Volume 04, No. 03, Mar 2018
P
age
1
Password Authentication by graphical And Keylogging-Resistant
Visual System
Niul Panvalkar*, Sushil Patel**, Shubham Mohture***, &
Shubham Patel****
*,**,***&****Department of Computer Engineering, Sinhgad Institute of Technology and Science, Pune
ABSTRACT
Graphical authentication password system is one of the alternative solution to Alpha numeric password system as it is prone to easy hacks by many attacks used by miscreants. A user friendly interface to set password according to choice help to remember more efficiently. One of the major benefits of this method is according to psychological studies human mind has 50% more chances to retain images than alphabets or digits. To enhance the cyber security we are proposing graphical password authentication system. The algorithm proposed allows the user to select his/her own images to set as password for accessing a particular account. By this paper we are trying to give set of images on the basis of alphabet series position of characters in username. Finally cloud is provided with this graphical password authentication. We verify that our protocols are much strong and can with stand to many of the challenging authentication attacks. Our main focus is to highlight the potential of our approach for real-world deployment: whether we can achieve a high level of usability with satisfactory and acceptable results.
GENERAL TERMS: Cyber-security , virtual keypad.
KEYWORDS: Pass Matrix, Fisher-Yates Shuffle, Shoulder surfing, Smudge attack ,
Dictionary attack, Brute force.
1. INTRODUCTION
Now a days, due to advancements in technology, it is easier to hack into various kinds of computer systems. We live in era marked by technological advancements. Due to this, people have started using net banking and other critical services on their mobiles, tablets, etc. Because of this , they are exposed to environments where adversaries can steal their passwords by using various methods. Cyber-security is not a recent topic. In fact, there have been many researches and many techniques have been implemented to achieve security. But, still many people face problem pertaining to cyber thefts. We try to tackle and eventually eliminate issues such as shoulder surfing, smudge attack, dictionary attack and brute force attack. The graphical password works by having the user select from images, in a specific order, presented graphical user interface. For this reason it is also called as Graphical user authentication (GUA). It can be categorized in two ways
Recall Based Techniques
Volume 04, No. 03, Mar 2018
P
age
2
Recognition Based Techniques
A user is presented with a set of images and the user passes the authentication by recognizing and identifying the images selected during the registration stage.
The further sections of the paper are structured as — Existing Methodologies, Proposed System, Acknowledgement, Conclusion and References.
2. EXISTING METHODOLOGIES
The existing methodologies include screen lock and OTP (one-time password) among other things. The problem with screen lock is that the pattern we draw to unlock the file leaves a smudge on the screen and the adversary can just trace the smudge to unlock the file while we are not around the phone.
One time password is valid for fifteen minutes. It also has a specific range of passwords. Basically, the password space is small in size. That’s why, it could be cracked within some minutes.[2] In many cases, the adversary could just peek over our shoulder and get the password.
2.1 Attack Models:
2.1.1 Brute Force Attack: It is a cryptanalytic attack in which exhaustive key search is done. Here every possible option is taken into consideration to break the password until the correct one is found. The password space of text based passwords is 94^N, where N is the length of password and 94 is the number of printable characters excluding ―space‖[7]. The probability of success using this attack is more in textual passwords than graphical passwords because in graphical passwords it is difficult to track every movement of the mouse or input device.
2.1.2 Dictionary Attack: In this attack an exhaustive list of words example dictionary is used to break password. This dictionary consists of words which are most likely chosen by the user as passwords. Unlike brute force attack, dictionary attack uses a systematic key search to crack passwords, that considers only those possibilities which are most likely to succeed, but it cannot crack the password every time as in brute force attack.[7]
2.1.3 Spyware Attack: In this type of attack software gets installed on the user’s computer which starts recording each and every keys pressed by the user without user’s knowledge. Spyware is not effective for cracking Graphical password because it considers only key pressing and mouse clicking events which may not be same all the time. [7]
2.1.4 Shoulder surfing Attack: As the name suggests, sometimes it is possible to find out the password of user by looking over the person’s shoulder. This attack mostly occurs in crowded area where people are unaware of the people standing around him. Also some places like ATMs have cameras fitted inside. They can also record the PIN numbers of the user who is using the ATM machine. [8]
3. PROPOSED SYSTEM
Volume 04, No. 03, Mar 2018
P
age
3
virtual keypad on to the actual keypad of the mobile or PC. Also, the virtual keypad will be blurred so that it will not be partially visible to the surrounding people.
In the image based system, the user will be provided with a set of images when he/she signs up. The user can also upload photos from his/her own device. After that, the images will be shuffled by the shuffling algorithm mentioned above. In this case , each image will be divided into a number of boxes , that is , a 7*11 matrix. This is called a Pass matrix. Now , these boxes will be shuffled . The image will remain the same , just the row and column value will be shuffled.
In both the cases , the foundation algorithm used will be Fisher-Yates Shuffle.
The following types of research problems we are looking forward to minimize in these system:
1) The problem of how to increase the password space than that of the existing traditional systems.
2) The problem of requiring user to memorize extra information and the extra computing.
3) The problem of limited usability of authentication schemes that has limited device capability.
Volume 04, No. 03, Mar 2018
P
age
4
Figure 1: Proposed System
As you can see from the flowchart, when the user signs up , he should provide his personal information. This information will be stored in a database. After that , every time the user logs in the respective set of images of which few will be the images he chose when he signed up will be provided.
Volume 04, No. 03, Mar 2018
P
age
5
4. CONCLUSION
With the increasing trend of apps and other web services the user is accessing it from anywhere and anytime with the different devices. In order to secure the devices authentication is always required when the try to access the services. Engaging in authentication in public can lead to different potential attacks as shoulder surfing. Textual passwords can be seen easily as the user has to type the whole password from the keyboard and the current authentication systems are still immature in some aspects.
To overcome this problem, we proposed the system which aims to eliminate some major kinds of attacks:
1. Shoulder surfing attack 2. Smudge attack
3. Dictionary attack 4. Brute force attack
Graphical passwords are perfect alternative to the textual passwords. It satisfies both conflicting requirement i.e.
It is easy to remember and it is hard to guess. By the solution of the dictionary attack and shoulder surfing attacks it becomes more powerful and secured password scheme.
This system can be used for security in banking and other important services where security is critical.
5. ACKNOWLEDGEMENT
This research was carried out under keen guidance of Prof. Vikas Patil.
6. REFERENCES
i. Hung-Min Sun ,Shiuan-Tung Chen ,Jyh-Haw Yeh ;,Chia-Yun Cheng, ―A Shoulder Surfing Resistant Graphical Authentication System‖, 2015 IEEE
ii. S. Sood, A. Sarje, and K. Singh, ―Cryptanalysis of password authentication schemes: Current status and key issues,‖ in Methods and Models in Computer Science, 2009. ICM2CS 2009. Proceeding of International Conference on, Dec 2009, pp. 1–7.
iii. S. Gurav, L. Gawade, P. Rane, and N. Khochare, ―Graphical password authentication: Cloud securing scheme,‖ in Electronic Systems, Signal Processing and Computing Technologies (ICESC), 2014 International Conference on, Jan 2014, pp. 479–483.
iv. K. Gilhooly, ―Biometrics: Getting back to business,‖ Computerworld, May, vol. 9, 2005. R. Dhamija and A. Perrig, ―Deja vu: A user study using images for authentication,‖ in Proceedings of the 9th conference on USENIX Security Symposium-Volume 9. USENIX Association, 2000, pp. 4–4.
Volume 04, No. 03, Mar 2018
P
age
6
vi. Arti Bhanushali, Bhavika Mange, Harshika Vyas, Hetal Bhanushali and Poonam Bhogle, ―Comparison of Graphical Password Authentication Techniques‖, International Journal of Computer Applications (0975 – 8887) Volume 116 – No. 1, April 2015
vii. Arah Habib Lashkari.‖A new algorithm for graphical user authentication based on rotation and resizing‖.
viii. Hung-Min Sun ,Shiuan-Tung Chen ,Jyh-Haw Yeh ;,Chia-Yun Cheng, ―A Shoulder Surfing Resistant Graphical Authentication System‖, 2015 IEEE
