However, the fact that strong passwords being difficult to memorize often leads ....
named as Password and the 3D password field is recorded after you selecting.
ISSN: 2277-3754 ISO 9001:2008 Certified International Journal of Engineering and Innovative Technology (IJEIT) Volume 2, Issue 4, October 2012
Graphical Password Authentication Scheme Based On Color Image Gallery Sonkar S.K., Paikrao R.L., Awadesh Kumar hard to remember. Users have difficulty remembering a password that is long and random appearing. So, they create short, simple, and insecure passwords that are susceptible to attack. Textual-based password authentication scheme tend to be more vulnerable to attacks such as shoulder-surfing, hidden camera, spy ware attacks and key-loggers. Moreover, the alphanumeric characters and authentication methods based on passwords and PINs (knowledge-factor authenticators) hold several problems and still must rely on the limitation of human‟s capacity of recollection. Forcing the user to memorize different passwords or carrying around different tokens is another sensitivity of traditional methods. Smart cards or tokens can be stolen. On the other hand, many biometric authentications have been proposed; however, users tend to resist using biometrics because of their intrusiveness and the effect on their privacy. Moreover, biometrics cannot be revoked. To address this problem, some researchers have developed authentication methods that use pictures as passwords and introduced it as possible alternative solutions to textbased scheme. On the other hand, knowing that human beings are predominant visual creatures, many researchers have investigated or developed graphical password schemes recently. Graphical passwords have been designed to try to make passwords more memorable and easier for people to use, to create and, therefore, more usable and secure. Many available graphical passwords have a password space that is less than or equal to the textual password space. Using a graphical password, users click on images to authenticate themselves rather than type alphanumeric strings. This method has been categorized to recognition-based (image selection and click-based) and recall-based.. Usability and security should be considered simultaneously to achieve a good authentication system. Usability features are ease of use, ease to create, ease to memories, ease to learn and satisfaction of the overall system design and layout. User friendliness in both recognition and selection of passobjects from the given images, familiarization or a lengthy password setup process can be counted under usability. Common security attacks like brute-force search, spy ware, shoulder surfing, social engineering, and forgery. Problems like requiring a large image database, uneasy to repeat mouse clicking at the same position, as well as images being too simple to cause collisions on points selected for different users, storageefficient as all images are created when needed. Rather than optimizing the password space and the strength against brute force attacks because proposed graphical
Abstract:-Nowadays, user authentication is one of the important topics in information security. Text-based strong password scheme can provide security to a certain degree. However, the fact that strong passwords being difficult to memorize often leads their owners to write them down on papers or even save them in a computer file. Graphical authentication has been proposed as a possible alternative solution to text-based authentication, motivated particularly by the fact that humans can remember images better than text. Recently, many networks, computer system and Internet-based environments try using graphical authentication techniques as their user’s authentication. Here we are presenting Proposed scheme as Graphical password authentication Scheme based on Color Image Gallery which is very useful for Any computer related application such as web authentication, desktop &laptop logins, critical servers. Index Term User Authentication, Graphical Authentication, Graphical Password, Security.
User
I. INTRODUCTION User authentication is one of the important topics in information security to protect users‟ privacy. Computer security depends on trustworthy user authentication to a degree. There are many authentication schemes in the current state. Some of them are based on user‟s physical and behavioral properties, and some other are based on user‟s knowledge such as textual and graphical passwords. Moreover, there are some other important authentication models that are based on what you have, such as smart cards. Among the various authentication designs, textual password and token- based schemes, or the combination of both, are commonly applied. However, as it is explained in the following, both authentication patterns are vulnerable to certain attacks. Nowadays the most common computer authentication method to access to computer networks and systems is based on the use of alphanumerical usernames and passwords. Traditional strong password schemes could provide with certain degree of security; however, the fact that strong passwords being difficult to memorize often leads their owners to write them down on papers or even save them in a computer file. As a result, security becomes greatly compromised. Conventional passwords have been shown to have significant drawbacks. Users do not follow their requirements, for example; users tend to pick passwords that can be easily guessed (weak password) or choose meaningful words from dictionaries, which make textual passwords easy to break and vulnerable to dictionary or brute force attacks. On the other hand, if a password is hard to guess, then it is often
13
ISSN: 2277-3754 ISO 9001:2008 Certified International Journal of Engineering and Innovative Technology (IJEIT) Volume 2, Issue 4, October 2012 passwords are mostly vulnerable to shoulder-surfing presented by a server. Figure A shows the image selection overcoming this issue without adding any extra phase in our prototype. The type of images used has a complexity into the authentication procedure is strong influence on the security of the system. For researcher‟s goal these days. Simply adopting graphical example, if the system is based on photographs, it would password authentication also has some drawbacks be easy for users to pick predictable portfolios, to therefore some hybrid schemes based on graphic and text describe their portfolio images and to write down this were developed. Moreover, image based authentication information and share it with others. For this reason, they is considered as a promising alternative to traditional use Andrej Bauer‟s Random Art to generate random textual password for mobile devices, to achieve better abstract images. Given an initial seed, Random Art trade-off between usability and security. However, generates a random mathematical formula which defines previous proposals of graphical password have the the color value for each pixel on the image plane. The limitation of limited entropy. Achieving higher security image generation process is deterministic and the image with compromising user-friendliness for mobile depends only on the initial seed. It is therefore not application scenarios and obtaining a significant necessary to store the images pixel-by-pixel, since the improvement in terms of system security (both password image can be computed quickly from the seed. All images entropy and shoulder-surfing attacks) are important are hand-selected to ensure consistent quality.1 Figure 1 objectives. Furthermore, there are many authentication illustrates sample Random Art images. schemes that are currently under study and they may D. Training Phase:After the portfolio selection phase, next is short require additional time and effort to be applicable for training phase to improve the memorability of the commercial use. portfolio images. During training, the user points out the pictures in her portfolio from a challenge set containing II. USER STUDY USING IMAGES FOR decoy images. The selection and the training phase need AUTHENTICATION to occur in a secure environment, such that no other Rachna Dhamija and Adrian Perrig [5] have proposed person can see the image portfolio. system to improve the security of the systems that relies on recognition-based, rather than recall-based authentication. They examine the requirements of a recognition-based authentication system and propose Déjà vu techniques, which authenticates a user through their ability to recognize previously seen images. A Deja Vu:The aim of this system is to satisfy the following requirements: 1. The system should not rely on precise recall. Instead, it should be based on recognition, to make the authentication task more reliable and easier for the user. 2. The system should prevent users from choosing weak passwords. 3. The system should make it difficult to write passwords down and to share them with others. B. System Architecture:Author proposes Deja Vu as a system for user authentication. Deja Vu is based on the observation that people have an excellent memory for images. Using Deja Vu, the user creates an image portfolio, by selecting a subset of p images out of a set of sample images. To authenticate the user, the system presents a challenge set, consisting of n images. This challenge contains m images out of the portfolio. And remaining n-m images decoy images. To authenticate, the user must correctly identify the images which are part of her portfolio. Deja Vu has three phases: portfolio creation, training, and authentication. C. Portfolio Creation Phase:To set up a Deja Vu image portfolio, the user selects a specific number of images from a larger set of images
Fig 1: Examples of Random Art Images
E .Authentication Phase:A trusted server stores all portfolio images for each user. Since each image is derived directly from the seed, the server only needs to store the seed and not the entire image. In our prototype implementation, the seed is 8 bytes long, hence the storage overhead for each portfolio is small. For each authentication challenge, the server creates a challenge set, which consists of portfolio and decoy images. If the user correctly identifies all portfolio images, she is authenticated. In general, a weakness of this system is that the server needs to store the seeds of the portfolio images of each user in clear text. Tricks similar to the hashed passwords in the /etc/password file do not work in this case, because the server needs to present the portfolio to the user, hidden within the decoy images. For this reason, it assumes the server to be secure and trusted, similar to Kerberos.
14
ISSN: 2277-3754 ISO 9001:2008 Certified International Journal of Engineering and Innovative Technology (IJEIT) Volume 2, Issue 4, October 2012 Proposed scheme the confidential details are as Username, the text password field named as Password and the 3D password field is recorded after you selecting one of the environment and in that environment you are require to select random images of color as a 3DPassword. The Registration process is shown in Fig 3.
Fig 2: Portfolio Selection Window
III. SCOPE OF THE PROPOSED METHOD Applicable for remote and Internet users. Most biometric systems require a special scanning device to authenticate users, which is not applicable for remote and Internet users. Usual textual passwords when used on a network have to be secured when communicated through the network mounting up the additional cost of encryption & network security. Friendlier to users of all types-expert, layman etc. It can be very conveniently used by a layman i.e. a person with little technical knowledge & also at the same time by a highly qualified technologically aware person to provide additional security to his system. Recall-based and recognition-based. 3-D password scheme uses both recall-based & recognition-based techniques of authentication system & creates a complete password combining multiple steps as a part of a routine.
Fig 3: Registration
The next module is Login. In this module it Require to fill the necessary information such as Username, the recorded data field is it can be filled After user the selecting the environment and after that in that environment user is require to select the random color images that it select at the time of registration, if the selected color images at the login time is equal to the selected images at the time of registration then and then only the authentication is valid otherwise authentication is failed. The text password field indicates where user is require to give the text password .It also noted that the text password field is also very important because this filed is also checked in database i.e text password at the time of registration and the text password at the time of login. If the username, Recorded data, and the text password are matches with respect to Registration time and that the user entered at the login time then and then only the authentication is valid. The Login process is shown in fig. 4.
IV. OBJECTIVE The Proposed Scheme it contain Graphical Password authentication scheme based on Color image gallery. To develop 3-D Environment as a part of multifactor authentication system. To develop a hard to crack or guess password system keeping it very easy & interactive for the user at the same time. To construct 3-D password by observing the actions and interactions of the user and by observing the sequences of such actions. To provide authentication by comparing login input to the registration input. To provide a faster authentication even over a network despite supporting a huge database.
V. SYSTEM IMPLEMENTATION In this part, we will explain how the system is works. System is divided in to Registration module i.e user is require to register first of all. That is it requires filling all the necessary personal information such as full name, address, state, Telno. MobileNo. EmailID. And for as
Fig 4: Login
15
ISSN: 2277-3754 ISO 9001:2008 Certified International Journal of Engineering and Innovative Technology (IJEIT) Volume 2, Issue 4, October 2012 Third International Conference on Convergence and The Fig 5. Shows one of the environments for the Hybrid Information Technology authentication purpose for our proposed scheme i.e Graphical password authentication scheme based on color [4] ABDULLAH, M. D. H., ABDULLAH, A. H. B., ITHNIN, image gallery. N. & MAMMI, H. K., 2008, „Graphical password: User's affinity of choice-an analysis of picture attributes selection‟, International Symposium on Information Technology (ITSim). [5] OKA, M., KATO, K., YINGQING, X., LIN, L. & FANG, W., 2008, „Scribble-a-Secret: Similarity-based password authentication using sketches‟, 19th International Conference on Pattern Recognition (ICPR). [6] YAMPOLSKIY, R. V., 2007, „User Authentication via Behaviour Based Passwords‟, IEEE Long Island Systems, Applications and Technology Conference (LISAT). [7] LIN, P.-L., WENG, L.-T. & HUANG, P.-W., 2008, „Graphical Passwords Using Images with Random Tracks of Geometric Shapes‟, Congress on Image and Signal Processing (CISP). [8] HAFIZ, M. D., ABDULLAH, A. H., ITHNIN, N. & MAMMI, H. K., 2008, „Towards Identifying Usability and Security Features of Graphical Password in Knowledge Based Authentication Technique‟, Second Asia International Conference on Modeling & Simulation (AICMS).
Fig 5: Sample Environment
User is require to select random image color blocks at the time of registration. It means suppose that user has selected first colored image block as Red, Second colored image block as Black and Third colored image block as Yellow. Then while at the time of login the user is require performing the same i.e. user „s first action is selecting the colored image block as Red then second action is selecting the Black colored block and third action is selecting the Yellow colored block, then and then only the authentication is valid. Here user having the choice to select minimum one colored image block and maximum N colored image block. Then the number of possibility to selecting the image block will be N.
[9] HAICHANG, G., XUEWU, G., XIAOPING, C., LIMING, W. & XIYANG, L., 2008, „YAGP: Yet Another Graphical Password Strategy‟, Annual Computer Security Applications Conference. [10] HUANYU, Z. & XIAOLIN, L., 2007, „S3PAS: A Scalable Shoulder-Surfing Resistant Textual-Graphical Password Authentication Scheme‟, 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW). [11] ALSULAIMAN, F. A. & SADDIK, A. E., 2006, „A Novel 3D Graphical Password Schema‟, Proceedings of 2006 IEEE International Conference on Virtual Environments, Human-Computer Interfaces and Measurement Systems.
IV. CONCLUSION In the proposed scheme i.e .Graphical Password Authentication Scheme based on color image gallery here the user having the choice to select minimum one and maximum N number of color image block, therefore the user is having the flexibility to select the any kind of password i.e. sequence of selecting images from gallery. Security is achieved because only legal user is known that what kind of color image block selected and in what sequence.
[12] Rachna, Dhameja., Adrian perrig” Deja Vu: A User Study Using Images for Authentication “ https://sparrow.ece.cmu.edu/group/pub/old pubs/usenix.pdf
AUTHOR’S PROFILE Prof.S.K.Sonkar: Currently working As Assistant professor in computer engineering dept. in Amrutvahini College of engineering Sangamner. Prof.R.L.Paikrao. Currently working As Head & Assistant professor in computer engineering dept in Amrutvahini College of engineering Sangamner.
REFERENCES [1] ALSULAIMAN, F. A. & EL SADDIK, A., 2008, „ThreeDimensional Password for More Secure Authentication‟, IEEE Transactions on Instrumentation and Measurement, vol.57, pp.1929-1938.
Prof.Awadesh Kumar: Currently working As Assistant professor in computer engineering dept in Amrutvahini College of engineering Sangamner.
[2] ELJETLAWI, A. M. & ITHNIN, N., 2008, „Graphical Password: Prototype Usability Survey‟, International Conference on Advanced Computer Theory and Engineering (ICACTE). [3] ELJETLAWI, A. M. & ITHNIN, N., 2008, „Graphical Password: Comprehensive Study of the Usability Features of the Recognition Base Graphical Password Methods‟,
16
