondicherry Engineering College, Puducherry,
India. His areas of interest includes OOPS,
security, and data structures