With the increasing trend of web services and apps, users are able to access these applications anytime and anywhere with various devices. However, conducting the authentication process in public might result in potential shouldersurfingattacks. Even a complicated password can be cracked easily through shouldersurfing. Using traditional textual passwords or PIN method, users need to type their passwords to authenticate themselves and thus these passwords can be revealed easily if someone peeks over shoulder or uses video recording devices such as cell phones.
Overcomes this problem we have utilized a safe graphical verification system named as PassMatrix Based ShoulderSurfing Resistant GraphicalAuthenticationSystem that are protecting users from getting to be casualties of shouldersurfingattacks while contributing passwords in public through the use of one-time login pointers. In this user have set their graphical password at registration time and when a user login user must require two factor authentications. User can scan the QR code and download image in their mobile then user have selected the pass-image same as when selected at the time of registration. If selected pass-image is correct then user login into the system. A login marker will randomly create for every passer-image and will be pointless after the session ends. The login marker will gives better security against shouldersurfingattacks, since users utilize a dynamic pointer to call attention to the position of their passwords instead of tapping on the password object directly. Due to this user access their data more secure. The main purposed of our system to maintain the privacy and authority of the user.
Password-based authentication schemes have been most commonly used on many smart devices when compared to other authentication schemes. The lower complexities in implementation, computation, processing requirements and so forth have led to the use of a password-based authenticationsystem. Again, text-based passwords are more commonly used when compared to other existing authentication systems. However, various vulnerabilities were discovered by several cryptanalysts in text-based systems like brute force attack, guessing attack, dictionary attack, social engineering attack etc. In smart phones, the tiny screen size imposes some more constraints such as limited password length, implementation of easier authentication systems to increase performance etc. Moreover, the small on-screen keyboard makes typing inefficient and less precise. Consequently, the users tend to use a smaller password which makes it even more vulnerable. Since the size of smart devices is getting smaller and smaller; few authentication systems cannot be implemented in it due to its size .
At this stage, the user creates an account which contains a username and a password. The password consists of only one pass-square per image for a sequence of n images. The only purpose of the username is to give the user an imagination of having a personal account. The username can be omitted if Pass-Matrix is applied to authentication The user has to choose images from a provided list as pass-image. Then the user will pick a pass-square or each selected pass-image from the grid, which was divided by the image discretization module. The user repeats this step until the password is set. This module divides each image into squares, from which users would choose one as the pass-square. An image is divided into a 7 * 11 grid. The smaller the image is discretized, the larger the password space is. However, the overly concentrated division may result in recognition problem of specific objects and increase the difficulty of user interface operations. Hence, in this implementation, a division was set at 60-pixel intervals in both horizontal and vertical directions, since 60 pixels is the best size to accurately select specific objects.
ABSTRACT: Currently Cyber security is an important issue to tackle. A wide security primitive depend on hard challenges that can be computationally solved only by mathematical algorithms operations. Differents user authentication methods are used for this purpose. There are many drawbacks in alphanumeric passwords that they can be guessed very easily or can be hacked. Currently researchers have proposed different graphical techniques such as CAPTCHA, PCCP, CaRP, PassMatrix, VRK, OTP & LTP etc. In this paper, we present a new security primitive based on hard AI problems, namely, a novel family of graphical password systems built on top of Captcha technology, which we call Captcha as graphical passwords (CaRP). CaRP is both a graphical password and a Captcha scheme. CaRP addresses a number of security problems altogether, such as online guessing attacks, relay attacks, and, if combined with dual-view technologies, shoulder-surfingattacks. This section makes a deep survey over the many existing systems and thereby makes a comprehensive evaluation of the existing techniques making us ready to propose a new technique system which eliminate the drawbacks of the previous systems. The paper describes and studies different application oriented graphical systems proposed earlier and tries to find the loopholes to avoid the attacks.
In this paper, we have studied different methods for graphical password authentication scheme. We proposed a shouldersurfing resistant authenticationsystem basedon graphical passwords, named Pass Matrix. Using a one-time login indicator per image,users can point out the location of their pass-square without directly clicking or touching it, which is an action vulnerable to shouldersurfingattacks. Because of the design of thehorizontal and vertical bars that cover the entire pass-image, it offers no clue for attackersto narrow down the password space even if they have more than one login records ofthat account. Also additional, we proposed a system called Session password,it provides a new password for each session and need not to transfer password form server each time for authentication purpose that’s why Session password scheme provides more security than the other existed systems.
pattern based password. These patterns based authenticationsystem is vulnerable to shouldersurfing attack as well as the Smudge Attacks. The attacker can easily get the password pattern by observing the smudge left on the touch screen. Defining bad and easily crackable password and/or login using password in insecure environment mainly causes loopholes in password authentication security. There is a need of secured password authenticationsystem which overcomes the drawbacks of existing text and image based password schemes. To overcome these problems biometrical password scheme is introduced. In biometric password authenticationsystem user voice, retina, thumbprint, face are used as a passwords. There are various types of biometric sensors which as able to authenticate user. Such schemes are secured but hardware specific. Special sensor devices are required for authentication. It is impractical to have such authenticationsystem to regular web based resources and such system installation and maintenance is costly. This proposed work provides a graphicalauthenticationsystem. This system is able to restrict shouldersurfing attack. To resist shouldersurfing attack it uses session password technique. In session password user will add new password at every login attempt. The added password is valid for only single login session. Pass-matrix technique is proposed in this work. This technique uses pass-point clicking. This technique uses more than one image as a password. For every image it defines the click points as a pass-square. If user is not being able to click on correct pass square then system displays a wrong image for next pass input. This wrong image is treated as a warning to the user. To define session password for pass square click, a hint is provided to the user. Based on the given hint user will select the password for that session.
resistant graphical password scheme, TI-IBA, in which icons are presented not only spatially but also temporally. TI-IBA is less constrained by the screen size and easier for the user to find his pass-icons. Unfortunately, TI-IBA’s resistance to accidental login is not strong. And, it may be difficult for some users to find his pass-icons temporally displayed on the login screen. As most users are familiar with textual passwords and conventional textual password authentication schemes have no shouldersurfing resistance, Zhao et al. , in 2007, proposed a text-based shouldersurfing resistant graphical password scheme, S3PAS, in which the user has to find his textual password and then follow special rule to mix his textual password to get a session password to login the system. However, the login process of Zhao et al.’s scheme is complex and tedious .
The alphanumeric password has been part of the authentication process for a very long time. The most common computer authentication method is for a user to submit a user name and a text password. One of the main problems is the difficulty of remembering passwords. Studies have shown that users tend to pick short passwords or passwords that are easy to remember. Unfortunately, these passwords can also be easily guessed or broken. However, this simple and ubiquitous technology has some well-known usability problems especially on the memorability aspect. The humans ability to remember pictures better than text has been well documented in numerous cognitive and psychological studies that are graphical passwords . As a result, much research has been inspired in both the security and Human Computer Interaction communities in recent years to explore graphicalauthentication systems as an alternative or an enhancement to text passwords. As the name implies, graphicalauthentication uses graphics (pictures, icons, faces etc.) instead of the common used text strings.
At present conventional secret word patterns are exposed to dictionary attacks, eves dropping and shouldersurfing, numerous shouldersurfing unaltered graphical password patterns proposed. On the other hand, Textual passwords are the utmost public technique used for authentication. There are several graphical password schemes that are planned in the past years. Most users are used word-based passwords than untainted graphical passwords sentence or word-based or character based graphical password schemes have been proposed. Undesirably, none of existing schemes are create graphical lock to resisting the impersonation. The shouldersurfing resistant and other attacks like eves dropping, dictionary attacks, and social engineering attack on text and character are improved by this paper by using colors. In the expected scheme, the operator can robustly, cleanly and professionally login system and inspect the security and usability of the planned system and show the resistance of the proposed scheme to unintended login.
In 2002, to reduce the shouldersurfing attack, Sobrado and Birget  proposed three shouldersurfing resistant graphical password schemes, the Movable Frame scheme, the Intersection scheme, and the Triangle scheme. But from all this schemes, the Movable Frame scheme and the Intersection scheme fail frequently in the process of Authentication. In the Triangle scheme, the user has to select and memorize several pass icons as his password. To login the system, the user has to correctly pass the predetermined number of challenges and in every challenge, the user has to find three pass-icons from a set of randomly chosen icons displayed on the login screen, and then click inside the invisible triangle created by those three pass- icons.
In any organization, regardless the size and nature of the company, information security is a major concern. The protection of information and implementation of adequate security mechanisms with respect to confidentiality, integrity and authenticity are especially important in today's increasingly interconnected business environment. Traditional textual passwords are perhaps the most prevalent and convenient authentication method because they are familiar to all users, easy to use, and cheap to implement. The known weakness of traditional user authentication is a tendency to choose passwords with predictable characteristics, which in turn reduces password strength and makes it vulnerable to various attacks as mentioned in . Sufficiently secure password should be at least eight characters or longer, random, without any semantic content, with mix of uppercase and lowercase letters, digits, and special symbols. Generally, users ignore any tips and recommendations for creating a secure password. Moreover, some users write down their passwords on a piece of paper, share passwords with others or use the same password for multiple accounts. Most of the common attacks namely brute force search attack, dictionary attack, guessing attack, shouldersurfing attack, spyware attack, and social engineering
At present predictable secret word patterns are subjected to eves dropping, dictionary attacks and shouldersurfing, numerous shouldersurfing unchanged graphical password patterns proposed. At the same time, the utmost public techniques used for authentication are textual passwords. A number of graphical password schemes that are planned in past years. A most of user’s used word-based passwords than pure graphical passwords, so we have proposed word- based graphical password schemes. Undesirably, none of existing schemes are create hybrid digital graphical password scheme. In this paper, we propose an improved mainly textual-based, numerical based shouldersurfing resistant and other attacks like social engineering resistant, eves dropping and dictionary attacks resistant graphical password by using colors. In the predictable scheme, the operator can robustly, simply and efficiently login system and observe the security, usability and resistance to various attack of the designed system.
ABSTRACT: The most common method is textual passwords that were used for authentication. Unfortunately, these passwords can be easily guessed or cracked. The next best techniques are graphical passwords. Since, there are many graphical password schemes that are proposed in the last decade, But most of them suffer from shouldersurfing which is also a big problem. Also, there are few graphical passwords schemes that have been proposed which are resistant to various attacks. In this paper two new authentication schemes are proposed with steganography algorithm for any transaction . Any authentication process gets very secure when two or three techniques used together for a system. For every login process, user input different passwords. We proposed two different shouldersurfing resistance graphical password authentication scheme methods one is AS3PAS and second is hybrid textual scheme using color code also Advanced LSB which removes the drawback of simple LSB that it supports all image format.
A basic aim of the security is to create cryptographic and highly non forgeable primitives based on hard mathematical formulations that are computationally intractable. For example, the integer factorization problem is basic to the RSA public-key cryptographic system. In the past decade, the use of online banking and online transactions i.e. in E- Commerce have rapidly increased and Using difficult (Artificial Intelligence) AI challenges for security using CAPTCHA, Graphical Passwords, initially proposed in ,it was exciting new pattern. Captcha is invented for the security and it was most used technique, i.e., a puzzle. Most of another techniques are not able to keep security toward shouldersurfing attack and therefor makes the system vulnerable to attacks and however create password is insecure. In 1999 as alternative many graphical password techniques are used. This paper provides a comprehensive and analytical overview of published research work in this domain, analyzing the both the features such as usability, security aspects, and along with that system evaluation.
In general, all the keypad based authenticationsystem has several possibilities of password guessing by means of shoulder movements and skimming device attacks. Shoulder-surfing is an attack on password authentication that has traditionally been hard to defeat. At the Same time the growth of mobile technology, with regard to availability of services and devices like Smartphone’s has created new phenomenon for communication and data processing ability to do Daily Works. One such phenomenon that has emerged in the Social work Environment is BYOD (Bring Your Own Device), which means that users can use their personal device to access company resources for work. This project proposes a Wireless Pin Authentication Method (WPAM) for secure transactions using BYOD trend. In addition to that Kerberos authentication protocol is used for user’s authentication.
In paper author T, R.Nagendran, implemented system in which password is selected block of the image called the view port. But this system failed to secure from hotspot attack. In paper author N. López, M. Rodríguez, C. Fellegi, D. Long. proposed a graphicalauthentication systems in even odd form.Still unable to resist from shoulder surfing.In paper author S. Man, D. Hong, and M. Mathews, proposed that user should rate colors from 1 to 4 for password and he can remember it as “RGBY”. But the interface is quite difficult to understand to the normal user.In paper author M.Shreelatha, M.Sashi proposed a methodology on Session password which can be used only once,but this technique is proposed to generate session passwords using text which fails to resist shouldersurfing. In paper  author, Ushir Kishori Narhar, Ram.B.Joshi proposed a methodology using user name with graphical password using persuasive cued click points along with biometric authentication using finger nail plate.. But biometrics such as face and fingerprints can easily be recorded and potentially misused by biometrics experts without user’s consent. Inpaper  Author, Neha Singh, Nikhil Bomanwar proposed a methodology of a persuasive cued click point which reduces the hotspot problem, but provides no security mechanism for shouldersurfing attack .Inpaper Author, Hung- Min Sun, Shiuan-Tung Chen, Jyh-Haw Yeh proposed a system based on authenticationsystem Pass Matrix, based on graphical passwords with a one-time valid login indicator. But this System does not resist the shouldersurfing attack and also vulnerable to smudge attack.
5. Conclusions and Future Works. User authentication is one of the most important component of a secure system. Even after the development of advanced authentication mechanisms such as biometrics, the traditional concept of passwords still continues to be the most widely adopted means for user authentication. Owing to the limitations and weaknesses of text-based passwords such as smaller password space, susceptibility to brute force and shouldersurfingattacks, etc., this paper proposes a novel pattern-based multi-factor authen- tication scheme that involves the use of a combination of textual and graphical passwords. The proposed system has a larger password space and is secure against dictionary attacks since it involves additional mouse input along with keyboard input. Moreover, a brute force attack would require automatic generation of all possible mouse-click and text combination in order to crack the actual password. This renders the bruce force attack infeasible for the proposed system.
Abstract— The user usually uses a password to avoid the attacks like a dictionary attack, brute force attack and shouldersurfing attack which is the famous attack nowadays. The shouldersurfing attack is a direct observation technique by watching over the user’s shoulder when they enter their password to get information. The most common authentication method used by the user is textual password. But, the textual password has many disadvantages because it is vulnerable to attack as it tends to shouldersurfing attack. In this project, a pattern-based password authentication will develop to overcome this problem. Using this scheme, the user needs to select the type of pattern that they like during registration. To log in to their account, the user needs to enter the password in the form of the textual password in ordering manner based on a pattern that they choose during registration. The text password grid presented with a different style as it filled with random objects whether characters, numbers or images. This method is suitable to minimizing shouldersurfing attack as it can improve the security of user’s password and they can efficiently login to the system.
Texts passwords are insecure for reasons and graphical are moresecured in comparison but are vulnerably susceptible to shouldersurfingattacks. Hence by utilizing graphical password system and CAPTCHA technology an incipient security primitive is proposed. We call it as CAPTCHA as graphical Password (CaRP). CaRP is a coalescence of both a CAPTCHA and a graphical password scheme. In this paper we conduct a comprehensive survey of subsisting CaRP techniques namely Click Text, Click Animal and Animal Grid. We discuss the strengths and inhibitions of each method and point out research direction in this area. We withal endeavor to answer “Are CaRP as secured as graphical passwords and text predicated passwords?” and “Is CARP protective to relay attack?"Cyber security is a paramount issue to tackle. Sundry utilizer authentication methods are utilized for this purport. It avails to eschew misuse or illicit utilization of highly sensitive data. Text and graphical passwords are mainly utilized for authentication purport. But due to sundry imperfections, they are not reliable for data security.