A SECURE RECOGNITION BASED ON GRAPHICAL PASSWORD Guided By: Prof. S. Jain PRESENTED BY Dhanshri Agashe

CONTENTS INTRODUCTION MOTIVATION LITERATURE SURVEY METHODOLOGY ISSUES ADVANTAGES OF GRAPHICAL PASSWORDS. APPLICATIONS CONCLUSION FUTURE SCOPE REFERENCES

INTRODUCTION Graphical user authentication(GUA) system requires a user to select a memorable image. Digital watermarking is the process of embedding information into a digital signal. The purpose of digital watermarking is to provide copyright protection. By using Cued click points users click on one point per image for a sequence of images. Performance was very good in terms of speed, accuracy, and number of errors.

INTRODUCTION Users preferred CCP to saying that selecting and remembering only one point per image was easier. Seeing each image triggered their memory of where the corresponding point was located. Cued click points provides greater security as the number of images increases the workload for attackers.

Watermark What ? The term watermark is derived from the German term “Wessmark” The basic idea of watermark is to embed some information in digital images so that it can not be miss used or owned by others. Image without watermark Watermarked image

Picture Password Authentication Using cued click points MODULES USER REGISTRATION PROCESS PICTURE SELECTION PROCESS LOGIN PROCESS SYSTEM FINAL REGISTRATION PROCESS

MOTIVATION There is a good security when using the text-based strong password schemes but often memorizing the password. An alternative solution to the text-based authentication which is the GUA or simply Graphical Password . However, one big issue that is plaguing GUA is shoulder surfing attack that can capture the users mouse clicks and image gallery.

LITERATURE SURVEY Sr. No. Paper Name Author Year Conclusion 1 Graphical User Authentication A.H. Lashkari IEEE 2011 Resistance to common attacks of graphical password algorithms. 2 Persuasive cued click points Stobert. E 2012 Influence user choice in click-based graphical passwords, encouraging users to select more random, and hence more difficult to guess, click-points.

LITERATURE SURVEY If attacker want to attack to the image gallery as we hide the copyright protection information in all images of the system. In proposed algorithm all images has copyright information and is difficult to change the image of gallery. Focus on attacks of graphical password algorithms and evaluate recognition based algorithms.

METHODOLOGY PROPOSED GRAPHICAL PASSWORD ALGORITHM A denotes the user A ID denotes the user identity of user A S denotes the server side operation C denotes the Client side operation UAI denotes User added some image for his/her password UI denotes the image(s) that user added to the system Ini denotes the image number of user’s password DI denotes set of the decoy images

continue RCS denotes the random character set generated for each image in login page DQ() denotes the data query from database DW()denotes the write the data pack in the database IMX()denotes matrix of images || denotes the concatenation process WCP() denotes the Copyright Protection technique of Watermarking CWCP() denotes the checking process for copy right protection of watermarking

continue The workflow of registration phase is as below: Step1. C: (A, ID) S [User A sends his ID to the server for login page] Step2. S: DQ (ID)[in the server side the user’s information will find from data base] Step3. S: IMX (DI, INi) C [Server generate a from the decoy images and user’s password images and sent to the client side] Step4. C: CWCP (IMX (Di,INi)) [the algorithm check the copyright protection in them image matrix]

continue Step5: C: INi [user selects his/her password images by write the related characters and algorithm fin the related ID regarding to the users entered characters as INi] Step6. C: ID || INi [in the client side the ID of user and selected images INi will concatenate and make the data pack] Step7. C: ID|| INi S [Client send the generated data pack to the server] Step8. S: Success/Reject  C[check the data pack and if the pack is true reply successfully to the client side and If data pack is not true then reject the user in login phase.

Graphical Password-what a concept! Here you pick several icons to represent the password. Then when you want to authenticate it, a screen is drawn as a challenge to which you must respond. The screen has numerous icons, at some of which are your private password icons. You must locate your icons visually on the screen and click on the screen to the password.

The survey : Two categories Recognition Based Techniques a user is presented with a set of images and the user passes the authentication by recognizing and identifying the images he selected during the registration stage. Recall Based Techniques A user is asked to reproduce something that he created or selected earlier during the registration stage.

Phases of Algorithm Login phase Registration phase

Click point’s as password 1st click 2nd click 3rd click 4th click 5th click … Click point

DATABASE Last picture System gives 3 chances to First picture stored in database during registration Last picture Correct click point Gives the next image Correct username DATABASE System gives 3 chances to The user for incorrect password Verification of click point Database contains saved pictures and points. If the user exists 3 chances then the password system displays another picture which will be unrelated to the picture selected by the user during password creation

COMPARISION BETWEEN ALPHA-NUMERIC & GRAPHICAL PASSWORDS: Commonly used guidelines for alpha-numeric passwords are: The password should be at least 8 characters long. The password should not be easy to relate to the user (e.g., last name, birth date). Ideally, the user should combine upper and lower case letters and digits and special characters. Graphical passwords The password consists of some actions that the user performs on an image. Such passwords are easier to remember & hard to guess.

APPLICATION OF THE PICTURE PASSWORD SYSTEM SYSTEM LOG IN AND LOG OUT PROCESS FOLDER LOCKING WEB LOG-IN APLLICATION

ADVATAGES OF GRAPHICAL PASSWORDS Graphical password schemes provide a way of making more human-friendly passwords . Here the security of the system is very high. Here we use a series of selectable images on successive screen pages. Dictionary attacks are infeasible.

SOLUTION TO SHOULDER SURFING PROBLEM (1) TRIANGLE SCHEME

FUTURE SCOPE Shoulder surfing means watching over people's shoulders as they process information. Examples include observing the keyboard as a person types his or her password, enters a PIN number, or views personal information. Because of their graphic nature, nearly all graphical password schemes are quite vulnerable to shoulder surfing. It can be overwhelming by triangle scheme in further approach

CONCLUSION Brute Force Search More difficult to break the graphical passwords from traditional attack methods: Brute Force Search Dictionary Attack Or Spyware By implementing other special geometric configurations like triangle & movable frame ,one can achieve more security especially shoulder surfing and physical attacks.

REFERENCES A.H. Lashkari, F.T., Graphical User Authentication (GUA). 2010: Lambert Academic Publisher. Komanduri, S. and D.R. Hutchings, Order and Entropy in Picture Passwords, in Canadian Information Processing Society. 2008. Hu , W., X. Wu, and G. Wei, The Security Analysis of Graphical Passwords, in International Conference on Communications and Intelligence Information Security. 2010.

THANK YOU.. ANY QURIES?