jigspasszle : a novel jigsaw based authentication system using mouse drag dynamics

JIGSPASSZLE: A novel Jigsaw based authentication System using Mouse Drag Dynamics

GUIDE:Mr. S. M.UDHAYASANKAR Assistant Professor-III

Submitted By:VISWAPRASATH KSTHANGARAJ RJEYASIMMAN S

AGENDA

• Abstract• Objective• Motivation• Literature Survey• Existing System

Drawbacks• Proposed System• Securities Addressed• Modules• Advantages Of Proposed System• Conclusion• References

ABSTRACT

In this paperwe used an image based authentication

system which uses the ability of the human to recognize the image with.

we use drag action either using the mouse or using touch in the screens as biometrics.

we have used One Time Passwords (OTP) which is not dependent on any external devices.

OBJECTIVE

Our main Objective areTo develop a multiple factor authentication

system images. (Biometrics +Conventional + recognizable )

To avoid the hardware dependency for OTP.

To avoid attacks like shoulder surfing, guessing, key loggers

MOTIVATION

As State in the paper “A complete comparison on Pure and Cued Recall-Based Graphical User Authentication Algorithms” user

were fascinated by the pictures which drawn by other users so frequently we can see the common picture for password.

users can hardly remember the sequence of drawing after period of time.

LITERATURE SURVEY

Adams, A., in “Users are not the enemy (1999)” -They state how each and every module should make user feel he is safe.

Kulkarni. in his paper “Security Analysis and Implementation of 3 Level Security System Using Image Based Authentication (2013)”

-He also tell how the combination of both text based password and image based password and OTP will be very complex to break.

Mrs. D. shanmugapriya in “A survey of Biometric Keystroke Dynamics: Approaches, Security and Challenges (2009)”

- Show how different types of biometrics based passwords can be achieved.

LITERATURE SURVEY(contd..)Rohit Ashok Khot in his “paper MARASIM: A Novel Jigsaw

Based Authentication Scheme Using Tagging”, -shows that how the image based authentication will be very easy for the user.

Graphical Passwords: A Survey by Xiaoyuan Suo, -clearly shows us the various loop holes in the existing

graphical passwords. They have shown that most of the graphical passwords are easily attacked.

Nitisha Payal, in“JigCAPTCHA: An Advanced Image-BasedCAPTCHA Integrated with Jigsaw PiecePuzzle using AJAX” (2011)

-shows clearly how we should transfer the small pieces of images.

Mori, T. in their paper “Proposal of Movie CAPTCHA method using Amodel Completion”

-show how in any image based system we can avoid attacks from the bots.

Farnaz Towhidi in “A Survey on Recognition-Based Graphical User Authentication Algorithms(2009)”

-showed in detail how the Recognition based Graphical authentication are very easy for the users to use.

Saurabh Singh in their paper “Mouse Interaction based Authentication System by Classifying the Distance Travelled by the Mouse” (2011) told how a mouse interaction can be used as a authentication system

LITERATURE SURVEY(contd..)

22EXISTING SYSTEM

They are lot number of existing system based on media like text based, image based and sound based.

Some of the image based password faced lot of drawbacksResponse time is very high due to transfer

of images.They didn’t had biometrics due to which

faced many problems.Not able to reproduce what they have

drawn.Attacks like brute force , shoulder suffering

, and dictionary attacks

PROPOSED SYSTEM

In our proposed system the user needs to form the password by selecting the parts of the picture he needs to use.

Here the parts of the images are used for creating the password, so we would like to call them as Passimages.

He should remember the order in which he selects the Passimages and has to position them in the grid according to the One Time PIN (OTP) which appears on the screen during login.

PROPOSED SYSTEM(contd..)

Registration In our System.

Uploading the Image Selecting the order of PassimagesPositioning for getting the time

PROPOSED SYSTEM(contd..)Uploading the Image

The user needs to upload his private images. Reason is that it cannot be easily identified by bots or other attackers.

Then the image is Sliced into smaller parts in 3x3 fashion. So we will get 9 small images.

The reason for dividing is we are introducing amodel Completion. i.e., the user can remember the big part from small part.

PROPOSED SYSTEM(contd..)

Selecting the order of Passimages

After uploading the image the user is shown with the sliced images. Where he can know about the smaller images.

The he is requested to select any 6 images out of 9 possible images. During this he makes the order he wants to use

PROPOSED SYSTEM(contd..)

Positioning for getting the time

Then after selecting the user is requested to position the images according to the OTP displayed in the browser.

While the user is placing that time we will be capturing the time he places. We will find the total time and average time.

Total Time (Tt) = Sum of all time taken to place image.Average Time (At) = Total time / Number of Pieces of

slices to be placed

Number of slices to be placed can be from 6 to 4.

SECURITIES ADDRESS

In our authentication system we would mainly concentrate on Brute force, shoulder suffering, Key loggers and dictionary attacks.

Brute force AttackThere is no possibility for brute force attack because we are dragging the image and drop at the same time we are capturing the time taken to place the image.

Shoulder sufferingAttacker can see the image and can learn about the order. But he feels it difficult sometimes to order them so time taken will be very high.

SECURITIES ADDRESS(contd..)

Key loggers It is found that the key loggers or spywares are very difficult to design for multi level authentication and especially for Image based authentication.

Dictionary attacksSince private images used by the users there wont be any possibilities of dictionary attacks.

MODULES

In our proposed System we have developed the following modules.RegistrationLogin AuthenticationForget Password

MODULES(contd..)RegistrationThe user needs to give his mail ID, if it is not found

then he can start registration by giving his name and password he need.

Then he needs to upload the image.The Image will be uploaded and sliced and then

displayed.Then the user will choose his image order.After that he is displayed with OTP and then made to

place the images.

MODULES(contd..)Login Authentication

In the first stage the user needs to give his text based email ID and password.

Then he is displayed with OTP and sliced small images.Then he can position the images according to the OTP.

SCREEN SHOTS

SCREEN SHOTS(contd..)

SCREEN SHOTS(contd..)

SCREEN SHOTS(contd..)

COMPARISON

Easy to use Prefer Over Text password0

10

20

30

40

50

60

70

80

90

100

YesNo

Graph showing willingness of user

Own User Other user 1 Other user 2 Other user 3 Other user 40

1

2

3

4

5

6

7

Average Time taken to set password with other images

COMPARISON(contd..)

COMPARISON(contd..)

Own User Other user 1 Other user 2 Other user 3 Other user 40

1

2

3

4

5

6

Time to set Other user password

ADVANTAGES

It is easy to remember and identify different part of whole image

.Our system is multi factor authentication system.

Our system uses biometrics so it is difficult for any other to use.

No need of additional hardware for OTP’s

FUTURE WORK

In future we need to analyze any public image can be used as authentication.

We can make our working of the project complex in such a way that our algorithm can find different parts of the image and understand it and expand dynamically.

We need to find the way to increase the number of slice of the images, currently we are using 9 since it is standard. And we have only 0-9 in our keyboards.

CONCLUSION

We would like to conclude our proposed system is stronger when compared with other image based authentication systems.

Here our proposed system is completely based on user recall and reorganization ability.

We have strengthened our proposed system by adding the time taken ability of the drag by the user with the help of mouse.

Our system will be very useful in touch based monitors and can be use in mobile commerce / electronic commerce based website for conforming the purchase.

Our System looks like gamified which is additional advantage in corporate sectors where the trend is changing.

REFERENCESRohit Ashok Khot , Kannan Srinathan , Ponnurangam Kumaraguru ,

MARASIM: A Novel Jigsaw Based Authentication Scheme Using Tagging , In Proc. ACM CHI (2011), 2605-2614

Anand, S. ; Jain, P. ; Nitin ; Rastogi, R, Security Analysis and Implementation of 3-Level Security System Using Image Based Authentication In Proc of Computer Modelling and Simulation (UKSim), 2012 UKSim 14th International Conference, 547-553

Nitisha Payal, Nidhi Chaudhary, Parma Nand Astya JigCAPTCHA: An Advanced Image-BasedCAPTCHA Integrated with Jigsaw PiecePuzzle using AJAX, IJSCE Volume-2, Issue-5 (2012), 180-185

Mori, T. Uda, R. ; Kikuchi, M. ,Proposal of Movie CAPTCHA method using Amodel Completion , In Proc. Applications and the Internet (SAINT), 2012 IEEE/IPSJ 12th International Symposium, 11-18

Fabian Monrose,Michael K. Reiter,Susanne Wetzel, Password hardening based on keystroke dynamics, In Proc International Journal of Information Security February 2002, Volume 1, Issue 2, 69-83

Nasir Ahmad , Andrea Szymkowiak and Paul A. Campbell , Keystroke dynamics in the pre-touchscreen era In Proc Front. Hum. Neurosci. doi: 10.3389/fnhum.2013.00835 Dec (2013)

Adams, A., and Sasse, M. A. Users are not the enemy. Commun. ACM. 42,

12 (1999), 40-46. MORRIS, R., AND THOMPSON, K. Password security: a case history.

Commun. ACM 22, 11 (1979), 594–597. Collin Mulliner,Ravishankar Borgaonkar,Patrick Stewin, Jean-Pierre

Seifert,SMS-Based One-Time Passwords: Attacks and Defense.In Proc 10th International Conference, DIMVA 2013, Berlin, Germany, (2013), 150-159

REFERENCES(contd..)

Dhamija, R. Hash visualization in user authentication. In Ext. Abstracts CHI 2000, ACM Press (2000), 279-280.

Fabian Monrose ,Aviel D. Rubin ,Keystroke dynamics as a biometric for

authentication,In Proc.Future Generation Computer Systems - Special issue on security on the Web archive Volume 16 Issue 4,( 2000 )351 – 359

Cranor, L., and Garfinkel, S. Security and Usability: Designing Systems

that People can use. O’reilly Media, 2005. Arash Habibi Lashkari ,DR. ROSLI SALEH, SAMANEH FARMAND ,

FARNAZ TOWHIDI “A complete comparison on Pure and Cued Recall-Based Graphical User Authentication Algorithms ” In Proc. Second International Conference on Computer and Electrical Engineering (2009)

REFERENCES(contd..)

Farnaz Towhidi,Maslin Masrom “A Survey on Recognition-Based Graphical User Authentication Algorithms ” In Proc (IJCSIS) International Journal of Computer Science and Information Security, Vol. 6, No. 2, (2009 )

Mrs. D. Shanmugapriya , Dr. G. Padmavathi “A Survey of Biometric keystroke Dynamics: Approaches, Security and Challenges” In Proc International Journal of Computer Science and Information Security (2009)

Saurabh Singh , Dr. K.V.Arya, “Mouse Interaction based Authentication

System by Classifying the Distance Travelled by the Mouse” In proc International Journal of Computer Applications (2011)

Mudassar Raza, Muhammad Iqbal, Muhammad Sharif and Waqas Haider

“A Survey of Password Attacks and Comparative Analysis onMethods for Secure Authentication” In proc World Applied Sciences Journal 19( 2012)

REFERENCES(contd..)

THANK YOU