O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Engineering Project of Venkata Krishna

  • Entre para ver os comentários

  • Seja a primeira pessoa a gostar disto

Engineering Project of Venkata Krishna

  1. 1. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 1 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE CHAPTER 1 INTRODUCTON 1.1 INTRODUCTION There has been a great deal of hype for graphical passwords since two decade due to the fact that primitive’s methods suffered from an innumerable number of attacks which could be imposed easily. Here we will progress down the taxonomy of authentication methods. To start with we focus on the most common computer authentication method that makes use of text passwords. Despite the vulnerabilities, it’s the user natural tendency of the users that they will always prefer to go for short passwords for ease of remembrance and also lack of awareness about how attackers tend to attacks. Unfortunately, these passwords are broken mercilessly by intruders by several simple means such as masquerading, Eaves dropping and other rude means say dictionary attacks, shoulder surfing attacks, social engineering attacks .To mitigate the problems with traditional methods, advanced methods have been proposed using graphical as passwords .The idea of graphical passwords first described by Greg Blonder (1996). For Blonder, graphical passwords have a predetermined image that the sequence and the tap regions selected are interpreted as the graphical password. Since then, many other graphical password schemes have been proposed. The desirable quality associated with graphical passwords is that psychologically humans can remember graphical far better than text and hence is the best alternative being proposed. There is a rapid and growing interest in graphical passwords for they are more or infinite in numbers thus providing more resistance. The major goal of this work is to reduce the guessing attacks as well as encouraging users to select more random, and difficult passwords to guess. Taxonomy of Authentication In this depiction of current authentication methods Biometric based authentication system’s techniques are proved to be expensive, slow and unreliable and hence not preferred by many. Token based authentication system is high security and usability and Accessibility compare then others. But is system employ knowledge based techniques to enhance security. But
  2. 2. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 2 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE the current knowledge based techniques are still immature. For instance, ATM cards always go hand in hand with PIN number. Fig 1.1: Taxonomy of Authentication Taxonomy of Password Authentication Techniques So the knowledge based techniques are the most wanted techniques to improve real high security. Recognition based & recalls based are the two names by which graphical techniques could be classified.
  3. 3. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 3 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE Summary The rest of the project report is organized as follows: The Chapters from Chapter 2 to Chapter 10 will provide the information about the Defenses against Large Scale Online Password Guessing attacks by using Persuasive Click Points. The Chapter 2 will give survey on the literatures which are more important in development of this project and in Chapter 3 gives the disadvantages and the advantages of the existing and the proposed systems and also provide the problem setup of the project .The Chapter 4 will provide all the necessary Requirements of Functional and Non-Functional Requirements of Defenses against Large Scale Online Password Guessing attacks by using Persuasive Click Points. In Chapter 5 the Architecture of the Defenses against Large Scale Online Password Guessing attacks by using Persuasive Click Points and the modules which are implemented in it are discussed. The designing of the system with all the necessary UML diagrams are explained in Chapter 6. The Pseudo code is discussed in the Chapter 7.Finally the testing is done with all possible test cases are described in Chapter 8.The final conclusion and the references are followed in the preceding Chapters 9 and Chapter 10 Respectively
  4. 4. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 4 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE CHAPTER 2 LITERATURE SURVEY 2.1 Graphical Password Authentication Using Cued Click Points We propose and examine the usability and security of Cued Click Points, a cued-recall graphical password technique. Users click on one point per image for a sequence of images. The next image is based on the previous click-point. We present the results of an initial user study which revealed positive results. Performance was very good in terms of speed, accuracy, and number of errors. Users preferred CCP to Pass Points, saying they thought that selecting and remembering only one point per image was easier, and that seeing each image triggered their memory of where the corresponding point was located. We also suggest that CCP provides greater security than Pass Points because the number of images increases the workload for attackers. 2.2 Reducing Shoulder-surfing by Using Gaze-based Password Entry Shoulder-surfing – using direct observation techniques, such as looking over someone's shoulder, to get passwords, PINs and other sensitive personal information – is a problem that has been difficult to overcome. When a user enters information using a keyboard, mouse, touch screen or any traditional input device, a malicious observer may be able to acquire the user’s password credentials. We present Eye Password, a system that mitigates the issues of shoulder surfing via a novel approach to user input. With Eye Password, a user enters sensitive input by selecting from an on-screen keyboard using only the orientation of their pupils, making eavesdropping by a malicious observer largely impractical. We present a number of design choices and discuss their effect on usability and security. We conducted user studies to evaluate the speed, accuracy and user acceptance of our approach. Our results demonstrate that gaze-based password entry requires marginal additional time over using a keyboard, error rates are similar to those of using a keyboard and subjects preferred the gaze-based password entry approach over traditional methods.
  5. 5. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 5 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE 2.3 Deja vu: A User Study Using Images for Authentication Current secure systems suffer because they neglect the importance of human factors in security. We address a fundamental weakness of knowledge-based authentication schemes, which is the human limitation to remember secure passwords. Our approach to improve the security of these systems relies on recognition-based, rather than recall-based authentication. We examine the requirements of a recognition-based authentication system and propose Deja Vu, which authenticates a user through her ability to recognize previously seen images. Deja Vu is more reliable and easier to use than traditional recall-based schemes, which require the user to precisely recall passwords or PINs. Furthermore, it has the advantage that it prevents users from choosing weak passwords and makes it difficult to write down or share passwords with others. 2.4 Image Based Registration and Authentication System Security-sensitive environments protect their resources against unauthorized access by enforcing access control mechanisms. Text based passwords are not secure enough for such applications. User authentication can be improved by using both text passwords and structured images. Our image based registration and authentication system is called IBRAS. The system developed displays an image or set of images to the user, who would then select one to identify them. The system uses such image based passwords and integrates image registration and notification interfaces. Image registration enables users to have their favorite image. The paper will describe our experience and future work. 2 2.5 User interface design affects security Patterns in click-based graphical passwords Design of the user interface incenses users and may en-courage either secure or insecure behavior. Using data from four deferent but closely related click-based graphical password studies, we show that user-selected passwords vary considerably in their predictability. Our analysis looks at click-point patterns within passwords and shows that Pass Points passwords follow distinct patterns. Surprisingly, these patterns occur independently of the background
  6. 6. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 6 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE image. Conversely, CCP and PCCP passwords are nearly indistinguishable from those of a random dataset. These results provide insight on modeling effective password spaces and on how user interface characteristics lead to more (or less) secure user behavior.
  7. 7. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 7 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE CHAPTER 3 PROBLEM DEFINITION 3.1 EXISTING SYSTEM In existing system, password are mostly of text oriented .So the password can be broken by intruders by masquerading ,brute force attack ,dictionary attack etc ,There are some application existing with graphical passwords ,their major drawback is larger memory space. Some have prone to shoulder surfing attack .In Cued Click Point ,the user have select click point in five different images in sequence based on the previous image .The drawback of the concept is it is difficult to remember the click points in different images. Disadvantages Although Pass Points is relatively usable, security weaknesses make passwords easier for attackers to predict .Hotspots are areas of the image that have higher likelihood of being selected by users as password click-points. Attackers who gain knowledge of these hotspots through harvesting sample passwords can build attack dictionaries and more successfully guessPass Points passwords. Users also tend to select their click-points in predictable patterns (e.g., straight lines), which can also be exploited by attackers even without knowledge of the background image; indeed, purely automated attacks against Pass Points based on image processing techniques and spatial patterns are a threat 3.2 PROBLEM STATEMENT Usable security has unique usability challenges because the need for security often means that standard human-computer-interaction approaches cannot be directly applied. An important usability goal for authentication systems is to support users in selecting better passwords. Users often create memorable passwords that are easy for attackers to guess, but strong system- assigned passwords are difficult for users to remember.
  8. 8. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 8 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE 3.3 PROPOSED SYSTEM In proposed system, we use a click-based graphical password system. During password creation, there is a small view port area that is randomly positioned on the image. Users must select a click-point within the view port. If they are unable or unwilling to select a point in the current view port, they may press the Shuffle button to randomly reposition the view port. The view port guides users to select more random passwords. Therefore this works encouraging users to select more random, and difficult passwords to guess. Advantages of proposed system This systematic examination provides a comprehensive and integrated evaluation of PCCP covering both usability and security issues, to advance understanding as is prudent before practical deployment of new security mechanisms. Results show that PCCP is effective at reducing hotspots (areas of the image where users are more likely to select click-points) and avoiding patterns formed by click-points within a password, while still maintaining usability.
  9. 9. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 9 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE CHAPTER 4 SYSTEM ANALYSIS AND REQUIREMENTS 4.1 SOFTWARE REQUIREMENTS o Operating System : Windows XP/7/8 o Application Server : NETBEANS o Front End : JAVA, Swings o Database : MYSQL o Database Connectivity : JDBC 4.2 HARDWARE REQUIREMENTS o Processor - Pentium –III, intel, amd o Speed - 1.1 Ghz o RAM - 256 MB(min) o Hard Disk - 20 GB(min)
  10. 10. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 10 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE 4.3 FUNCTIONAL REQUIREMENTS 1. It provides provision to the user to register. 2. It provides a provision to the user to select an image. 3. It provides a provision to the user to generate graphical password from selected image. 4. It provides a provision to the user to compare graphical password from input image for login. 5. It provides a provision to Login user. 6. It provides a provision to the user to compare graphical password from input image for user to make transactions. 7. It provides provision to user to make his transactions. 8. It provides provision for user to deposit. 9. It provides a provision for user to withdrawal. 10. It provides a provision for user to view transaction reports. 4.4 NON-FUNCTIONAL REQUIREMENTS Non-Functional requirements describe user-visible aspects of the system that are not directly related to functionality of the system. a) User Interface A menu interface has been provided to the client to be user friendly. b) Documentation The client is provided with an introductory help about the client interface and the user documentation has been developed through help hyperlink. c) Performance Constraints  Requests should be processed within no time.  Users should be authenticated for accessing the requested data.
  11. 11. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 11 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE d) Error Handling and Extreme Conditions In case of User Error, the System should display a meaningful error message to the user, such that the user can correct his Error. The high level components in proposed system should handle exceptions that occur while connecting to database server, IO Exceptions etc. e) Quality Issues Quality issues refer to how reliable, available and robust should the system be? While developing the proposed system the developer must be able to guarantee the reliability transactions so that they will be processed completely and accurately. The ability of system to detect failures and recovery from those failures refers to the availability of system. Robustness of system refers to the capability of system providing information when concurrent users requesting for information. f) Acceptance Criteria The developer will have to demonstrate and show to the user that the system works by testing with suitable test cases so that all conditions are satisfied. 4.5 FEASIBILITY STUDY Three key considerations involved in the feasibility analysis are  Technical Feasibility  Economical Feasibility  Operational Feasibility i) Technical Feasibility The developed system have a modest requirement, as only minimal or null changes are required for implementing this system. As all the Technical aspects are already available.
  12. 12. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 12 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE ii) Economical Feasibility The developed system is well within the budget and this was achieved because most of the technologies used are freely available. Only the customized products had been purchased. iii) Social Feasibility The Users level of confidence must be raised so that he is also able to make some constructive criticism, which is welcomed, as he is the final user of the system
  13. 13. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 13 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE 4.6 Use Case Analysis: Fig 4.1: Use Case Diagram for Persuasive click point Use Case Description  In this first user must register by giving the details of user and then create the graphical password from image.  If the user is already registered then browse the image and give the x,y values as password for login.  Compare image for the graphical password verification. register new user login browse an image create graphical password from image compare image for graphical password credit debit user transcation history
  14. 14. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 14 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE  If the user is a valid user then the transaction can be done like credit, debit, transaction history. Use Case Description Table USECASE ACTOR STEPS DESCRIPTION 1.REGISTRATION USER 1.Press the registration 2.Enter details of user After completing to registration, all the details of user saved in database. 2. CREATE GRAPHICAL PASSWORD FROM IMAGE USER 1.Press the Create password. 2.Enter the required X and Y co-ordinates. After enter the co- ordinates, the corresponding values are stored in database. 3.BROWSE AN IMAGE USER 1.We select an image from the Image database. 2.Set the co-ordinate values After Browse the image, corresponding co-ordinate values of Image are stored in database. 4.LOGIN USER 1.Press the login. 2.Enter the username and password. After enter the username &password, Admin check with username & pwd in database. if it same user login is successful. 5.COMPARE IMAGE FOR GRAPHICAL PASSWORD ADMIN 1.Admin collect all details of password. 2.Admin compare the user password and actual values of Image co-ordinates. After comparing the graphical password, if I same successfulfor login. 6.CREDIT USER 1.Press the Credit button. 2.Enter credit details. After enter the all the details of credit, transactions are occurred successfully. 7.DEBIT USER 1.Select the debit. 2.Enter the required amount to be withdraw. After completing the debit, amount will be withdraw successfully. Table 4.1: Use Case Analysis
  15. 15. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 15 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE CHAPTER 5 SYSTEM ARCHITECTURE 5.1 SYSTEM ARCHITECTURE DESCRIPTION The project is about User authentication to the system with the implementation of the persuasive click points. First of all, any User has register and the graphical password is given as the input to the login process. The two images are compared for authenticating the user to the system, If any error occurred then user must login to the system again, if there are no errors then the transaction management will display the transaction details. Fig 5.1: System Architecture
  16. 16. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 16 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE 5.2 MODULES The System Architecture consisting of four modules namely: i. Registration ii. Password Creation iii. User Login iv. Transaction management i. Registration In this Registration module user enter the all the details like his name, address of the user ,mobile number and emailed .After enter the details, all details are stored in user database. These details are used for the Authentication in login process .So these details are very important for the further process. So these details are securely stored in User database. In this Registration process, user has to choose his username. ii. Password Creation In this module, we have to create our own password with help of any image in the Image Database .In this module, we create the password with help of X and Y co- ordinate’s of window .So in this (X, Y) values are to be set in the picture. These co-ordinate values are to be stored in admin database .In this we have to develop no. of passwords based on the size of window ,nothing but it will depend on no .of co-ordinate values .So guessing of Unauthorized user is very difficult and also easy to remember the authorized party. iii. User Login In this module, user wants to login into the system .In this admin asks username and password and then user enter the username and graphical password nothing but co- ordinate values.
  17. 17. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 17 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE After enter the username and password, Admin checks the entered username & password with Username, Password in database. If both are same, then user has to login in system successfully .Otherwise go to Registration process. iv) Transaction Management: In this Transaction Management module, we are testing weather system works properly or not .In this, the system is linkup with Banking Transactions. In this, user has to credit the money with help of our system and also debit the money successfully.
  18. 18. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 18 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE CHAPTER 6 SYSTEM DESIGN 6.1 CLASS DIAGRAM Fig 6.1: Class diagram
  19. 19. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 19 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE Description of Class Diagram  The class diagram mainly consists of User Register ,Image Process and Data Check.  In the user registration, login process is used to verify the details which are correct if the details given are invalid then the user must re-enter the valid details and compare the image and test is done on it.  In the Image process, the pixel values are taken when the password is created and that pixel values are used for retrieval of data from the data base.  In the Data Check, the data is verified that is where the intensity values of the co- ordinates are equal or not. 6.2 SEQUENCE DIAGRAM Fig 6.2: Sequence Diagrams for User Registration : user: user user interfaceuser interface registrationregistration insert imageinsert image create password create password databasedatabase message boxmessage box 1:user register() 1.1:enter user deatails() 1.1.1: checkuser regisration() 1.1.1.1: create password() 1.1.1.1.1: store data() 1.1.1.1.1.1: return status() 1.1.1.1.1.1.1: display message
  20. 20. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 20 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE Description of Sequence Diagram for User Registration  For this user need to enter the details and then the user details are been checked internally.  Then User Create the password by giving the image as input.  Then the password and the details are stored in the database.  From the Database if we want any details then the status will be given to the user by a message this message will be displayed. Sequence Diagrams for User Login Fig. 6.3: Sequence Diagrams for User Login : user: user user interface (ui) user interface (ui) loginlogin logim management login management compare graphical password compare graphical password cheakdatacheckdata message boxmessage box 1.1: login() 1.2: enter login details() 1.3: send data() 1.4: input image() 1.5: send user data checkdata return status 1.7: display message() 1.8: display message()
  21. 21. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 21 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE Description of Sequence Diagrams for User Login  After registration user must login by entering the login details. Then the data is send to the login management.  User gives the image for comparing the graphical password then the data is send to verification.  After verification the message is send to the login management and then the message is send to the message box.  The message box will send the message to the user. 6.3 COLLABORATION DIAGRAM Fig 6.4 Collaboration Diagrams for User Registration :user user interface :Registra tion :insert mode create pwd :databas e:message box 1: user register() 2: Enter user details 3: check user registration 4: create pwd 5: 1.1.1.1 store data 6: 1.1.1.1 return status 7: 1.1.1.1.1 display message
  22. 22. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 22 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE Collaboration Diagrams for User Registration  For this user need to enter the details and then the user details are been checked internally.  Then User Create the password by giving the image as input.  Then the password and the details are stored in the database. From the Database if we want any details then the status will be given to the user by a message this message will be displayed Collaboration Diagrams for User Login Fig 6.5: Collaboration Diagrams for User Login Description of Sequence Diagrams for User Login:  After registration user must login by entering the login details. Then the data is send to the login management.  User gives the image for comparing the graphical password then the data is send to verification. 5: send user data :user :user interface :check data :masssage box :login :login management :compare graphical pwd 6: check data 1: login() 2: enetr login details 7: return status 9: display message 3: send data 4: input data 8: display message
  23. 23. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 23 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE  After verification the message is send to the login management and then the message is send to the message box.  The message box will send the message to the user. 6.4 ACTIVITY DIAGRAM Fig 6.6: Activity Diagram of Persuasive click points Description of Activity Diagram  In this first the user must login by giving the details.  If the details are invalid then the login fails then the user must re-enter the details.  If the details are valid then the login process is successful then the user transactions can be done. User Login Enter User Details Login Failure LoginSuc cessfully User Transactions logout valid DetailsInvalid Details
  24. 24. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 24 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE 6.5 STATE CHART DIAGRAM State Chat diagram for User Login Fig 6.7: State Chart diagram for User Login user registration enter user details create graphical password login transaction s depositwithdraw logout
  25. 25. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 25 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE Description of State Chart diagram for User Login  In this first user must register by giving the details of user and then create the graphical password from image.  If the user is already registered then browse the image and give the x,y values as password for login.  Compare image for the graphical password verification.  If the user is a valid user then the transaction can be done like credit, debit, transaction history State chart diagram for login: Fig 6.8: State chart diagram for login user login enter user details login successfully login failure valid detailsinvalid details user transactions logout
  26. 26. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 26 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE Description of State Chart diagram for login  In this first the user must login by giving the details.  If the details are invalid then the login fails then the user must re-enter the details.  If the details are valid then the login process is successful then the user transactions can be done. 6.6 COMPONENT DIAGRAM Fig 6.9: Component Diagram of Persuasive click points Defenses against Large Scale Online Password Guessing Attacks by Persuasive Click Points consists of four components  User Registration  Graphical Password  Login Management  Transactions Management DEFENCE AGAINST INE PASSWORD GUESSING ATTACKS BY USING PERSUASIVE CLICK POINTS USER REGISTRATION GRAPHICAL PASSWORD LOGIN MANAGEMENT TRANSACTION MANAGEMENT
  27. 27. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 27 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE 6.7 DEPLOYMENT DIAGRAM Fig 6.10: Deployment Diagram of Persuasive click points Description of Deployment Diagram: Deployment Diagram consisting of following objects.  User Interface  Defense against large scale online password guessing attack by using Persuasive click points. o Swings o JDK1.6  Database o My Sql o image In this system initially user interact with the Defense against large Scale online password system .In this swings and JDK 1.6 are sub parts of this system and this is link with the Database consisting of my sql and Image database. MYSQ L user interface Defence againist largescale online passw... SWIN GS JDK1. 6 DATA BAES IMAG E
  28. 28. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 28 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE 6.8 ER DIAGRAM Fig 6.11: ER Diagram of Persuasive click points Explanation for ER Diagram The Database is designed keeping in mind all the functional requirements of the System. There are several attributes for every entity in an ER Diagram .Here New User and Pixel are the entities and there is the relation between them. For the New User entity there are attributes are name, user name, account number, guardian, address, balance, Image and in the pixel entity there are attributes like name of the image and the password. Guardian Use Name Image Accno Balance Address PixelNew User Name has 1 1 Name Passw ord Image Path value 1 Name Path Image
  29. 29. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 29 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE DATA DICTIONARY The database used for the system consists of five tables, The first one is the user details table in which the entire details about the user are stored and second one is the address table consists the address of the user. The table upload data consists of the data under categories, from this table the entire operation of the system is based and the login master table handles the details of each login of the user. And finally the Category Info table consists of the type of Data stored in the Data Base. 1. New User Table Table 6.1: New User Table 2. Pixel Table Field name Data type Description User name Varchar2 Name of the user in the login Name Varchar2 Name of the user Balance Number Balance amount Address Varchar2 Address of the user Image Jpg Image password Guardian Varchar2 Guardian to the user Accno number Account number of the user Field name Data type Description Name Varchar2 Name of the user Image Jpg Image password Password number password of the user
  30. 30. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 30 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE Table 6.2: Pixel Table 3. Path value Table 6.3: Path value table Field name Data type Description Name Varchar2 Name of the user Image Jpg Image password Path Varchar2 Path value
  31. 31. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 31 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE CHAPTER 7 SYSTEM IMPLEMENTATION 7.1 ALGORITHMS Persuasive click points The implementation of the persuasive click point’s algorithm is of at most importance for the exact User authentication to happen, The algorithm for the persuasive click points includes two phases i.e., firstly during the registration of the passwords and during the login process. Registration process The User should register in to the system, before he can use the system for secure login. Step 1: The image is to uploaded which the user wants to use as his password. Step 2: There is a small view port area that is randomly positioned on the image, Users must select a click-point within the view port. Step 3: If they cannot or unwilling then they may press the shuffle button to randomly reposition the view port. The click points must be selected in such a way that there is less chances of inclusion of hotspots. Login process After the registration in to the system the, User wants to enter the system to view his personal data. Step 1: The User uploads the image, which he has selected as his password image. Step 2: The User should select the click points in the order in which he has done during the registration process. Step 3: if any problem, then retry for a limited no of times Or the account is blocked
  32. 32. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 32 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE else the account is opened 7.2 PSEUDO CODE The main action performed in the system is to compare the image that is given as an input. Image Comparision if(ae.getSource()==upload) { Connection connection = null; PreparedStatement psmnt = null; FileInputStream fis; String filename=filenametext.getText(); String name=nametext.getText(); String password=passwordtext.getText(); try { Class.forName("com.mysql.jdbc.Driver") connection = DriverManager.getConnection("jdbc:mysql://localhost/image","root",""); File image = new File(filename); psmnt = connection.prepareStatement ("insert into pixelvalue values(?,?,?)"); psmnt.setString(1,name); psmnt.setString(2,filename); fis = new FileInputStream(image); psmnt.setBinaryStream(3, (InputStream)fis, (int)(image.length())); int s = psmnt.executeUpdate(); }
  33. 33. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 33 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE catch(Exception ee) { } } else if(ae.getSource()==Compare) { String filename=filenametext.getText(); try { File file=new File(filename); BufferedImage image=ImageIO.read(file); ImageIcon icon=new ImageIcon(image); picture.setIcon(icon); } catch(Exception ee) { } } else if(ae.getSource()==Browse) { JFileChooser chooser = new JFileChooser(); try { File f = new File(new File("filename.txt").getCanonicalPath()); chooser.setSelectedFile(f); } catch (IOException e1) { } int retval = chooser.showOpenDialog(Browse); if (retval == JFileChooser.APPROVE_OPTION){ File field = chooser.getSelectedFile();
  34. 34. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 34 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE filenametext.setText(field.getAbsolutePath()); } else if(ae.getSource()==viewport) { System.out.println("aa"); } CHAPTER 8
  35. 35. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 35 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE TESTING 8.1 Test Cases Test case1 Input: The details of the User Expected Output: The successful registration Observed Output: same as expected as shown in the Fig 8.1 Fig 8.1: User registration form Test case 2
  36. 36. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 36 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE Input: The Image which is to be used as password and click points Expected Output: The successful creation of password Observed Output: same as expected as shown in the Fig 8.2 Fig 8.2: Graphical Password Creation of User Test case 3
  37. 37. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 37 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE Input: The Image used as a password and click points Expected Output: unsuccessful login Observed Output: same as expected as shown in the Fig 8.3 Fig.8.3: Graphical password given is wrong Test case 4
  38. 38. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 38 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE Input: The Image used as a password and click points Expected Output: successful login Observed Output: same as expected as shown in the Fig 8.4 Fig 8.4: Authentication of the User using image password Test Cases Report
  39. 39. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 39 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE Test Case ID Test Case Procedure Expecting behavior Exhibiting behavior Result 1 User to register. User has to select ‘New User’ option and enter the details of user. User has to be registered if the entered details are true else return error message. New user is registered. Pass 2 User to insert an image. User has to the Browse option and select the required image as input. User has to browse an image. User selected an image. Pass 3 User to Create Graphical Password. User has to select ‘create Password’ option and browse a graphical image to create graphical password. User has to create Graphical password. User is created Graphical password. Pass 4 User to compare images. User has to select an image as input to compare Graphical password to match. User has to insert an image. User inserted an image. Pass 5 User to get Login. User has to select ‘registered user’ option and enter the login details. User has to login if the entered login details are true else return error display message. User is logged in. Pass 6 User to deposit. User has to select ‘deposit’ option and transact the amount. User has to be deposited. User got deposited. Pass
  40. 40. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 40 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE 7 User to withdrawal. User has to select ‘withdrawal’ option and transact the amount. User has to be withdrawal. User is withdrawn amount. Pass 8 User to view transaction reports. User has to select ‘transaction Report’ and enter the password details. User has to view the transaction reports if entered details are true else return error message. User viewed the transaction reports. Pass Table 8.1: Test Case Report CHAPTER 9
  41. 41. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 41 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE CONCLUSION A major advantage of Persuasive Cued Click Point scheme is its large password space over alphanumeric passwords. There is a growing interest for Graphical passwords since they are better than Text based passwords, although the main argument for graphical passwords is people are better at memorizing graphical passwords than text-based passwords .Online Password guessing attacks on password-only systems have been observed for decades Present-day attackers targeting such systems are empowered by having control of thousand to million node battens. In previous ATT-based login protocols, there exists a security-usability trade-off with respect to the number of free failed login attempts (i.e., with no ATTs) versus user login convenience (e.g., less ATTs and other requirements). In contrast, PGRP is more restrictive against brute force and dictionary attacks while safely allowing a large number of free failed attempts for legitimate users. PGRP is apparently more effective in preventing password guessing attacks (without answering ATT challenges), it also offers more convenient login experience, e.g., fewer ATT challenges for legitimate users. PGRP appears suitable for organizations of both small and large number of user accounts. FUTURE ENHANCEMENT A major advantage of Persuasive cued click point scheme is its large password space over alphanumeric passwords. There is a growing interest for Graphical passwords since they are better than Text based passwords, although the main argument for graphical passwords is that people are better at memorizing graphical passwords than text-based passwords. Online password guessing attacks on password-only systems have been observed for decades. Present-day attacker stargazing such systems are empowered by having control of thousand to million node bonnets. In previous ATT-based login protocols, there exists a security-usability trade-off with respect to the number of free failed login attempts (i.e., with no ATTs) versus user login convenience (e.g., less ATTs and other requirements). In contrast, PGRP is more restrictive against brute force and dictionary attacks while safely allowing a large
  42. 42. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 42 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE number of free failed attempts for legitimate users. PGRP is apparently more effective in preventing password guessing attacks (without answering ATT challenges), it also offers more convenient login experience, e.g., fewer ATT challenges for legitimate users. PGRP appears suitable for organizations of both small and large number of user accounts. CHAPTER-10
  43. 43. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 43 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE REFERENCES & BIBLIOGRAPHY REFERENCES [1]. Sonia Chiasson, P.C. van Oorschot, and Robert Biddle, “Graphical Password Authentication Using Cued Click Points” ESORICS, LNCS 4734, pp.359-374,Springer- Verlag Berlin Heidelberg 2007. [2]. Zhi Li, Qibin Sun, Yong Lian, and D. D. Giusto, „An association-based graphical password design resistant to shoulder surfing attack‟, International Conference on Multimedia and Expo (ICME), IEEE.2005 [3]. R. Dhamija and A. Perrig, "Deja Vu: A User Study Using Images for Authentication," in Proceedings of9th USENIX Security Symposium, 2000. [4]. S. Akula and V. Devisetty, "Image Based Registration and Authentication System," in Proceedings of Midwest Instruction and Computing Symposium, 2004. [5]. L. Sobrado and J.-C. Birget, "Graphical passwords," The Rutgers Scholar, An Electronic Bulletin for Undergraduate Research, vol. 4, 2002. [6]. I. Jermyn, A. Mayer, F. Mon rose, M. K. Reiter, and A.D. Rubin, "The Design and Analysis of Graphical Passwords," in Proceedings of the 8th USENIX Security Symposium, 1999.
  44. 44. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 44 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE BIBLIOGRAPHY 1. www.javatpoint.com/corejava 2. www.mysql.com 3. www.w3schools.in 4. www.wikepedia.com 5. www.google.com APPENDIX-A
  45. 45. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 45 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE OUTPUT SCREENS Fig A.1: User Interface to Apply Graphical Password on Banking Application
  46. 46. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 46 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE Fig A.2: User registration form
  47. 47. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 47 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE Fig A.3: Graphical Password Creation of User
  48. 48. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 48 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE Fig A.4: Authentication of the User using image password.
  49. 49. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 49 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE Fig A.5: Deposit form of User
  50. 50. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 50 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE Fig A.6: Withdraw form for User.
  51. 51. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 51 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE Fig A.7: Transaction History of the User
  52. 52. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 52 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE APPENDIX-B SOURCE CODE package imageprocess; import java.awt.*; import java.awt.event.*; import java.awt.geom.Area; import java.awt.geom.Path2D; import java.awt.image.BufferedImage; import java.io.ByteArrayOutputStream; import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.sql.*; import java.sql.DriverManager; import java.util.Random; import javax.imageio.ImageIO; import javax.swing.*; public class CompareImage extends JFrame implements ActionListener { JPanel panel=new JPanel(); Container c; static JLabel picture=new JLabel(); JLabel name=new JLabel("Name"); JLabel password=new JLabel("Password"); JLabel filename=new JLabel("FileName"); JTextField nametext=new JTextField(); JTextField passwordtext=new JTextField(); JTextField filenametext=new JTextField(); JButton upload=new JButton("Upload");
  53. 53. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 53 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE JButton Compare=new JButton("Display"); JButton Browse=new JButton("Browse"); JButton viewport=new JButton("Viewport"); static ImageIcon icon; File file; BufferedImage image; static Image pic; static byte[] bytes = null; CompareImage() throws IOException { c=(JPanel)getContentPane(); c.setLayout(null); c.setBackground(Color.WHITE); picture.setBounds(50,100,400,325); filename.setBounds(600,100,100,30); filenametext.setBounds(720,100,300,30); name.setBounds(600,150,100,30); password.setBounds(600,200,100,30); nametext.setBounds(720,150,100,30); passwordtext.setBounds(720,200,100,30); Browse.setBounds(530,400,100,20); upload.setBounds(650,400,100,20); Compare.setBounds(770,400,100,20); viewport.setBounds(770,450,100,20); c.add(picture); c.add(filename); c.add(filenametext); c.add(name); c.add(nametext); c.add(password); c.add(passwordtext);
  54. 54. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 54 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE c.add(viewport); c.add(upload); c.add(Compare); c.add(Browse); viewport.addActionListener(this); upload.addActionListener(this); Compare.addActionListener(this); Browse.addActionListener(this); } public void actionPerformed(ActionEvent ae) { if(ae.getSource()==upload) { Connection connection = null; PreparedStatement psmnt = null; FileInputStream fis; String filename=filenametext.getText(); String name=nametext.getText(); String password=passwordtext.getText(); try { Class.forName("com.mysql.jdbc.Driver") connection = DriverManager.getConnection("jdbc:mysql://localhost/image","root",""); File image = new File(filename); psmnt = connection.prepareStatement ("insert into pixelvalue values(?,?,?)"); psmnt.setString(1,name); psmnt.setString(2,filename);
  55. 55. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 55 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE fis = new FileInputStream(image); psmnt.setBinaryStream(3, (InputStream)fis, (int)(image.length())); int s = psmnt.executeUpdate(); } catch(Exception ee) { } } else if(ae.getSource()==Compare) { String filename=filenametext.getText(); try { File file=new File(filename); BufferedImage image=ImageIO.read(file); ImageIcon icon=new ImageIcon(image); picture.setIcon(icon); } catch(Exception ee) { } } else if(ae.getSource()==Browse) { JFileChooser chooser = new JFileChooser(); try {
  56. 56. DEFENSES AGAINSTLARGESCALEONLINEPASSWORD GUESSING ATTACKS BY USING PERSUASIVECLICK POINTS 56 DEPARTMENT OF INFORMATIONTECHNOLOGY SRKR ENGINEERINGCOLLEGE File f = new File(new File("filename.txt").getCanonicalPath()); chooser.setSelectedFile(f); } catch (IOException e1) { } int retval = chooser.showOpenDialog(Browse); if (retval == JFileChooser.APPROVE_OPTION){ File field = chooser.getSelectedFile(); filenametext.setText(field.getAbsolutePath()); } else if(ae.getSource()==viewport) { System.out.println("aa"); } } } public static void main(String[] arg) throws IOException { JFrame pixel=new CompareImage(); pixel.setSize(1000,700); pixel.setVisible(true); pixel.setLocationRelativeTo(null); } }

×