Embed Size (px)
DESCRIPTION
My final semester Project regarding the authentication system which is based on Image and also has biometrics based on mouse drag.
Citation preview
JIGSPASSZLE: A novel Jigsaw based authentication System using Mouse Drag Dynamics
GUIDE:Mr. S. M.UDHAYASANKAR Assistant Professor-III
Submitted By:VISWAPRASATH KSTHANGARAJ RJEYASIMMAN S
AGENDA
• Abstract• Objective• Motivation• Literature Survey• Existing System
Drawbacks• Proposed System• Securities Addressed• Modules• Advantages Of Proposed System• Conclusion• References
ABSTRACT
In this paperwe used an image based authentication
system which uses the ability of the human to recognize the image with.
we use drag action either using the mouse or using touch in the screens as biometrics.
we have used One Time Passwords (OTP) which is not dependent on any external devices.
OBJECTIVE
Our main Objective areTo develop a multiple factor authentication
system images. (Biometrics +Conventional + recognizable )
To avoid the hardware dependency for OTP.
To avoid attacks like shoulder surfing, guessing, key loggers
MOTIVATION
As State in the paper “A complete comparison on Pure and Cued Recall-Based Graphical User Authentication Algorithms” user
were fascinated by the pictures which drawn by other users so frequently we can see the common picture for password.
users can hardly remember the sequence of drawing after period of time.
LITERATURE SURVEY
Adams, A., in “Users are not the enemy (1999)” -They state how each and every module should make user feel he is safe.
Kulkarni. in his paper “Security Analysis and Implementation of 3 Level Security System Using Image Based Authentication (2013)”
-He also tell how the combination of both text based password and image based password and OTP will be very complex to break.
Mrs. D. shanmugapriya in “A survey of Biometric Keystroke Dynamics: Approaches, Security and Challenges (2009)”
- Show how different types of biometrics based passwords can be achieved.
LITERATURE SURVEY(contd..)Rohit Ashok Khot in his “paper MARASIM: A Novel Jigsaw
Based Authentication Scheme Using Tagging”, -shows that how the image based authentication will be very easy for the user.
Graphical Passwords: A Survey by Xiaoyuan Suo, -clearly shows us the various loop holes in the existing
graphical passwords. They have shown that most of the graphical passwords are easily attacked.
Nitisha Payal, in“JigCAPTCHA: An Advanced Image-BasedCAPTCHA Integrated with Jigsaw PiecePuzzle using AJAX” (2011)
-shows clearly how we should transfer the small pieces of images.
Mori, T. in their paper “Proposal of Movie CAPTCHA method using Amodel Completion”
-show how in any image based system we can avoid attacks from the bots.
Farnaz Towhidi in “A Survey on Recognition-Based Graphical User Authentication Algorithms(2009)”
-showed in detail how the Recognition based Graphical authentication are very easy for the users to use.
Saurabh Singh in their paper “Mouse Interaction based Authentication System by Classifying the Distance Travelled by the Mouse” (2011) told how a mouse interaction can be used as a authentication system
LITERATURE SURVEY(contd..)
22EXISTING SYSTEM
They are lot number of existing system based on media like text based, image based and sound based.
Some of the image based password faced lot of drawbacksResponse time is very high due to transfer
of images.They didn’t had biometrics due to which
faced many problems.Not able to reproduce what they have
drawn.Attacks like brute force , shoulder suffering
, and dictionary attacks
PROPOSED SYSTEM
In our proposed system the user needs to form the password by selecting the parts of the picture he needs to use.
Here the parts of the images are used for creating the password, so we would like to call them as Passimages.
He should remember the order in which he selects the Passimages and has to position them in the grid according to the One Time PIN (OTP) which appears on the screen during login.
PROPOSED SYSTEM(contd..)
Registration In our System.
Uploading the Image Selecting the order of PassimagesPositioning for getting the time
PROPOSED SYSTEM(contd..)Uploading the Image
The user needs to upload his private images. Reason is that it cannot be easily identified by bots or other attackers.
Then the image is Sliced into smaller parts in 3x3 fashion. So we will get 9 small images.
The reason for dividing is we are introducing amodel Completion. i.e., the user can remember the big part from small part.
PROPOSED SYSTEM(contd..)
Selecting the order of Passimages
After uploading the image the user is shown with the sliced images. Where he can know about the smaller images.
The he is requested to select any 6 images out of 9 possible images. During this he makes the order he wants to use
PROPOSED SYSTEM(contd..)
Positioning for getting the time
Then after selecting the user is requested to position the images according to the OTP displayed in the browser.
While the user is placing that time we will be capturing the time he places. We will find the total time and average time.
Total Time (Tt) = Sum of all time taken to place image.Average Time (At) = Total time / Number of Pieces of
slices to be placed
Number of slices to be placed can be from 6 to 4.
SECURITIES ADDRESS
In our authentication system we would mainly concentrate on Brute force, shoulder suffering, Key loggers and dictionary attacks.
Brute force AttackThere is no possibility for brute force attack because we are dragging the image and drop at the same time we are capturing the time taken to place the image.
Shoulder sufferingAttacker can see the image and can learn about the order. But he feels it difficult sometimes to order them so time taken will be very high.
SECURITIES ADDRESS(contd..)
Key loggers It is found that the key loggers or spywares are very difficult to design for multi level authentication and especially for Image based authentication.
Dictionary attacksSince private images used by the users there wont be any possibilities of dictionary attacks.
MODULES
In our proposed System we have developed the following modules.RegistrationLogin AuthenticationForget Password
MODULES(contd..)RegistrationThe user needs to give his mail ID, if it is not found
then he can start registration by giving his name and password he need.
Then he needs to upload the image.The Image will be uploaded and sliced and then
displayed.Then the user will choose his image order.After that he is displayed with OTP and then made to
place the images.
MODULES(contd..)Login Authentication
In the first stage the user needs to give his text based email ID and password.
Then he is displayed with OTP and sliced small images.Then he can position the images according to the OTP.
SCREEN SHOTS
SCREEN SHOTS(contd..)
SCREEN SHOTS(contd..)
SCREEN SHOTS(contd..)
COMPARISON
Easy to use Prefer Over Text password0
10
20
30
40
50
60
70
80
90
100
YesNo
Graph showing willingness of user
Own User Other user 1 Other user 2 Other user 3 Other user 40
1
2
3
4
5
6
7
Average Time taken to set password with other images
COMPARISON(contd..)
COMPARISON(contd..)
Own User Other user 1 Other user 2 Other user 3 Other user 40
1
2
3
4
5
6
Time to set Other user password
ADVANTAGES
It is easy to remember and identify different part of whole image
.Our system is multi factor authentication system.
Our system uses biometrics so it is difficult for any other to use.
No need of additional hardware for OTP’s
FUTURE WORK
In future we need to analyze any public image can be used as authentication.
We can make our working of the project complex in such a way that our algorithm can find different parts of the image and understand it and expand dynamically.
We need to find the way to increase the number of slice of the images, currently we are using 9 since it is standard. And we have only 0-9 in our keyboards.
CONCLUSION
We would like to conclude our proposed system is stronger when compared with other image based authentication systems.
Here our proposed system is completely based on user recall and reorganization ability.
We have strengthened our proposed system by adding the time taken ability of the drag by the user with the help of mouse.
Our system will be very useful in touch based monitors and can be use in mobile commerce / electronic commerce based website for conforming the purchase.
Our System looks like gamified which is additional advantage in corporate sectors where the trend is changing.
REFERENCESRohit Ashok Khot , Kannan Srinathan , Ponnurangam Kumaraguru ,
MARASIM: A Novel Jigsaw Based Authentication Scheme Using Tagging , In Proc. ACM CHI (2011), 2605-2614
Anand, S. ; Jain, P. ; Nitin ; Rastogi, R, Security Analysis and Implementation of 3-Level Security System Using Image Based Authentication In Proc of Computer Modelling and Simulation (UKSim), 2012 UKSim 14th International Conference, 547-553
Nitisha Payal, Nidhi Chaudhary, Parma Nand Astya JigCAPTCHA: An Advanced Image-BasedCAPTCHA Integrated with Jigsaw PiecePuzzle using AJAX, IJSCE Volume-2, Issue-5 (2012), 180-185
Mori, T. Uda, R. ; Kikuchi, M. ,Proposal of Movie CAPTCHA method using Amodel Completion , In Proc. Applications and the Internet (SAINT), 2012 IEEE/IPSJ 12th International Symposium, 11-18
Fabian Monrose,Michael K. Reiter,Susanne Wetzel, Password hardening based on keystroke dynamics, In Proc International Journal of Information Security February 2002, Volume 1, Issue 2, 69-83
Nasir Ahmad , Andrea Szymkowiak and Paul A. Campbell , Keystroke dynamics in the pre-touchscreen era In Proc Front. Hum. Neurosci. doi: 10.3389/fnhum.2013.00835 Dec (2013)
Adams, A., and Sasse, M. A. Users are not the enemy. Commun. ACM. 42,
12 (1999), 40-46. MORRIS, R., AND THOMPSON, K. Password security: a case history.
Commun. ACM 22, 11 (1979), 594–597. Collin Mulliner,Ravishankar Borgaonkar,Patrick Stewin, Jean-Pierre
Seifert,SMS-Based One-Time Passwords: Attacks and Defense.In Proc 10th International Conference, DIMVA 2013, Berlin, Germany, (2013), 150-159
REFERENCES(contd..)
Dhamija, R. Hash visualization in user authentication. In Ext. Abstracts CHI 2000, ACM Press (2000), 279-280.
Fabian Monrose ,Aviel D. Rubin ,Keystroke dynamics as a biometric for
authentication,In Proc.Future Generation Computer Systems - Special issue on security on the Web archive Volume 16 Issue 4,( 2000 )351 – 359
Cranor, L., and Garfinkel, S. Security and Usability: Designing Systems
that People can use. O’reilly Media, 2005. Arash Habibi Lashkari ,DR. ROSLI SALEH, SAMANEH FARMAND ,
FARNAZ TOWHIDI “A complete comparison on Pure and Cued Recall-Based Graphical User Authentication Algorithms ” In Proc. Second International Conference on Computer and Electrical Engineering (2009)
REFERENCES(contd..)
Farnaz Towhidi,Maslin Masrom “A Survey on Recognition-Based Graphical User Authentication Algorithms ” In Proc (IJCSIS) International Journal of Computer Science and Information Security, Vol. 6, No. 2, (2009 )
Mrs. D. Shanmugapriya , Dr. G. Padmavathi “A Survey of Biometric keystroke Dynamics: Approaches, Security and Challenges” In Proc International Journal of Computer Science and Information Security (2009)
Saurabh Singh , Dr. K.V.Arya, “Mouse Interaction based Authentication
System by Classifying the Distance Travelled by the Mouse” In proc International Journal of Computer Applications (2011)
Mudassar Raza, Muhammad Iqbal, Muhammad Sharif and Waqas Haider
“A Survey of Password Attacks and Comparative Analysis onMethods for Secure Authentication” In proc World Applied Sciences Journal 19( 2012)
REFERENCES(contd..)
THANK YOU
