engineering project of venkata krishna
Post on 27-Jul-2015
190 Views
Preview:
TRANSCRIPT
CHAPTER 1
INTRODUCTON
1.1 INTRODUCTION
There has been a great deal of hype for graphical passwords since two decade due to the
fact that primitive’s methods suffered from an innumerable number of attacks which could be
imposed easily. Here we will progress down the taxonomy of authentication methods. To start
with we focus on the most common computer authentication method that makes use of text
passwords. Despite the vulnerabilities, it’s the user natural tendency of the users that they will
always prefer to go for short passwords for ease of remembrance and also lack of awareness
about how attackers tend to attacks. Unfortunately, these passwords are broken mercilessly by
intruders by several simple means such as masquerading, Eaves dropping and other rude means
say dictionary attacks, shoulder surfing attacks, social engineering attacks .To mitigate the
problems with traditional methods, advanced methods have been proposed using graphical as
passwords .The idea of graphical passwords first described by Greg Blonder (1996). For
Blonder, graphical passwords have a predetermined image that the sequence and the tap regions
selected are interpreted as the graphical password. Since then, many other graphical password
schemes have been proposed. The desirable quality associated with graphical passwords is that
psychologically humans can remember graphical far better than text and hence is the best
alternative being proposed. There is a rapid and growing interest in graphical passwords for they
are more or infinite in numbers thus providing more resistance. The major goal of this work is to
reduce the guessing attacks as well as encouraging users to select more random, and difficult
passwords to guess.
Taxonomy of Authentication
In this depiction of current authentication methods Biometric based authentication
system’s techniques are proved to be expensive, slow and unreliable and hence not preferred by
many. Token based authentication system is high security and usability and Accessibility
1DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
compare then others. But is system employ knowledge based techniques to enhance security. But
the current knowledge based techniques are still immature. For instance, ATM cards always go
hand in hand with PIN number.
Fig 1.1: Taxonomy of Authentication
Taxonomy of Password Authentication Techniques
So the knowledge based techniques are the most wanted techniques to improve real high
security. Recognition based & recalls based are the two names by which graphical techniques
could be classified.
2DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
Summary
The rest of the project report is organized as follows: The Chapters from Chapter 2 to
Chapter 10 will provide the information about the Defenses against Large Scale Online Password
Guessing attacks by using Persuasive Click Points. The Chapter 2 will give survey on the
literatures which are more important in development of this project and in Chapter 3 gives the
disadvantages and the advantages of the existing and the proposed systems and also provide the
problem setup of the project .The Chapter 4 will provide all the necessary Requirements of
Functional and Non-Functional Requirements of Defenses against Large Scale Online Password
Guessing attacks by using Persuasive Click Points. In Chapter 5 the Architecture of the Defenses
against Large Scale Online Password Guessing attacks by using Persuasive Click Points and the
modules which are implemented in it are discussed. The designing of the system with all the
necessary UML diagrams are explained in Chapter 6. The Pseudo code is discussed in the
Chapter 7.Finally the testing is done with all possible test cases are described in Chapter 8.The
final conclusion and the references are followed in the preceding Chapters 9 and Chapter 10
Respectively
3DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
CHAPTER 2
LITERATURE SURVEY
2.1 Graphical Password Authentication Using Cued Click Points
We propose and examine the usability and security of Cued Click Points, a cued-recall
graphical password technique. Users click on one point per image for a sequence of images. The
next image is based on the previous click-point. We present the results of an initial user study
which revealed positive results. Performance was very good in terms of speed, accuracy, and
number of errors. Users preferred CCP to Pass Points, saying they thought that selecting and
remembering only one point per image was easier, and that seeing each image triggered their
memory of where the corresponding point was located. We also suggest that CCP provides
greater security than Pass Points because the number of images increases the workload for
attackers.
2.2 Reducing Shoulder-surfing by Using Gaze-based Password Entry
Shoulder-surfing – using direct observation techniques, such as looking over someone's
shoulder, to get passwords, PINs and other sensitive personal information – is a problem that has
been difficult to overcome. When a user enters information using a keyboard, mouse, touch
screen or any traditional input device, a malicious observer may be able to acquire the user’s
password credentials. We present Eye Password, a system that mitigates the issues of shoulder
surfing via a novel approach to user input.
With Eye Password, a user enters sensitive input by selecting from an on-screen keyboard
using only the orientation of their pupils, making eavesdropping by a malicious observer largely
impractical. We present a number of design choices and discuss their effect on usability and
security. We conducted user studies to evaluate the speed, accuracy and user acceptance of our
approach. Our results demonstrate that gaze-based password entry requires marginal additional
time over using a keyboard, error rates are similar to those of using a keyboard and subjects
preferred the gaze-based password entry approach over traditional methods.
4DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
2.3 Deja vu: A User Study Using Images for Authentication
Current secure systems suffer because they neglect the importance of human factors in
security. We address a fundamental weakness of knowledge-based authentication schemes,
which is the human limitation to remember secure passwords. Our approach to improve the
security of these systems relies on recognition-based, rather than recall-based authentication. We
examine the requirements of a recognition-based authentication system and propose Deja Vu,
which authenticates a user through her ability to recognize previously seen images. Deja Vu is
more reliable and easier to use than traditional recall-based schemes, which require the user to
precisely recall passwords or PINs. Furthermore, it has the advantage that it prevents users from
choosing weak passwords and makes it difficult to write down or share passwords with others.
2.4 Image Based Registration and Authentication System
Security-sensitive environments protect their resources against unauthorized access by
enforcing access control mechanisms. Text based passwords are not secure enough for such
applications. User authentication can be improved by using both text passwords and structured
images. Our image based registration and authentication system is called IBRAS. The system
developed displays an image or set of images to the user, who would then select one to identify
them. The system uses such image based passwords and integrates image registration and
notification interfaces. Image registration enables users to have their favorite image. The paper
will describe our experience and future work.
2
2.5 User interface design affects security Patterns in click-based graphical passwords
Design of the user interface incenses users and may en-courage either secure or insecure
behavior. Using data from four deferent but closely related click-based graphical password
studies, we show that user-selected passwords vary considerably in their predictability. Our
analysis looks at click-point patterns within passwords and shows that Pass Points passwords
follow distinct patterns. Surprisingly, these patterns occur independently of the background
5DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
image. Conversely, CCP and PCCP passwords are nearly indistinguishable from those of a
random dataset. These results provide insight on modeling effective password spaces and on how
user interface characteristics lead to more (or less) secure user behavior.
6DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
CHAPTER 3
PROBLEM DEFINITION
3.1 EXISTING SYSTEM
In existing system, password are mostly of text oriented .So the password can be broken
by intruders by masquerading ,brute force attack ,dictionary attack etc ,There are some
application existing with graphical passwords ,their major drawback is larger memory space.
Some have prone to shoulder surfing attack .In Cued Click Point ,the user have select click point
in five different images in sequence based on the previous image .The drawback of the concept is
it is difficult to remember the click points in different images.
Disadvantages
Although Pass Points is relatively usable, security weaknesses make passwords easier for
attackers to predict .Hotspots are areas of the image that have higher likelihood of being selected
by users as password click-points. Attackers who gain knowledge of these hotspots through
harvesting sample passwords can build attack dictionaries and more successfully guessPass
Points passwords. Users also tend to select their click-points in predictable patterns (e.g., straight
lines), which can also be exploited by attackers even without knowledge of the background
image; indeed, purely automated attacks against Pass Points based on image processing
techniques and spatial patterns are a threat
3.2 PROBLEM STATEMENT
Usable security has unique usability challenges because the need for security often means
that standard human-computer-interaction approaches cannot be directly applied. An important
usability goal for authentication systems is to support users in selecting better passwords. Users
often create memorable passwords that are easy for attackers to guess, but strong system-
assigned passwords are difficult for users to remember.
7DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
3.3 PROPOSED SYSTEM
In proposed system, we use a click-based graphical password system. During password
creation, there is a small view port area that is randomly positioned on the image. Users must
select a click-point within the view port. If they are unable or unwilling to select a point in the
current view port, they may press the Shuffle button to randomly reposition the view port. The
view port guides users to select more random passwords. Therefore this works encouraging users
to select more random, and difficult passwords to guess.
Advantages of proposed system
This systematic examination provides a comprehensive and integrated evaluation of
PCCP covering both usability and security issues, to advance understanding as is prudent before
practical deployment of new security mechanisms. Results show that PCCP is effective at
reducing hotspots (areas of the image where users are more likely to select click-points) and
avoiding patterns formed by click-points within a password, while still maintaining usability.
8DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
CHAPTER 4
SYSTEM ANALYSIS AND REQUIREMENTS
4.1 SOFTWARE REQUIREMENTS
o Operating System : Windows XP/7/8
o Application Server : NETBEANS
o Front End : JAVA, Swings
o Database : MYSQL
o Database Connectivity : JDBC
4.2 HARDWARE REQUIREMENTS
o Processor - Pentium –III, intel, amd
o Speed - 1.1 Ghz
o RAM - 256 MB(min)
o Hard Disk - 20 GB(min)
9DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
4.3 FUNCTIONAL REQUIREMENTS
1. It provides provision to the user to register.
2. It provides a provision to the user to select an image.
3. It provides a provision to the user to generate graphical password from selected image.
4. It provides a provision to the user to compare graphical password from input image for
login.
5. It provides a provision to Login user.
6. It provides a provision to the user to compare graphical password from input image for
user to make transactions.
7. It provides provision to user to make his transactions.
8. It provides provision for user to deposit.
9. It provides a provision for user to withdrawal.
10. It provides a provision for user to view transaction reports.
4.4 NON-FUNCTIONAL REQUIREMENTS
Non-Functional requirements describe user-visible aspects of the system that are not
directly related to functionality of the system.
a) User Interface
A menu interface has been provided to the client to be user friendly.
b) Documentation
The client is provided with an introductory help about the client interface and the
user documentation has been developed through help hyperlink.
c) Performance Constraints
Requests should be processed within no time.
10DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
Users should be authenticated for accessing the requested data.
d) Error Handling and Extreme Conditions
In case of User Error, the System should display a meaningful error message to
the user, such that the user can correct his Error.
The high level components in proposed system should handle exceptions that
occur while connecting to database server, IO Exceptions etc.
e) Quality Issues
Quality issues refer to how reliable, available and robust should the system be?
While developing the proposed system the developer must be able to guarantee the
reliability transactions so that they will be processed completely and accurately.
The ability of system to detect failures and recovery from those failures refers to the
availability of system. Robustness of system refers to the capability of system providing
information when concurrent users requesting for information.
f) Acceptance Criteria
The developer will have to demonstrate and show to the user that the system works
by testing with suitable test cases so that all conditions are satisfied.
4.5 FEASIBILITY STUDY
Three key considerations involved in the feasibility analysis are
Technical Feasibility
Economical Feasibility
Operational Feasibility
11DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
i) Technical Feasibility
The developed system have a modest requirement, as only minimal or null changes
are required for implementing this system. As all the Technical aspects are already
available.
ii) Economical Feasibility
The developed system is well within the budget and this was achieved because
most of the technologies used are freely available. Only the customized products had
been purchased.
iii) Social Feasibility
The Users level of confidence must be raised so that he is also able to make some
constructive criticism, which is welcomed, as he is the final user of the system
12DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
4.6 Use Case Analysis:
register new user
login
browse an image
create graphical password from image
compare image for graphical password
credit
debit
user
transcation history
Fig 4.1: Use Case Diagram for Persuasive click point
Use Case Description
13DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
In this first user must register by giving the details of user and then create the
graphical password from image.
If the user is already registered then browse the image and give the x,y values as
password for login.
Compare image for the graphical password verification.
If the user is a valid user then the transaction can be done like credit, debit,
transaction history.
Use Case Description Table
USECASE ACTOR STEPS DESCRIPTION1.REGISTRATION USER 1.Press the registration
2.Enter details of user
After completing to registration, all the details of user saved in database.
2. CREATE GRAPHICAL PASSWORD FROM IMAGE
USER 1.Press the Create password.
2.Enter the required X and Y co-ordinates.
After enter the co-ordinates, the corresponding values are stored in database.
3.BROWSE AN IMAGE
USER 1.We select an image from the Image database.2.Set the co-ordinate values
After Browse the image, corresponding co-ordinate values of Image are stored in database.
4.LOGIN USER 1.Press the login.2.Enter the username and password.
After enter the username &password, Admin check with username & pwd in database. if it same user login is successful.
5.COMPARE IMAGE FOR GRAPHICAL PASSWORD
ADMIN 1.Admin collect all details of password.2.Admin compare the user password and actual values of Image co-ordinates.
After comparing the graphical password, if I same successful for login.
6.CREDIT USER 1.Press the Credit button.2.Enter credit details.
After enter the all the details of credit, transactions are occurred successfully.
14DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
7.DEBIT USER 1.Select the debit.2.Enter the required amount to be withdraw.
After completing the debit, amount will be withdraw successfully.
Table 4.1: Use Case Analysis
CHAPTER 5
SYSTEM ARCHITECTURE
5.1 SYSTEM ARCHITECTURE DESCRIPTION
The project is about User authentication to the system with the implementation of the persuasive
click points. First of all, any User has register and the graphical password is given as the input to
the login process. The two images are compared for authenticating the user to the system, If any
error occurred then user must login to the system again, if there are no errors then the transaction
management will display the transaction details.
15DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
Fig 5.1: System Architecture
5.2 MODULES
The System Architecture consisting of four modules namely:
i. Registration
ii. Password Creation
iii. User Login
iv. Transaction management
i. Registration
16DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
In this Registration module user enter the all the details like his name, address of the
user ,mobile number and emailed .After enter the details, all details are stored in user
database.
These details are used for the Authentication in login process .So these details are
very important for the further process. So these details are securely stored in User
database.
In this Registration process, user has to choose his username.
ii. Password Creation
In this module, we have to create our own password with help of any image in the
Image Database .In this module, we create the password with help of X and Y co-
ordinate’s of window .So in this (X, Y) values are to be set in the picture.
These co-ordinate values are to be stored in admin database .In this we have to
develop no. of passwords based on the size of window ,nothing but it will depend on
no .of co-ordinate values .So guessing of Unauthorized user is very difficult and also easy
to remember the authorized party.
iii. User Login
In this module, user wants to login into the system .In this admin asks username and
password and then user enter the username and graphical password nothing but co-
ordinate values.
After enter the username and password, Admin checks the entered username &
password with Username, Password in database.
If both are same, then user has to login in system successfully .Otherwise go to
Registration process.
iv) Transaction Management:
In this Transaction Management module, we are testing weather system works
properly or not .In this, the system is linkup with Banking Transactions.
17DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
In this, user has to credit the money with help of our system and also debit the
money successfully.
18DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
CHAPTER 6
SYSTEM DESIGN
6.1 CLASS DIAGRAM
Login
Login()actionPerformed()main()
(from imageprocess)
selectpixel
i : int = 1user_name : String = UserRegister.Username_Text.getText()...name_text : String = UserRegister.Name_Text.getText()acc_text : String = UserRegister.AccNo_Text.getText()
selectpixel()actionPerformed()main()
(from imageprocess)
process
username : String = test.text1.getText()
process()actionPerformed()main()
(from imageprocess)
CompareImage
bytes[] : byte = null
CompareImage()actionPerformed()main()
(from imageprocess)
test
name : String = nullfile_name : String = null
test()main()
(from imageprocess)
UserRegister
dt : Date = new java.util.Date ()currentTime : String = sdf.format(dt)
UserRegister()main()actionPerformed()
(from imageprocess)
ImageProcess
main()
(from imageprocess)
datecheck
DATE_FORMAT_NOW : String = "dd-MM-yyyy HH:mm:ss"dt : Date = new java.util.Date ()currentTime : String = sdf.format(dt)
datecheck()main()
(from imageprocess)
Fig 6.1: Class diagram
Description of Class Diagram
19DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
: user : user
user interfaceuser interface registrationregistration insert imageinsert image create passwordcreate
passworddatabasedatabase message boxmessage box
1:user register()
1.1:enter user deatails()
1.1.1: check user regisration()
1.1.1.1: create password()
1.1.1.1.1: store data()
1.1.1.1.1.1: return status()
1.1.1.1.1.1.1: display message
The class diagram mainly consists of User Register ,Image Process and Data Check.
In the user registration, login process is used to verify the details which are correct if the
details given are invalid then the user must re-enter the valid details and compare the
image and test is done on it.
In the Image process, the pixel values are taken when the password is created and that
pixel values are used for retrieval of data from the data base.
In the Data Check, the data is verified that is where the intensity values of the co-
ordinates are equal or not.
6.2 SEQUENCE DIAGRAM
Fig 6.2: Sequence Diagrams for User Registration
Description of Sequence Diagram for User Registration
20DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
: user : user
user interface(ui)
user interface(ui)
loginlogin logim management
loginmanagement
compare graphical password
compare graphical password
cheak datacheck data message boxmessage box
1.1: login()
1.2: enter login details()
1.3: send data()
1.4: input image()
1.5: send user data
check data
return status
1.7: display message()
1.8: display message()
For this user need to enter the details and then the user details are been checked
internally.
Then User Create the password by giving the image as input.
Then the password and the details are stored in the database.
From the Database if we want any details then the status will be given to the user by
a message this message will be displayed.
Sequence Diagrams for User Login
Fig. 6.3: Sequence Diagrams for User Login
Description of Sequence Diagrams for User Login
21DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
After registration user must login by entering the login details. Then the data is send
to the login management.
User gives the image for comparing the graphical password then the data is send to
verification.
After verification the message is send to the login management and then the
message is send to the message box.
The message box will send the message to the user.
6.3 COLLABORATION DIAGRAM
:user user interface
:Registration
:insert mode
create pwd
:database:message
box
1: user register()
2: Enter user details
3: check user registration
4: create pwd
5: 1.1.1.1 store data
6: 1.1.1.1 return status
7: 1.1.1.1.1 display message
Fig 6.4 Collaboration Diagrams for User Registration
Collaboration Diagrams for User Registration
22DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
For this user need to enter the details and then the user details are been checked
internally.
Then User Create the password by giving the image as input.
Then the password and the details are stored in the database.
From the Database if we want any details then the status will be given to the user by a
message this message will be displayed
Collaboration Diagrams for User Login
5: send user data
:user :user interface :check
data
:masssage box
:login
:login management
:compare graphical pwd
6: check data
1: login()
2: enetr login details
7: return status
9: display message
3: send data
4: input data
8: display message
Fig 6.5: Collaboration Diagrams for User Login
Description of Sequence Diagrams for User Login:
After registration user must login by entering the login details. Then the data is send
to the login management.
User gives the image for comparing the graphical password then the data is send to
verification.
23DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
After verification the message is send to the login management and then the
message is send to the message box.
The message box will send the message to the user.
6.4 ACTIVITY DIAGRAM
User Login
Enter User Details
Login Failure
LoginSuccessfully
User Transactions
logout
valid DetailsInvalid Details
Fig 6.6: Activity Diagram of Persuasive click points
Description of Activity Diagram
In this first the user must login by giving the details.
If the details are invalid then the login fails then the user must re-enter the details.
If the details are valid then the login process is successful then the user transactions
can be done.
24DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
6.5 STATE CHART DIAGRAM
State Chat diagram for User Login
user registration
enter user details
create graphical password
login transactions
depositwithdraw
logout
Fig 6.7: State Chart diagram for User Login
25DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
Description of State Chart diagram for User Login
In this first user must register by giving the details of user and then create the
graphical password from image.
If the user is already registered then browse the image and give the x,y values as
password for login.
Compare image for the graphical password verification.
If the user is a valid user then the transaction can be done like credit, debit,
transaction history
State chart diagram for login:
user login
enter user details
login successfully
login failure valid detailsinvalid details
user transactions
logout
Fig 6.8: State chart diagram for login
26DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
Description of State Chart diagram for login
In this first the user must login by giving the details.
If the details are invalid then the login fails then the user must re-enter the details.
If the details are valid then the login process is successful then the user transactions
can be done.
6.6 COMPONENT DIAGRAM
DEFENCE AGAINST INE PASSWORD GUESSING ATTACKS BY USING PERSUASIVE CLICK POINTS
USER REGISTRATION
GRAPHICAL PASSWORD
LOGIN MANAGEMENT
TRANSACTION MANAGEMENT
Fig 6.9: Component Diagram of Persuasive click points
Defenses against Large Scale Online Password Guessing Attacks by Persuasive Click Points
consists of four components
User Registration
Graphical Password
Login Management
Transactions Management
27DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
6.7 DEPLOYMENT DIAGRAM
MYSQL
user interface
Defence againist largescale online passw...
SWINGS
JDK1.6
DATABAES
IMAGE
Fig 6.10: Deployment Diagram of Persuasive click points
Description of Deployment Diagram:
Deployment Diagram consisting of following objects.
User Interface
Defense against large scale online password guessing attack by using Persuasive click
points.
o Swings
o JDK1.6
Database
o My Sql
o image
In this system initially user interact with the Defense against large Scale online password
system .In this swings and JDK 1.6 are sub parts of this system and this is link with the
Database consisting of my sql and Image database.
28DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
Image
Accno
Balance Address
PixelNew User
Name
has1 1
Name Password
Image
Path value
1
Name
Path
Image
6.8 ER DIAGRAM
Fig 6.11: ER Diagram of Persuasive click points
Explanation for ER Diagram
The Database is designed keeping in mind all the functional requirements of the
System. There are several attributes for every entity in an ER Diagram .Here New User
and Pixel are the entities and there is the relation between them.
For the New User entity there are attributes are name, user name, account number,
guardian, address, balance, Image and in the pixel entity there are attributes like name of
the image and the password.
29DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
Guardian
Use Name
DATA DICTIONARY
The database used for the system consists of five tables, The first one is the user details
table in which the entire details about the user are stored and second one is the address table
consists the address of the user. The table upload data consists of the data under categories, from
this table the entire operation of the system is based and the login master table handles the details
of each login of the user. And finally the Category Info table consists of the type of Data stored
in the Data Base.
1. New User Table
Table 6.1: New User Table
2. Pixel Table
30DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
Field name Data type Description
User name Varchar2 Name of the user in the login
Name Varchar2 Name of the user
Balance Number Balance amount
Address Varchar2 Address of the user
Image Jpg Image password
Guardian Varchar2 Guardian to the user
Accno number Account number of the user
Field name Data type Description
Name Varchar2 Name of the user
Image Jpg Image password
Password number password of the user
Table 6.2: Pixel Table
3. Path value
Table 6.3: Path value table
31DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
Field name Data type Description
Name Varchar2 Name of the user
Image Jpg Image password
Path Varchar2 Path value
CHAPTER 7
SYSTEM IMPLEMENTATION
7.1 ALGORITHMS
Persuasive click points
The implementation of the persuasive click point’s algorithm is of at most importance for
the exact User authentication to happen, The algorithm for the persuasive click points includes
two phases i.e., firstly during the registration of the passwords and during the login process.
Registration process
The User should register in to the system, before he can use the system for secure login.
Step 1: The image is to uploaded which the user wants to use as his password.
Step 2: There is a small view port area that is randomly positioned on the image, Users must
select a click-point within the view port.
Step 3: If they cannot or unwilling
then
they may press the shuffle button to randomly reposition the view port.
The click points must be selected in such a way that there is less chances of inclusion of
hotspots.
Login process
After the registration in to the system the, User wants to enter the system to view his
personal data.
Step 1: The User uploads the image, which he has selected as his password image.
Step 2: The User should select the click points in the order in which he has done during the
registration process.
Step 3: if any problem, then retry for a limited no of times
Or the account is blocked
32DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
else the account is opened
7.2 PSEUDO CODE
The main action performed in the system is to compare the image that is given as an input.
Image Comparision
if(ae.getSource()==upload)
{
Connection connection = null;
PreparedStatement psmnt = null;
FileInputStream fis;
String filename=filenametext.getText();
String name=nametext.getText();
String password=passwordtext.getText();
try
{
Class.forName("com.mysql.jdbc.Driver")
connection = DriverManager.getConnection("jdbc:mysql://localhost/image","root","");
File image = new File(filename);
psmnt = connection.prepareStatement ("insert into pixelvalue values(?,?,?)");
psmnt.setString(1,name);
psmnt.setString(2,filename);
fis = new FileInputStream(image);
psmnt.setBinaryStream(3, (InputStream)fis, (int)(image.length()));
int s = psmnt.executeUpdate();
}
33DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
catch(Exception ee)
{
}
}
else if(ae.getSource()==Compare)
{
String filename=filenametext.getText();
try
{
File file=new File(filename);
BufferedImage image=ImageIO.read(file);
ImageIcon icon=new ImageIcon(image);
picture.setIcon(icon);
}
catch(Exception ee)
{
}
}
else if(ae.getSource()==Browse)
{
JFileChooser chooser = new JFileChooser();
try {
File f = new File(new File("filename.txt").getCanonicalPath());
chooser.setSelectedFile(f);
}
catch (IOException e1)
{
}
int retval = chooser.showOpenDialog(Browse);
if (retval == JFileChooser.APPROVE_OPTION){
File field = chooser.getSelectedFile();
34DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
filenametext.setText(field.getAbsolutePath());
}
else if(ae.getSource()==viewport)
{
System.out.println("aa");
}
35DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
CHAPTER 8
TESTING
8.1 Test Cases
Test case1
Input: The details of the User
Expected Output: The successful registration
Observed Output: same as expected as shown in the Fig 8.1
Fig 8.1: User registration form
36DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
Test case 2
Input: The Image which is to be used as password and click points
Expected Output: The successful creation of password
Observed Output: same as expected as shown in the Fig 8.2
Fig 8.2: Graphical Password Creation of User
37DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
Test case 3
Input: The Image used as a password and click points
Expected Output: unsuccessful login
Observed Output: same as expected as shown in the Fig 8.3
Fig.8.3: Graphical password given is wrong
38DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
Test case 4
Input: The Image used as a password and click points
Expected Output: successful login
Observed Output: same as expected as shown in the Fig 8.4
Fig 8.4: Authentication of the User using image password
Test Cases Report
39DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
Test
Case
ID
Test Case Procedure Expecting
behavior
Exhibiting
behavior
Result
1
User to
register.
User has to select ‘New
User’ option and enter the
details of user.
User has to be
registered if the
entered details are
true else return
error message.
New user is
registered. Pass
2 User to insert
an image.
User has to the Browse
option and select the
required image as input.
User has to browse
an image.
User selected an
image.
Pass
3 User to Create
Graphical
Password.
User has to select ‘create
Password’ option and
browse a graphical image to
create graphical password.
User has to create
Graphical
password.
User is created
Graphical
password.Pass
4 User to
compare
images.
User has to select an image
as input to compare
Graphical password to
match.
User has to insert
an image.
User inserted an
image.
Pass
5 User to get
Login.
User has to select
‘registered user’ option and
enter the login details.
User has to login if
the entered login
details are true else
return error display
message.
User is logged
in. Pass
6 User to
deposit.
User has to select ‘deposit’
option and transact the
amount.
User has to be
deposited.
User got
deposited. Pass
7 User to User has to select User has to be User is Pass
40DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
withdrawal. ‘withdrawal’ option and
transact the amount.
withdrawal. withdrawn
amount.
8 User to view
transaction
reports.
User has to select
‘transaction Report’ and
enter the password details.
User has to view
the transaction
reports if entered
details are true else
return error
message.
User viewed the
transaction
reports.
Pass
Table 8.1: Test Case Report
CHAPTER 9
CONCLUSION
41DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
A major advantage of Persuasive Cued Click Point scheme is its large password space
over alphanumeric passwords. There is a growing interest for Graphical passwords since they are
better than Text based passwords, although the main argument for graphical passwords is people
are better at memorizing graphical passwords than text-based passwords .Online Password
guessing attacks on password-only systems have been observed for decades Present-day
attackers targeting such systems are empowered by having control of thousand to million node
battens.
In previous ATT-based login protocols, there exists a security-usability trade-off with
respect to the number of free failed login attempts (i.e., with no ATTs) versus user login
convenience (e.g., less ATTs and other requirements). In contrast, PGRP is more restrictive
against brute force and dictionary attacks while safely allowing a large number of free failed
attempts for legitimate users. PGRP is apparently more effective in preventing password
guessing attacks (without answering ATT challenges), it also offers more convenient login
experience, e.g., fewer ATT challenges for legitimate users. PGRP appears suitable for
organizations of both small and large number of user accounts.
FUTURE ENHANCEMENT
A major advantage of Persuasive cued click point scheme is its large password
space over alphanumeric passwords. There is a growing interest for Graphical passwords
since they are better than Text based passwords, although the main argument for graphical
passwords is that people are better at memorizing graphical passwords than text-based
passwords. Online password guessing attacks on password-only systems have been observed
for decades. Present-day attacker stargazing such systems are empowered by having control
of thousand to million node bonnets. In previous ATT-based login protocols, there exists a
security-usability trade-off with respect to the number of free failed login attempts (i.e., with no
ATTs) versus user login convenience (e.g., less ATTs and other requirements). In contrast,
PGRP is more restrictive against brute force and dictionary attacks while safely allowing a large
number of free failed attempts for legitimate users. PGRP is apparently more effective in
42DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
preventing password guessing attacks (without answering ATT challenges), it also offers
more convenient login experience, e.g., fewer ATT challenges for legitimate users. PGRP
appears suitable for organizations of both small and large number of user accounts.
CHAPTER-10
REFERENCES & BIBLIOGRAPHY
43DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
REFERENCES
[1]. Sonia Chiasson, P.C. van Oorschot, and Robert Biddle, “Graphical Password Authentication
Using Cued Click Points” ESORICS, LNCS 4734, pp.359-374,Springer- Verlag Berlin
Heidelberg 2007.
[2]. Zhi Li, Qibin Sun, Yong Lian, and D. D. Giusto, „An association-based graphical password
design resistant to shoulder surfing attack‟, International Conference on Multimedia and Expo
(ICME), IEEE.2005
[3]. R. Dhamija and A. Perrig, "Deja Vu: A User Study Using Images for Authentication," in
Proceedings of9th USENIX Security Symposium, 2000.
[4]. S. Akula and V. Devisetty, "Image Based Registration and Authentication System," in
Proceedings of Midwest Instruction and Computing Symposium, 2004.
[5]. L. Sobrado and J.-C. Birget, "Graphical passwords," The Rutgers Scholar, An Electronic
Bulletin for Undergraduate Research, vol. 4, 2002.
[6]. I. Jermyn, A. Mayer, F. Mon rose, M. K. Reiter, and A.D. Rubin, "The Design and Analysis
of Graphical Passwords," in Proceedings of the 8th USENIX Security Symposium, 1999.
44DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
BIBLIOGRAPHY
1. www.javatpoint.com/corejava
2. www.mysql.com
3. www.w3schools.in
4. www.wikepedia.com
5. www.google.com
APPENDIX-A
45DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
OUTPUT SCREENS
Fig A.1: User Interface to Apply Graphical Password on Banking Application
46DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
Fig A.2: User registration form
47DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
Fig A.3: Graphical Password Creation of User
48DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
Fig A.4: Authentication of the User using image password.
49DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
Fig A.5: Deposit form of User
50DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
Fig A.6: Withdraw form for User.
51DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
Fig A.7: Transaction History of the User
52DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
APPENDIX-B
SOURCE CODE
package imageprocess;
import java.awt.*;
import java.awt.event.*;
import java.awt.geom.Area;
import java.awt.geom.Path2D;
import java.awt.image.BufferedImage;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.sql.*;
import java.sql.DriverManager;
import java.util.Random;
import javax.imageio.ImageIO;
import javax.swing.*;
public class CompareImage extends JFrame implements ActionListener
{
JPanel panel=new JPanel();
Container c;
static JLabel picture=new JLabel();
JLabel name=new JLabel("Name");
JLabel password=new JLabel("Password");
JLabel filename=new JLabel("FileName");
JTextField nametext=new JTextField();
JTextField passwordtext=new JTextField();
JTextField filenametext=new JTextField();
JButton upload=new JButton("Upload");
53DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
JButton Compare=new JButton("Display");
JButton Browse=new JButton("Browse");
JButton viewport=new JButton("Viewport");
static ImageIcon icon;
File file;
BufferedImage image;
static Image pic;
static byte[] bytes = null;
CompareImage() throws IOException
{
c=(JPanel)getContentPane();
c.setLayout(null);
c.setBackground(Color.WHITE);
picture.setBounds(50,100,400,325);
filename.setBounds(600,100,100,30);
filenametext.setBounds(720,100,300,30);
name.setBounds(600,150,100,30);
password.setBounds(600,200,100,30);
nametext.setBounds(720,150,100,30);
passwordtext.setBounds(720,200,100,30);
Browse.setBounds(530,400,100,20);
upload.setBounds(650,400,100,20);
Compare.setBounds(770,400,100,20);
viewport.setBounds(770,450,100,20);
c.add(picture);
c.add(filename);
c.add(filenametext);
c.add(name);
c.add(nametext);
c.add(password);
c.add(passwordtext);
54DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
c.add(viewport);
c.add(upload);
c.add(Compare);
c.add(Browse);
viewport.addActionListener(this);
upload.addActionListener(this);
Compare.addActionListener(this);
Browse.addActionListener(this);
}
public void actionPerformed(ActionEvent ae)
{
if(ae.getSource()==upload)
{
Connection connection = null;
PreparedStatement psmnt = null;
FileInputStream fis;
String filename=filenametext.getText();
String name=nametext.getText();
String password=passwordtext.getText();
try
{
Class.forName("com.mysql.jdbc.Driver")
connection = DriverManager.getConnection("jdbc:mysql://localhost/image","root","");
File image = new File(filename);
psmnt = connection.prepareStatement ("insert into pixelvalue values(?,?,?)");
psmnt.setString(1,name);
psmnt.setString(2,filename);
55DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
fis = new FileInputStream(image);
psmnt.setBinaryStream(3, (InputStream)fis, (int)(image.length()));
int s = psmnt.executeUpdate();
}
catch(Exception ee)
{
}
}
else if(ae.getSource()==Compare)
{
String filename=filenametext.getText();
try
{
File file=new File(filename);
BufferedImage image=ImageIO.read(file);
ImageIcon icon=new ImageIcon(image);
picture.setIcon(icon);
}
catch(Exception ee)
{
}
}
else if(ae.getSource()==Browse)
{
JFileChooser chooser = new JFileChooser();
try {
56DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
File f = new File(new File("filename.txt").getCanonicalPath());
chooser.setSelectedFile(f);
}
catch (IOException e1)
{
}
int retval = chooser.showOpenDialog(Browse);
if (retval == JFileChooser.APPROVE_OPTION){
File field = chooser.getSelectedFile();
filenametext.setText(field.getAbsolutePath());
}
else if(ae.getSource()==viewport)
{
System.out.println("aa");
}
} }
public static void main(String[] arg) throws IOException
{
JFrame pixel=new CompareImage();
pixel.setSize(1000,700);
pixel.setVisible(true);
pixel.setLocationRelativeTo(null);
}
}
57DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE
top related