Ijert Ijert: Secured Password Authentication Based On Images
Ijert Ijert: Secured Password Authentication Based On Images
Ijert Ijert: Secured Password Authentication Based On Images
ISSN: 2278-0181
Vol. 2 Issue 2, February- 2013
Abstract 1. Introduction
Password schemes that encourage the use of strong Text passwords remain ubiquitous, despite endless criticism.
passwords have failed. During past, preferring images for People consistently choose weak passwords for many reasons,
passwords was not appreciated since that involves complex including users trying to manage on average 25 password-
techniques. In recent years, the usage of image as password protected accounts. Losing strategies include blaming users,
has increased consistently. Most of the passwords are and imposing complex password rules. Some claim that
insecure, whether text or image, since appropriate securities choosing weak password is a rational economic response.
are not imposed. In this paper, an extended ObPwd generates Some argue that strong passwords are nonessential for
strong passwords from images on a computer.In general, a preventing automated online dictionary attacks like password-
common way to make password secure is by using protected sites that can present challenge CAPTCHAs after
stenographic techniques along with other processes. It is well failed attempts lock out the targeted account temporarily.
RRTT
known that image passwords are more secure than text However, the latter can affect legitimate users, and
passwords. When image is chosen as password, it will CAPTCHA schemes are regularly defeated by improved
definitely be a challenge for the hacker to hack the password attacks in the artificial intelligence arms-race, by human
solvers, or bypassed due to implementation flaws. A recent
IIJJEE
www.ijert.org 1
International Journal of Engineering Research & Technology (IJERT)
ISSN: 2278-0181
Vol. 2 Issue 2, February- 2013
disaster. Therefore, combination of techniques should be secret information is stored anywhere, including on the host
carefully handled and only then the security can be enhanced. being protected and the underlying algorithm may be made
public. The remote end (client) of this system can run on any
2. Literature Survey locally available computer and the host end (server) can be
integrated into any application requiring authentication.[12]
2.1. Password managers
3. Existing System
Password managers are used to make the passwords more
secure. Those managers use Password Hash and Password In the existing system, CAPTCHA concepts are used. In
Multiplier. These support security but they face usability password schemes, the use of strong passwords have failed.
issues. Password Hash are browser plug-ins that generate CAPTCHA schemes are regularly defeated by improved
strong passwords and prevent Java script attacks. Password attacks in the artificial intelligence arms-race, by human
Multipliers are plug-ins that protect against phishing attacks. solvers or bypassed due to implementation flaws. Also, the
These usability studies uncover problems so that they can be ObPwd scheme that was implemented earlier does not involve
corrected.[1] salting technique. It only involves image conversion and
generating the password. Another drawback of text password
2.2. User choice in graphical passwords schemes is that they can be retrieved through techniques like Brute
force, Caesar technique and so on. All these issues makes the
The user selection of passwords in two graphical password password weak and also easily retrievable.
schemes are permitted. One based on entropy and the other
based on high correlation with race. The graphical password 4. Proposed System
schemes generally require a different posture towards
password selection than text password, where selection by In the proposed model, an Extended Object-Based Password
user remains the norm.[2] (ExObpwd) concept is introduced. This process aims at file
based authentication scheme in which user selects an image
2.3. Multiple Graphical Passwords and it is given as a input to the server for authentication which
are then converted to bytes. These bytes are encrypted using
RRTT
The study of multiple graphical passwords is to systematically RSA algorithm and then hashed. After the generation of
examine frequency of access to a graphical password, the sequence number, a part of it is salted and then authenticated.
interference resulting from interleaving access to multiple
5. Extended Obpwd System
IIJJEE
www.ijert.org 2
International Journal of Engineering Research & Technology (IJERT)
ISSN: 2278-0181
Vol. 2 Issue 2, February- 2013
5.2. Module Description
user
5.2.1. User Registration
5.2.3. Hashing
Encryption
using RSA Hashing is a process which includes the conversion of the
bytes into the hash code bytes. This conversion is done by
using SHA-1 algorithm. The sequence of hashed bytes is sent
to the user. The user need to select a sequence of the hashed
bytes randomly which is subjected for comparison and
Decryption and authentication.
Hashing
RRTT
5.2.4. Salting and Desalting
Salting with text The encrypted code which is converted into hashed bytes will
password generate a sequence which is random in nature. The random
sequence comprises of the byte codes which are arranged in a
frequently changing manner.
5.2.6. Authentication
Login process
After desalting, the original hash code is regained. Initial
authentication is done when the sequence number is
generated. Further authentication is proceeded when salting
Server authentication combination is provided. Both the user and the server must be
authenticated inorder to avoid data loss or data leakage.
Figure 1: Extended ObPwd architecture Sequence checking is nothing but the same hash input should
not be given to the server again. The random number should
differ each time.
www.ijert.org 3
International Journal of Engineering Research & Technology (IJERT)
ISSN: 2278-0181
Vol. 2 Issue 2, February- 2013
ease of creating the password using ObPwd;
5.3. ExObPwd Algorithm ease of logging into the website with the chosen
password.
The algorithm that explains the processes taking place in this
architecture is as follows: Based on the usability survey carried out in a small session
,the user’s suggestion’s of using ObPwd are,
Step 1: Start the process with the usual user registration.
Step 2: Browse the image for password generation with path About 20% of users – easy to login, hard to use and disliked
specified to enhance security. The path is specified as: using.
String path1 = "C:\\Program Files\\Apache Software About 30% of users – thought hard to guess password and
Foundation\\Tomcat 5.5\\webapps\\SecuredPassword thought more secure.
\\image\\"+id+".jpg"; About 40% of users – liked wider choice.
Step 3: Perform the byte conversion. About 20 to 50% of users – easy to choose file.
Step 4: The bytes are then encrypted and decrypted using RSA About 20 to 40% - intend to use.
. algorithm.
RSA rsa = new RSA();
rsa.setSeeds(61,31);
rsa.setEncKey(43);
Pwd usability survey
rsa.keyGen();
String chiper = rsa.encryptToNumeralString Easy login but
buffer.toByteArray()).toString()); hard usage
String key = rsa.getDecKeyPairAsString();
String desc = rsa.decryptFromNumeralString(chiper); Hard to guess
Step 5: These encrypted bytes are then hashed using SHA-1 but secure
algorithm.
SHA256 sha = new SHA256();
str = sha.hash(chiper.getBytes()); wide choice
RRTT
Step 6: The sequence number generated is verified and then and intend to
salting technique is executed. use
Step 7: The combination is executed as password.
Step 8: Stop the process through login or logout. easy to choose
IIJJEE
file
5.4. Impact of ObPwd
www.ijert.org 4
International Journal of Engineering Research & Technology (IJERT)
ISSN: 2278-0181
Vol. 2 Issue 2, February- 2013
[13] C. Herley, “So long, and no thanks for the externalities:
REFERENCES The rational rejection of security advice by users,” in Proc.
New Security Paradigms Workshop (NSPW’09), Oxford,
[1] S. Chiasson, P. van Oorschot, and R. Biddle, “A usability U.K., Sep. 2009.
study and critique of two password managers,” in Proc.
USENIX Security Symp., Vancouver, Canada, Aug. 2006. [14] R. W. Picard, Affective Computing MIT Media Lab,
Perceptual Computing Group, Tech. Rep., 1995.
[2] D. Davis, F. Monrose, and M. K. Reiter, “On user choice
in graphical password schemes,” in Proc. USENIX Security
Symp., SanDiego, CA, Aug. 2004.
www.ijert.org 5