Process by which a system verifies the identity of a user wishes to access it. Authentication is essential for effective security

Methods used for authentication o Textual passwords o Graphical passwords o Session passwords

Common Method: o textual passwords Alternative techniques: o graphical passwords o biometrics New authentication schemes: o session passwords

Dhamija and perig proposed a graphical authentication schema to identify the predefined images. User selects a random number of pictures. Identify the pre selected images for authentication.

Passface technique:- The user has to choose four images of human faces from a face database as their future password. User selects a human face. In the authentication stage, the user gets a grid of nine faces, consisting of one face previously chosen by the user and eight decoy faces.

Syukir developed a technique where the authentication is done by drawing user signature using mouse. » Registration phage » Verification phage At the time of registration the user draw his signature with the mouse. In the verification stage it takes the user signature as the input and verify it.

» Dictionary attacks » Shoulder surfing » Forgery

New authentication schemes: o Pair based o Hybrid textual

Authentication technique consist of 3 phases:  Registration phase: user enters his password  Login phase: the user has enter the password based on the interface displayed on the screen  Verification phase

Login interface

Intersection letter for the pair AN

Rating of colors by the user

Password:3573 Depending on the rating given to colors, we get session password Login interface

SECURITY ANALYSIS  Dictionary attack  A simple dictionary attack is by far the fastest way to break into a machine.  A dictionary file (a text file full of dictionary words) is loaded into a cracking application(such as L0phtCrack), which is run against user accounts located by the application.  Because the majority of passwords are often simplistic, running a dictionary attack is often sufficient to the job.

Brute Force Attack Brute Force Attack is the most widely known password cracking method. It based on attempts to use every possible character combination as a potential password. The number of possible combinations (and therefore required time) grows rapidly as the length of the password increases.

Phishing :- It is typically carried out by spoofing spoofing or instant messaging, and it often directs users to enter details at a fake websiteinstant messaging whose look and feel are almost identical tolook and feel the legitimate one. Phishing is an example of social engineering techniques used tosocial engineering deceive users, and exploits the poor usability of current web security technologies.

REQUIREMENTS HARDWARE SPECIFICATION – Processor : Intel Pentium IV, 2GHz – RAM : 512MB – Hard Disk Capacity : 40GB – Keyboard : Standard 104 keys – Mouse : Standard 3 Button – DVD/CD ROM : LG DVD RAM SOFTWARE SPECIFICATION – Operating System : Win XP and Above – Database : SQL Server 2008 – System Architecture :.NET Framework Programming Language : PHP

Two authentication techniques based on text and colors are proposed. Techniques generate session passwords and are resistant to dictionary attack, shoulder surfing. In Pair based during login time on the grid displayed a session password is generated. In hybrid textual scheme rating should be given to colors. Schemes are completely new to the users and the proposed authentication techniques should be verified extensively for usability and effectiveness.

[1] R. Dhamija, and A. Perrig. “Déjà Vu: A User Study Using Images for Authentication”. In 9th USENIX Security Symposium, [2] Real User Corporation: Passfaces. [3] X. Suo, Y. Zhu and G. Owen, “Graphical Passwords: A Survey”. In Proc. ACSAC'05. [4] Z. Zheng, X. Liu, L. Yin, Z. Liu “A Hybrid password authentication scheme based on shape and Text” Journal of Computers, vol.5, no.5 May 2010.