International Journal of Pure and Applied Mathematics Volume 119 No. 12 2018, 14727-14736 ISSN: 1314-3395 (on-line version) url: http://www.ijpam.eu Special Issue
ijpam.eu
Advancement in Graphical Passwords by Pattern Based System for Authentication 1
T. Tejaswi, 2Gandharba Swain, 3S.K. Naseem and 4M. Ganesh 1
Department of Computer Science and Engineering, Koneru Lakshmaiah Education Foundation, Vaddeswaram, Andhra Pradesh, India.
[email protected]
2
Department of Computer Science and Engineering, Koneru Lakshmaiah Education Foundation, Vaddeswaram, Andhra Pradesh, India.
[email protected]
3
Department of Computer Science and Engineering, Koneru Lakshmaiah Education Foundation, Vaddeswaram, Andhra Pradesh, India.
[email protected]
4
Department of Computer Science and Engineering, Koneru Lakshmaiah Education Foundation, Vaddeswaram, Andhra Pradesh, India.
[email protected]
Abstract Attacks to text based passwords are very easy because intruder can hack by repeated attempts. Even token based passwords are vulnerable to attacks. So, in this paper we proposed a graphical password for authentication in which there is no text based passwords. As per this technique user should sing up with their graphical password by selecting the pattern as they wish. User will log in every time with that pattern. The main advantage of this paper is password can’t be stolen by any one. Keywords:
Security
services,
14727
User
authentication,
Text-based
International Journal of Pure and Applied Mathematics
passwords, Biometric systems, Graphical passwords.
1. Introduction Internet and data transmission are playing an important role in our day to day life. Every day we are exchanging so much of information through the internet. So providing security for the information is one of the issues now-a-days. In order to do that for security of internet and network security we basically follow principles namely Confidentiality, Integrity and Availability [1]. Confidentiality assures that private or confidential information is not made available to unauthorized individuals. Integrity assures that information and programs are changed only in a specified and authorized manner. Availability assures that system work promptly and service is not denied to authorize users. Existing cryptography is not providing security in all aspects. Short length passwords are not more secure and long length passwords are difficult to memorize. There are so many disadvantages with the text based passwords like stolen of password, forgetting the password, and weak password. But we need to secure our applications so study of graphical passwords came in to the existence.
2. Related Work Graphical passwords are two types, (i) recall-based techniques, (ii) recognition based techniques, and (iii) cued-based techniques [2]. The recall-based technique will not provide any clue. The users simply recall what the password is and he/she needs to enter it when required. The passwords produced in this type of technique are hard to crack and difficult for user to reproduce. Some of the developed examples include Pass doodle. The below example in Fig.1is a pass doodle in which we have to draw pattern on touch screen based. In recognition-based passwords the user is provided to choose the pictures, or icons or symbols from the set of pictures, shown in Fig.2. It is easy to remember and use for long time. In these types the users need to click on the pictures which will have faces or the shapes or objects like animals [3]. In some type of passwords the users need to choose the objects by continuous dragging. In this type of graphical passwords the tendency of cracking the password is high because the attackers can easily guess the password.
14728
Special Issue
International Journal of Pure and Applied Mathematics
Fig1: recall based technique
Fig 2: recognition-based technique In Cued-based techniques, the user is provided with the hints for the authentication passwords in order to recall the password that the user kept for the authentication. For example pass point etc. is a cued recall based technique [4]. The Fig.3 is the cued based authentication technique.
Fig 3: cued based technique The attacker may attack the data. The security attacks are classified into two types. They are passive attacks and active attacks.Passive attack means unauthorized reading of message of a file. A passive attacker attempts to make use of information from the system but doesn’t affect the system. The goal of the opponent is to obtain information that is being transmitted. The emphasis of dealing with passive attacks is on prevention rather than detection [5]. Passive attacks don’t involve any alteration of the data. So, these types of attacks are very difficult to detect and the sender or the receiver will not be able to know that the opponent is reading the data. There are two types of passive attacks. They are Release of message contents and Traffic Analysis. Release of Message content means the attacker will be able to read the data of the user. The user will not know that the attacker is reading the data [6]. We would like to prevent opponent from learning the contents of these information. Traffic Analysis means the opponent will observe pattern of message from sender to the receiver.
14729
Special Issue
International Journal of Pure and Applied Mathematics
Active attack means modification of message or files and denial of service. An active attacker attempts to alter system resources or affect their operation. There are four types of active attacks [7]. They are Masquerade attack, Replay attack, Modification of message attack, Denial of service attack.Masquerade attack means the opponent will send the messages whatever she/he wants to send to the receiver without knowing about the sender message.Replay attack [8] means the opponent will send the message to the receiver instead of the sender. In order, to avoid these types of attacks the message from the sender is to be encrypted such that the opponent can’t modify the data or the message. Modification of message [9] simply means some portion of message is altered to produce an unauthorized effect. In order to avoid this type of attack the message from the sender to the receiver must be encrypted so that the opponent can’t modify the data. There are many encryption algorithms we have in order to encrypt the data. Some encryption algorithms are of mono alphabetic type and some other encryption algorithms are of poly alphabetic type. Mono alphabetic encryption algorithm [10] means single letter form the message is encrypted. Poly alphabetic encryption algorithm means two letters from the message are encrypted. Some of the mono alphabetic convention algorithms are Affine cipher, Substitution cipher and some of the poly alphabetic convention algorithms are Vigner cipher, Hill cipher, Permutation cipher [11].Denial of service attack [1] means it prevents the normal use of communication facilities. There is another type of service denial it is the disruption of entire network that is the whole network is disrupted by the opponent and so it causes the prevention of communication. Active attacks represent the opposite characteristics of passive attacks whereas passive attacks are difficult to detect, measures are available to prevent their success. On the other hand it is difficult to prevent active attacks because of wide variety of software and network vulnerabilities. Pattern formation is a novel authentication system which is based on Recall based method. In our proposed system we introduced a new and unique way of user authentication. It is done through single factor authentication system. Registration is a one-time process. It mainly has two stages and each have sub stages.
3. Proposed Technique There are two modules of the proposed technique, (i) User authentication and (ii) User login. The user authentication process is described as follows. Step 1: The system will provide the input fields for entering the email, username and password as shown in Fig.4.
14730
Special Issue
International Journal of Pure and Applied Mathematics
Special Issue
Step 2: Theusername provided by the user should be unique and password should be digits ranging from 2 to 6.The digits entered in the password field should not contain duplicates. Step 3: The user should select an option provided in the drop down for the pattern series. The pattern can be changed for every time when the user wants to log in. Step 4: After successfully entering data in all the fields the user needs to submit to the system. The data will be stored in the data base and will be used every time when the user is logging into the application. Email
User
Userna me
Data Base
Passwor d
Fig.4: user authentication After user authentication is over user log in process starts. The user log in process is described below. Step 1: System provides an email text field where user needs to enter the email address which he has given in the signup page.
14731
International Journal of Pure and Applied Mathematics
Special Issue
Start
Username Field No Select Pattern
Is Validate Security??
No Pattern Matches
Forgot Password
Yes Yes Create new password
Login
Fig. 5: user login flowchart Step 2: Then system checks that email in the database. If it is correct it provides the pattern field based upon how he filled in signup page, otherwise it shows the message “email doesn’t exist”. Step 3: If the user gets the pattern field he/she need to enter it. If it is the correct user, then can use the system. The flow chart for user authentication is show below in Fig.5 Step 4: If he forgets the pattern a label named forgot pattern is provided where he/ she can change the pattern and then use the system.
4. Result & Discussion For any authentication system we need to consider both usability and security. In our system usability is given the less priority because we concentrated more on the security. In general for usability, essential elements to measure and report include time to create a password and time to login. Since the hardware of the laptops or computers is not to that extend, so drawing a pattern with finger is not up to the mark. But instead the mouse interaction by the user is there which involves some difficulties as he/she needs to drag in the specified area.The proposed system is more secure than the existing system for data transmission.
14732
International Journal of Pure and Applied Mathematics
Log in by text based passwords is avoided in this proposed system such that sharing of passwords is avoided as if the graphical passwords can’t be shared easily. These graphical passwords will prevent brute force attacks and also prevents the automated attack by the bots. This proposed technique will add one more layer of security to the existing system and hence makes the system more secure than the text based passwords. As there is more scope of touch screen systems this graphical passwords provide more security than that of any other password authentication technique.The sign up page for the proposed authentication system is shown in Fig.6
Fig6: example of user sign up page
Fig 7: user login page Generally this system is used by the people in their mobiles. By considering the present day technologies to human’s life we thought that in future there may be a chance of laptops with touched screen will going to use by the people. It is easy to draw the pattern if the user is having touch screen instead of normal
14733
Special Issue
International Journal of Pure and Applied Mathematics
screen. We can also implement it for normal screens where user needs his mouse to draw the pattern. We just want to integrate with existing web based applications. After sign up the authentication for the application is shown in Fig.7
5. Conclusion In this paper we have proposed a simple but effective pattern based authentication system which belongs to the recall technique of graphical passwords of the user. This system is easy to implement and it also provides a lot of security instead of usability.In future, these graphical based passwords may be extended to introduce the other services such as integrity and nonrepudiation to build a complete and secure data transmission over a network. As there is more scope of touch screen systems this graphical passwords provide more security than that of any other password authentication techniques.
References [1]
W.Stallings, “Network Essentials Applications and Standards”, 4th edition, Pearson publication,2011.
[2]
N.T.Ambade, A.Dixit ,“Graphical Passwords Authentication: A Survey”,International Journal of Computer Science and Mobile Computing, vol. 4, no. 2,pp. 247-254,2015.
[3]
F.Monrose, M.K. Reiter, S.Wetzel, “Password hardening based on keystroke dynamics”, International Journal of Information Security,vol . 1, no.2, pp: 69-83,2002.
[4]
M..K. Rao, Ch. V.Pravallika, G.Priyanka , M.Kumar, ”A ShoulderSurfing Resistant Graphical Password Authentication Scheme”, Institute of Electrical and Electronics Engineer, vol. 15, no. 2, pp. 105-112, 2016.
[5]
S.M. Udhayasankar , V.V.Chamundeeswari,”JIGSPASSZLE: A Novel Jigsaw Based Password System Using Mouse Drag Dynamics", Middle-East Journal of Scientific Research vol.21, no.11, pp: 2039-2051,2014.
[6]
S.Saurabh , K.V. Arya, “Mouse Interaction based Authentication System by Classifying the Distance Travelled by the Mouse”, International Journal of Computer Applications, vol.17, no.1, pp:45-48, 2011.
[7]
S. Chiasson, A. Forget, R. Biddle, P. C. V.Oorschot,“Inuencing users towards better passwords: Persuasive Cued Click-Points”. In Human Computer Interaction , The British Computer Society,vol.1,pp. 121-130,2008.
14734
Special Issue
International Journal of Pure and Applied Mathematics
[8]
R.Muller, R.S.Reillo, “An Approach to Biometric Identity Management Using Low-Cost Equipment”. Fifth International Conference on Intelligent Information Hiding and Multimedia Signal Processing, pp.1096-1100, 2009.
[9]
M.A. Anusuya, S.K.Katti, “Speech recognition by machine: A Review”, International Journal of Computer Science & Information Security,vol.6, no.3, pp:181-205, 2009.
[10]
L.Lamport,“Password Authentication with Insecure Communication. Technical Note”. Communication of the Association for Computing Machinery, vol. 2, no. 2,pp: 770-773, 1989.
[11]
S. M. Bellovin ,M. Merritt,“Encrypted key exchange: Password based protocols secure against dictionary attacks”. In IEEE Symposium on Research in Security and Privacy, vol. 3, no. 3, pp: 1-13, 1992.
14735
Special Issue
14736
