Authentication plays a major role in Digital environment. In this environment we have different methods which generally use alphanumeric characters and special characters for password creation. These methods have some problems like hard to remember password because it has no meaning and easily breakable by third parties or attackers. To address these issues, many techniques for authentication are proposed from which graphical password method is best in terms of cost and usage. Basically, Graphical passwords use images for password creation and it has some demerits like hotspot and shoulder surfing problem. A persuasive cued click-point based method reduces hotspot problem. To prevent persuasive cued click-point based method from shoulder surfing we include one time password. For more user convenience we provide two login
methods one which requires internet and other which does not
require internet.
1. Persuasive Cued Click Point Password with OTP
Anita Chaudhari,Payal Shahapurkar ,Asmit Patil
Department of Information Technology
St. John College of Engineering and Management, Palghar, India
anitac@sjcet.co.in
Abstract—Authentication plays a major role in Digital
environment. In this environment we have different methods
which generally use alphanumeric characters and special
characters for password creation. These methods have some
problems like hard to remember password because it has no
meaning and easily breakable by third parties or attackers. To
address these issues, many techniques for authentication are
proposed from which graphical password method is best in terms
of cost and usage. Basically, Graphical passwords use images for
password creation and it has some demerits like hotspot and
shoulder surfing problem. A persuasive cued click-point based
method reduces hotspot problem. To prevent persuasive cued
click-point based method from shoulder surfing we include one
time password. For more user convenience we provide two login
methods one which requires internet and other which does not
require internet.
Keywords—Persuasive Cued Click Points,International Mobile
Equipment Identity ,One Time Password
I. INTRODUCTION
Various graphical password schemes have been
proposed as alternatives to text-based passwords. Research and
experience have shown that text-based passwords are fraught
with both usability and security problems that make them less
than desirable solutions. Psychology studies have revealed that
the human brain is better at recognizing and recalling images
than text. Graphical passwords are intended to capitalize on this
human characteristic in hopes that by reducing the memory
burden on users, coupled with a larger full password space
offered by images, more secure passwords can be produced and
users will not resort to unsafe practices in order to cope.
In this project, we propose a new click-based graphical
password scheme called Persuasive Cued Click Points (PCCP)
with OTP. A password consists of one click-point per image for
a sequence of images. The next image displayed is based on the
previous click-point so users receive immediate implicit
feedback as to whether they are on the correct path when
logging in. PCCP offers both improved usability and security
and OTP prevents it from shoulder surfing.
II. PREVIOUS WORK
A new click-based graphical password scheme called Cued
Click Points (CCP). It can be viewed as a combination of
PassPoints Passfaces, and Story. A password consists of one
clickpoint per image for a sequence of images. The next image
displayed is based on the previous clickpoint so users receive
immediate implicit feedback as to whether they are on the
correct path when logging in. CCP offers both improved
usability and security[2].It is very difficult for the user to
remember the exact pixel point.PassPoints is a new and more
secure graphical password system. This work proposed a
password scheme in which the user is presented with a
predetermined image on a visual display and required to select
one or more predetermined positions on the displayed image
in a particular order to indicate his or her authorization to
access the resource. Beyond this, This system was developed
early in the evaluation of graphical passwords, and in this, the
user is given with an image. The click points on the image are
used as the password for user authentication. The user has to
remember the order and position of the click points. The click
points are not stored as such, but as a hashed value. For
correct validation, discretization square is used which is the
tolerance area around the original click point. The user should
click on the discretization area. Here, the system does not have
any influence over the selection of the click points. The user is
free to set the password which the user can easily remember.
Since it is being very simple, it can easily be attacked. In
PassPoints, passwords consist of a sequence of click-points on
a given image. Users may select any pixels in the image as
click-points for their password.Drawback is As it is very
difficult to remember the random points, user chooses to select
points on images that can be easily recognized in the image[1].
In this system an alternative gaze-based
authentication scheme that supports users in selecting secure
gaze-based graphical passwords. To tackle the problem of
hotspots, our scheme uses a computational model of visual
attention – also known as saliency maps – to mask out those
areas of the image most likely to attract visual attention. We
show that this approach significantly increases the security of
gaze based cued-recall graphical passwords. The specific
contributions of our research are 1) a shoulder surfing resistant
gaze-based authentication scheme that allows the user to select
a sequence of arbitrary points in an image, 2)the introduction
of computational models of visual attention to increase the
security of gaze-based cued-recall graphical passwords, and 3.
a security evaluation of three different gaze based graphical
passwords – PIN, picture without a saliency mask, and picture
with a saliency mask – in a user study with 12 participants
guessing passwords after watching close-up videos of the eye
movements of other users.Users often create memorable
passwords that are easy for attackers to guess, but strong
system-assigned passwords are difficult for users to
remember[3]. A password authentication system should
encourage strong passwords while maintaining reputation. We
propose that authentication schemes allow user choice while
influencing users towards stronger passwords. In our system,
the task of selecting weak passwords (which are easy for
attackers to predict) is more tedious, discouraging users from
International Journal of Computer Science and Information Security (IJCSIS),
Vol. 15, No. 8, August 2017
101 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
2. making such choices. In effect, this approach makes choosing
a more secure password the path-of-least-blocking.
The password system provides security against
unauthorized access but the evolution of different attacks
made this system ineffective. To make complex text passwords
was a solution but it was very difficult for users to remember
so an alternative for this came graphic based passwords, which
again had its own disadvantages like in passpoints it is very
difficult to remember the random points, user chooses to select
points on images that can be easily recognized in the image.
Then in cued click points it is very difficult for the user to
remember the exact pixel point. To overcome the
disadvantages of the above system came Persuasive Cued
Click Points method. This is more efficient and user friendly
but the only attack possible on this method was shoulder
surfing, so to avoid this disadvantage we are coming up with a
new two way authentication system which would include
Persuasive Cued Click Point technique along with an OTP.
III. IMPLEMENTATION
The existing system consists of text passwords and
OTP which is sent to user via SMS or email. The problems of
knowledge-based authentication, typically text-based pass-
words, are well known. Users often create memorable pass-
words that are easy for attackers to guess, but strong system-
assigned passwords are difficult for users to remember. In the
passpoints technique it is very difficult to remember the ran-
dom points so user chooses to select points on images that can
be easily recognized in the image. Whereas in cued click
points it is very difficult for the user to remember the exact
pixel point. For the existing OTP method email spoofing or
man in the middle attack can occur. Hence user’s security can
be compromised. Also the text passwords are either pre-
dictable or if made complex using a combination of alphabets,
symbols and numbers becomes difficult for the users to re-
member. Hence this approach is not user convenient and prone
to attacks[5].
Our project uses the image based password as the 1st
key of authentication and OTP as the 2nd key of authentica-
tion. Also it eliminates email spoofing, man in the middle at-
tack and includes another level of security.
Objective of Our project is To make our password system
more user convenient and easy to remember,To make it more
secure,To allow users to login with the help of internet as well
as without internet,To allow users to login who are not having
a Android mobile phone,To increase the security level without
making the user to take an effort to remember the complex
text passwords,To educate people and promote the Digital In-
dia Movement.
Fig 1: Architecture of System
IV.RESULTS
Following form gives the login option ,we can select one op-
tion from it,
Fig 2.Login Method
International Journal of Computer Science and Information Security (IJCSIS),
Vol. 15, No. 8, Augus 2017
102 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
3. The User will select the login method by which he wants to
login or if he is a new user then he can select the new
registration option.
Fig3: Registration
The user needs to enter all his information in order to
register himself.
Fig4:select point on image
The user needs to browse an image and then he has to
select a point in the randomly generated view port i.e. the red
color square in the above fig 4 The user has to select the point
on each image depending on the number of images selected by
him at the time of registration. After all the images the
password would be saved successfully.
If user chooses login method 1 then after entering the
correct user name he will obtain a binary OTP on the
registered email id.As per the obtained OTP user will have to
select the same points which he had selected at the time of
registration for the images when the bit in the OTP is 1 and
select any other point except the point selected while
registration for the image when the bit in the OTP is 0.
If user chooses login method 2 then after entering the correct
user name he will obtain the 1st
image.The user will have to
select the same points which he had selected at the time of
registration and after selecting all the points if the points
selected are correct then he/she will be given a QR code which
would be generated by the system.Now the user has to scan
the QR code using our Android application. After scanning the
QR code with the registered IMEI number device the user will
obtain an OTP and will have to enter the obtained OTP.If user
selects wrong point, random images will be generated and at
the end he will get a message as Invalid.If user scans the QR
code with another device then he will obtain message as
INVALID USER.If user enters the wrong OTP, then he will
get message as Access Denied.After following login method 1
or login method 2 accurately, user will be provided access to
the system.
V.CONCLUSION
Thus we have successfully implemented a secure and
more user friendly authentication system called Persuasive
cued click point with OTP which contains graphical
password which are easy for the users to remember as
compared to text based passwords and difficult to attack for
the attackers. Our system provides two login methods for
the users so that users can login even when there is no
internet or even if they don’t have an android phone.In
future we would like to improve many aspects of our
project. We would like to include a forgot password and
change password option in our system, so that user can
change the password whenever he wants or if he forgets the
password. We would also like to save the image points by
encrypting them to increase security. For increasing the
security at the second level of authentication we would like
to include the encryption for generating QR code and
decryption for obtaining OTP.
REFERENCES
[1] Sonia Chiasson, Elizabeth Stobert, Alain Forget, Robert Biddle, and Paul
C. van Oorschot, “Persuasive Cued Click-Points: Design, Implementation,
and Evaluation of a Knowledge-Based Authentication Mechanism,” IEEE
transactions on dependable and secure computing, vol. 9,no. 2, March/April
2012. .
[2] S. Chiasson, E. Stobert, A. Forget, R. Biddle, and P. van Oorschot,
“Persuasive Cued Click-Points: Design, Implementation, and Evaluation of a
Knowledge-Based Authentication Mechanism,” Technical Report TR-11-03,
School of Computer Science, Carleton Univ., Feb. 2011.
[3] P.C. van Oorschot and J. Thorpe, “Exploiting Predictability in Click-
Based Graphical Passwords,” J. Computer Security, vol. 19, no. 4, pp. 669-
702, 2011.
[4]Farnaz Towhidi, Maslin Masrom , “A Survey on Recognition-Based
Graphical User Authentication Algorithms”, (IJCSIS) International Journal of
Computer Science and Information Security, Vol. 6, No. 2, 2009
[5]B. Rodrigues, A. Chaudhari and S. More, "Two factor verification using
QR-code: A unique authentication system for Android smartphone users,"
2016 2nd International Conference on Contemporary Computing and
Informatics (IC3I), Noida, 2016, pp. 457-462.
doi: 10.1109/IC3I.2016.7918008
Mrs. Anita Chaudhari completed her
M.E from Mumbai University in 2013.
Currently she is working as Assistant
Professor in St. John College of
Engineering and Management, Palghar,
Mumbai University. She has published
one national and seven international
papers. Her research areas include network Security, and Data
Mining.
International Journal of Computer Science and Information Security (IJCSIS),
Vol. 15, No. 8, Augus 2017
103 https://sites.google.com/site/ijcsis/
ISSN 1947-5500