International Journal of Emerging Technology in Computer Science & Electronics (IJETCSE) ISSN: Volume 14 Issue 2 APRIL 2015

Transcription

1 Persuasive Cued Click Point Authentication Mechanism with Sound Signature MOUNESHWAR KANAMADI 1,AMIT SAWANT 2,JAMDADE MARUTI 3,4 MEGHARANI BAMBUGADE, 5 ROKADE KOMAL 1 Department of CSE, Ashokrao Mane Group of Institutions, Vathar, Kolhapur, India. 2 Department of CSE, Ashokrao Mane Group of Institutions, Vathar, Kolhapur, India. 3 Department of CSE, Ashokrao Mane Group of Institutions, Vathar, Kolhapur, India. 4 Department of CSE, Ashokrao Mane Group of Institutions, Vathar, Kolhapur, India. 5 Department of CSE, Ashokrao Mane Group of Institutions, Vathar, Kolhapur, India. 1 mounesh2a@gmail.com, 2 amit.sawant1110@gmail.com, 3 jamdademaruti13@gmail.com, 4 mbambugade002@gmail.com, 5 rokadekomal17@gmail.com. ABSTRACT The main problems of knowledge-based authentication, usually text-based passwords, are well known to us. Users tend to choose memorable passwords that are easy for attackers to guess, but strong system assigned passwords are difficult for users to remember. This paper focuses on the integrated evaluation of the Persuasive Cued Click Points graphical password authentication mechanism, which includes usability and security. An important goal for this authentication system is to support users in selecting strong passwords, thus increasing security.we were proposed the work to examine usability of cued click point using supportive sound signature with respect to CCP of each image. In this system a password consists of sequence of some (e.g. images=5) images in which user can select one clickpoint per images, we use sound signature. We suggest that the CCP provides greater security than pass points because number of images increases the workload for attackers. Users preferred CCP to Pass Points, saying that selecting and remembering only one point per image was easier and sound signature helps considerably in recalling the click points. The system shows very good Performance in terms of speed, accuracy, and easy to use. This paper focuses on the integrated evaluation of the Persuasive Cued Click Points graphical password authentication mechanism with sound signature, which includes usability and security. Keywords Cued Click Point, Sound Signature, Graphical Password, Authentication, Pass point 1. INTRODUCTION Authentication plays a major role in Digital environment. In this environment we have different methods which generally use alphanumeric characters and special characters for password creation. These methods have some problems like hard to remember password because it has no meaning and easily breakable by third parties or attackers. To address these issues, some of the researchers suggested many techniques for authentication and reveals graphical password method which is best one in terms of cost and usage. Basically, Graphical passwords use images for password creation and it has some demerits like hotspot and shoulder surfing problem. There are many things that are well known about passwords; such as that user can t remember strong password and that the passwords they can remember are easy to guess. A password authentication system should encourage strong and less predictable passwords while maintaining memorability and security. This password authentication system allows user choice while influencing users towards stronger passwords. The task of selecting weak passwords (which are easy for attackers to guess) is more tedious, avoids users from making such choices. In effect, this authentication schemes makes choosing a more secure password. Rather than increasing the burden on users, it is easier to follow the system s suggestions for a secure password a feature absent in most schemes. Passwords are used for (a) Authentication (Establishes that the user is who they say they are). (b) Authorization (The process used to decide if the Authenticated person is allowed to access specific Information or functions) and (c) Access Control (Restriction of accessincludes Authentication & authorization). Why Graphical Passwords? Access to computer systems is most often based on the use of alphanumeric passwords. Though, users have difficulty remembering a password that is long and random-appearing. Instead, they create short, simple, and insecure passwords. Graphical passwords have been designed to try to make passwords more memorable and easier for people to use and, therefore, more secure. Using a graphical password, users click on images rather than type alphanumeric characters. Graphical password systems are a type of knowledge-based authentication that attempts to leverage the human memory for visual information. A complete review of graphical passwords is available elsewhere. Of interest herein are cued-recall clickbased graphical passwords (also known as loci metric). In such systems, users identify and target 860

2 previously selected locations within one or more images. The images act as memory cues to aid recall. Example systems include Pass Points and Cued Click- Points (CCP). The Persuasive Cued Click-Points graphical password scheme, including usability and security evaluations, and implementation considerations. Cued click points which provides more usability and security than pass-points method. Here user can select one click point for one image up to one to n levels. In login phase user should follow the order and select the click point within the tolerance area. The main objectives of the project are to increase the remembrance of password and provide more security and provide highly reliable system. A pass-points technique which helps to achieve usability by reducing the problem of memorable passwords over text based passwords method. Here user needs to select five click points on the image for registration. For authentication user needs to select five click points in the tolerance area in the same order. But it fails in the case of hotspot problem.. In this project, provide the alternative to the text-based or pass-point passwords in which users click one point on each of images rather than on different points on one image. This offers cued-recall and introduces visual cues that instantly alert valid users, if they have made a mistake when entering their latest click-point at which point they can cancel their attempt and retry from the beginning. 2 RELATED WORK 1. Graphical Password Authentication Using Cued Click Points. Author-Sonia Chiasson We propose and examine the usability and security of Cued Click Points (CCP), a cued-recall graphical password technique. Users click on one point per image for a sequence of images. The next image is based on the previous click-point. The proposed Cued Click Points scheme shows promise as a usable and memorable authentication mechanism. By taking advantage of users ability to recognize images and the memory trigger associated with seeing a new image, CCP has advantages over Pass Points in terms of usability. 2. Persuasive Cued Click-Points: Design, Implementation, and Evaluation of a Knowledge-Based Authentication Mechanism Author-Sonia Chiasson. This paper presents an integrated evaluation of the Persuasive Cued Click-Points graphical password scheme, including usability and security evaluations, and implementation considerations. In PCCP, creating a less guessable password (by selecting a click-point within the first few systemsuggested viewport positions) is the easiest course of action. Users still make a choice but are constrained in their selection. 3. Graphical User Authentication: A Time Interval Based Approach. Author: - Mohammad Sarosh Umar, Mohammad QasimRafiq and Juned Ahmad Ansari. In this paper they have proposed a graphical method of authentication that employs graphical coordinates along with a novel introduction of time interval between successive clicks. A novel Graphical Password scheme is proposed in this paper which tries to meet the criteria of ease of use and the security at the same time. The scheme has a large password space and the simple implementation makes it easy for the user to create her password and memorize it too. EXISTING SYSTEM: In the existing system, a user clicks on several previously chosen locations in a single image to log in. The user chooses several predefined regions in an image as his or her password. To log in the user has to click on the same regions in effect, cued click points (ccp) is a proposed alternative to pass points. Among existing graphical passwords, CCP most closely resembles aspects of Pass faces, Pass Points. Therefore these graphical password schemes are presented in more detail. Conceptually, CCP is a blend of the three; in terms of implementation, it is most similar to Pass Points. It also avoids the complex user training requirements found in a number of graphical password proposals. Pass faces is a graphical password scheme based primarily on recognizing human faces. During password creation, users select a number of images from a larger set. To log in, users must identify their pre-selected points on each image from amongst several decoys. Users must correctly respond to a number of these challenges for each login. DRAWBACKS IN THE EXISTING SYSTEM: It seems obvious that some areas of an image are more attractive to users as click-points. If this phenomenon is too strong, the likelihood that attackers can guess a password significantly increases. If attackers learn which images are being used, they can select a set of likely hotspots through image processing tools or by observing a small set of users on the target image and then building an attack dictionary based on those points. So it required to improve this system 3 PROPOSED SYSTEM In CCP, users click one point on each 5 images rather than on five points on one image. It offers cued recall with sound signature to assure that the point chosen on image is correct and user must authorized to use the application or upload or download or they may access the recourses and if the chosen points are incorrect then login fails as well as user required to take another login trial means user may get indication 861

3 of authentication failure only after the final click It also makes attacks based on hotspot analysis more challenging. To develop a system that is alternative to the text-based or pass-point passwords that offers cued-recall. The system also provides more challenging for attacks based on hotspot analysis. This increases the security by using the sound signature. Proposed system which Increase the remembrance of password. Provide more security. Provide high reliability system. System is secure and user friendly. 4 SYSTEM IMPLIMENTATION The implementation includes different functions and also consist list of modules. Following are the modules: User Registration Module Picture Selection Module Login Module Some functions and Servlets used for the system implementation. Public void service(servletrequestreq,servletresponse res) dispatches the request to the protected service method by converting the request and response object into http type. service(httpservletrequestreq, HttpServletResponse res) receives the request from the service method, and dispatches the request to the doxxx() method depending on the incoming http request type. doget(httpservletrequestreq, GET dopost(httpservletrequestreq, POST dohead(httpservletrequestreq, HEAD dooptions(httpservletrequestreq, OPTIONS request. It is invoked by the web doput(httpservletrequestreq, PUT dotrace(httpservletrequestreq, TRACE request. It is invoked by the web dodelete(httpservletrequestreq, DELETE request. It is invoked by the web AuthenticateAndServeNextImage: This servlet is used for authentication of first image and displaying the next image. FileUploadServlet: This servlet is used for upload the user defined images. LoginServlet: LogoutSevlet: LoginServlet is used for login to the system. LogoutSevlet is used for log out from the session. SelectImages: This Servlet is used for selecting the images either user defined or system defined. SendSMS: SendSMS servlet is used for sending the message of One Time Password (OTP) to the user. 5.TESTING The system should be tested experimentally with test data so as to ensure that the system works according to the required specification. When the system is found working, test it with actual data and check performance. Software testing is a critical element of software quality assurance and represents the ultimate review of specification, design and coding. Need for Testing: Testing was essential for the following reasons:- Existence of program defects of inadequacies The software behavior as intended by its designer. 862

4 Conformance with requirement specification/user needs. Assess the operational reliability of the system. Reflect the frequency of actual user inputs. Find the fault, which caused the output anomaly. Checks for detect flaws and deficiencies in the requirements. Check whether the software is operationally useful. Exercise the program using data like the real data processed by the program About Click-Points: Black Box Testing: In black box testing the structure of the program is not considered. Test cases are decided on the basis of requirement or specification of program or module, and the internal of the module or the program are not considered for selection of test cases. Generally in black box testing the tester only knows the input that can be given to system and what output should system give. So in other word we can say that on the basis of deciding test cases in functional testing are the requirements or specification of the system or module. This type of testing is known as functional testing or behavioral testing. In black box testing there are no prices rules or criteria for generating test cases, but there are some techniques that can be used to select the test cases. The equivalence class partitioning technique is suitable for the selecting test cases in the project:- We are using very simple and natural approach is to divide the input domain into set of equivalence classes so that if program works correctly for a value then it correctly work for all other value in that class. If we do this value in each class this is an exhaustive testing. Tolerance level is manually set into code (eg. +5,-5) so if the wrong points are selected then wrong sound will play which can t stop and authenticate the further application. If user name is wrongly inserted at login time then images can t fetch. Data is inserted into the database and moving towards the login page when registration process is complete successfully. Registration Form: Image Selection: 1.System Defined: 2.User Defined: RESULTS AND SNAPSHOTS Index Page: 863

5 CONCLUSION Login: The proposed Cued Click Points scheme shows promise as a usable and memorable authentication mechanism. By taking advantage of users ability to recognize images and the memory trigger associated with seeing a new image, with the sound signature chosen by them CCP has advantages over Pass Points in terms of usability. Being cued as each images shown and having to remember only one click-point per image appears easier than having to remember an ordered series of clicks on one image. CCP offers a more secure alternative to Pass Points. CCP increases the workload for attackers by forcing them to first acquire image sets for each user, and then conduct hotspot analysis on each of these images. FUTURE SCOPE Reset Password: In future we can provide the feature of asking from the user to enter their number of click points for their authentication system. We can provide the difficulty levels easy, medium, hard for this password authentication system. In future systems other patterns may be change for authentication and it may depends on graphical objects which is very easy to recall rather than text based password. REFERENCES Websites Referred: OTP page: Saved Results: TECHNICAL PAPERS: clickpoints. [1] S. Chiasson, A. Forget, R. Biddle, and P. van Oorschot, Influencing Users towards Better Passwords: Persuasive Cued Click-Points, Proc. British HCI Group Ann. Conf. People and Computers: Culture, Creativity, Interaction, Sept [2] S. Chiasson, A. Forget, E. Stobert, P. van Oorschot, and R. Biddle, Multiple Password Interference in Text and Click-Based Graphical Passwords, Proc. ACM Conf. Computer and Comm. Security (CCS), Nov [3] E. Stobert, A. Forget, S. Chiasson, P. van Oorschot, and R. Biddle, Exploring Usability Effects of Increasing Security in Click-Based Graphical Passwords, Proc. Ann. Computer Security Applications Conf. (ACSAC), [4] Susan Wiedenbeck, Jim Watersa, Jean-Camille Birget, AlexBrodskiy, NasirMemon, PassPoints: Design and longitudinalevaluation of a graphical password system, Int. J. Human-ComputerStudies 63 (2005) CONCLUSION AND FUTURE SCOPE 864