IJRIT International Journal of Research in Information Technology, Volume 1, Issue 7, July 2014, Pg. 169-174

International Journal of Research in Information Technology (IJRIT)

www.ijrit.com

ISSN 2001-5569

Simple Sound Signature Integration in Graphical Password System Suresh Vankayalapati1, Jyothi Goddu2, Prudhvi Kiran Pasam3 1

2

M.Tech, Department of Information Technology, Vignan’s Institute of Information Technology Visakhapatnam, Andhra Pradesh, India [email protected]

Assistant Professor, Department of Information Technology, Vignan’s Institute of Information Technology Visakhapatnam, Andhra Pradesh, India [email protected] 3

M.Tech, Department of Information Technology, Vignan’s Institute of Information Technology Visakhapatnam, Andhra Pradesh, India [email protected]

Abstract Now-a-days passwords [1] are everywhere. Mostly users select passwords which can be predictable [2][3]. This happens with both graphical [4] and text based passwords. Actually users tend to choose memorable password, unfortunately it means that the passwords tend to follow predictable patterns that are easier for attackers to guess. While the predictability problem can be solved by disallowing user choice and assigning passwords to users, this usually leads to usability issues since users cannot easily remember such random passwords. Number of graphical password systems has been developed; Our Comparative study shows that text-based [5] passwords suffer with both security and usability problems. According to a recent news article, a security team at a company ran a network password cracker and within 30 seconds and they identified about 80% of the passwords[6] .It is well know that the human brain is better at recognizing and recalling images than text graphical passwords exploit this human characteristic. In this paper we use graphical passwords and we will provide more security than individual text passwords with sound signature combination all provide more security these prevent accessing of data to the hackers.

Keywords: Password, Security [7][8], Sound Signature [9], graphical password [10].

1. Introduction Passwords are used for Authentication [11], Authorization and Access Control. Users mostly select passwords which are easy to predict. This is the case with both graphical and text based passwords. Users tend to choose memorable password, unfortunately it means that the passwords tend to follow predictable patterns that are easier for attackers to guess. The predictability problem can be solved by restricting user from choosing predefined passwords and assigning passwords to users, this generally leads to usability issues because users cannot easily remember such random passwords. Many graphical password systems have been developed, study shows that, textual passwords suffer with both security and usability problems. According to a recent news article, a security team at a company used a network password cracker [12] and within 30 seconds and they identified about 80% of the passwords. It is a well-known fact that the human brain recognizes and recalls images better than text, thus using images as password is a better approach than textual passwords. Considerable work has been done in this area. One of the best known of these systems are Passfaces, Brostoff and Sasse conducted an empirical study of Pass faces [13][14], which Suresh Vankayalapati, IJRIT

169

IJRIT International Journal of Research in Information Technology, Volume 1, Issue 7, July 2014, Pg. 169-174

shows how a graphical password recognition system typically operates. Blonder-style passwords are based on cued recall that is a user clicks on several previously chosen locations or coordinates in a single image to log in. As implemented by Passlogix Corporation, the user needs to choose several predefined regions in an image as his or her password and to log in, the user has to click on the same regions. The problem that persists in this scheme is that the number of predefined regions is small, perhaps a few dozens in a picture thus the password may have to be about12 clicks for adequate security which is again a tedious task for the user. Another problem of this system is the need for the predefined regions to be readily identifiable. In effect, this would require artificial, cartoon-like images rather than complex, real-world scenes, thus restricts the user’s space from choosing the images for creating a secure yet easy to recognize password. In order to overcome these problems, a new method called Cued Click Points (CCP) is a proposed as an alternative to PassPoints[15]. In CCP, the user can click only one point or the number of points he can remember based on his memorizing capability on each of the images rather than on clicking on several points on one single image. Thus it offers cued-recall and introduces visual cues which instantly alert the valid users if they have made a mistake when entering their latest click-point and then at that point they can cancel their attempt and retry from the beginning. It also helps in making attacks on hotspot [16] analysis more challenging. Data security has been a prime concern since networking. Although various algorithms and tools are available to secure data, it is however being intruded or data hacked. Following are some approaches which were proposed earlier: Recognition Based Techniques: Dhamija and Perrig[17][18] proposed a graphical authentication scheme which was based on the Hash Visualization technique. In that system, the user was asked to select a certain number of images from a set of program generated images. Later, the user was prompted to identify the pre-selected images in order to get authenticated. The results showed that 90% of all participants succeeded in the authentication using this technique, while only 70% succeeded using text-based passwords and PINS. The average log-in time, however, is longer than the traditional approach. The major drawback of this system was that the system needs to store a huge data in order to store images for each user. Also, selecting images for each user from the picture database is a challenging task and it needs a lot of computation time. Passface: “Passface” is another technique which was developed by Real User Corporation. The basic idea behind this is that the user will be asked to choose four images of human faces from a database of face images as their future password. In the authentication stage, the user sees a grid of nine faces, consisting of one face previously chosen by the user and eight decoy faces. The user recognizes and clicks anywhere on the known face. This procedure is repeated for several rounds. The user is authenticated only if he identifies the four faces correctly. This technique is based on the assumption that people can recall human faces easier than other pictures. User studies by Valentine have shown that Passfaces are very memorable over long intervals. However the effectiveness of this method is still uncertain. Convex Hull of Pass Objects: This method was given by Sobrado and Birget to develop a graphical password, this technique deals with the shoulder-surfing problem. In the first scheme, the system will display a number of pass-objects which are pre-selected by the user among many other objects. To be authenticated, a user needs to recognize pass-objects and click inside the convex hull formed by all the pass-objects. To make the password hard to guess, Sobrado and Birget suggested the use of 1000 objects, which makes the display very crowded and the objects are almost indistinguishable, and using fewer objects would lead to a smaller password space, since the resulting convex hull can be large. In their second algorithm, a user needs to move a frame until the pass object on the frame lines up with the other two passobjects. It is also suggested to repeat this process a few more times to minimize the likelihood of logging in by randomly clicking or rotating. The main drawback of these algorithms is that the log in process can be slow.

2. Objective The objectives and purpose for this paper is to analyze the existing password systems and suggest a new graphical password system which would enhance the security and also help in smoothening the system working. This not only focuses on security maintenance of the data but also keeps in mind about the resources which are being used thus focus is on complete optimization of graphical password system, along with enhancing the security by addition of sound signature into the graphical password system.

Suresh Vankayalapati, IJRIT

170

IJRIT International Journal of Research in Information Technology, Volume 1, Issue 7, July 2014, Pg. 169-174

3. Modules

Fig.1 Modular Architecture

User maintenance: This module allows the registration of the users. The users are created with security accounts in the SQL Server database. Each user is associated with password. Only users having these accounts can access the application to perform any specific task. Graphical password generator: The module allows the user to generate password from images. The user has to specify the required image and click on the image to generate strokes. Each stroke provides a pair of co-ordinates x, y location from the image. The co-ordinates in the pattern clicked and the number of strokes along with the image is redirected to the database after performing encryption. The source image can be deleted as the application does not have a direct dependency on the physical file as the image and click information has been directed to SQL database. Associate sound signature: The module allows the user to choose an audio file at runtime or use his voice for creating sound file. This audio is converted to binary format and this binary file is then encrypted and associated with the graphical password and dumped into the SQL database. It strengthens the security of the protected data. Verification: This module asks user to provide SQL password and then asks user to provide audio file and then performs binary conversion and encryption of sound file then verifies it with the stored sound file’s encrypted form and then shows images to the user for reading graphical password from the user, as the user is verified partially with the help of sound file, he is provided with approximate areas which helps user to recognize his click points, it then perform encryption on click points and then compares them with the stored password.

4. Proposed Architecture

Fig.2 Proposed Architecture In the proposed work we have integrated sound signature to help with the password. No system has been devolved so far which uses sound signature and graphical password authentication. Study says that sound signature or tone can be used to add facts like images, text etc. Our idea is inspired by this novel human ability. Research says that human can remember images as well as sound tone easily; by applying this method we design our project so it will provide more security. Observed that all student who were registered entered their graphical password and video sound clip and it will be more secured from their Suresh Vankayalapati, IJRIT 171

IJRIT International Journal of Research in Information Technology, Volume 1, Issue 7, July 2014, Pg. 169-174

point of view it is very good for Graphical and sound clip password authentication system. Incipient working: Firstly we need to enter the CCP of image. If entered CCP’s are correct then system will allows user for next level of logging. In next level user required to enter the volume level, if volume level is correct system will allows for next authentication level. In last stage of logging user need to enter correct video timing. If any of them (CCP’s, Volume level, Video timing) are incorrect then system will go in halt state for next 12 hours. After completion of 12 hours reboot again and user can try for uploading and downloading of data by entering correct password for all stages.

5. Working Architecture

Fig.3 Flow chart illustrating the working procedure System includes a SQL server for storing user information and graphical password associated with sound signature, GUI is provided with the help of windows forms, which provide an interface to users to interact with the system for creating graphical password by choosing images and then providing click points and then for providing sound file to the system for associating sound signature. The click points undergo MD5 encryption and then the associated sound file is converted to binary form and then MD5 encryption is performed on binary data and stored in database. During verification user first needs to verify his login to SQL server, he gets access to the system and then he provides the sound file which is then verified by converting and comparing in encrypted form, then the user is taken to graphical password screen where user click on click points and system verifies this graphical password. The system proposed here is a multi-layered system to strengthen security. The system intends to create a graphical password using a single/multiple images and associate a sound file. Password is generated by assigning click points in each image and associating sound file, above that the SQL server is used to maintain users and provide another security layer. Steps for creating graphical password: Identifies a matrix of images to generate graphical password by choosing click points. Redirect the image and the password generated to the SQL server database after performing encryption on click points. Identify a sound signature (file), convert to byte form and perform encryption and then associate it with the graphical password in the database. Steps for verifying password: The first step would ask the user to verify him-self by entering his SQL server account details. Once he gets verified from SQL server, he is taken to sound signature verification screen, where he needs to provide the right sound file to the system, which is then verified by the system by performing encryption and then comparing the encrypted form with the database. Once the sound file is verified he is taken to graphical password screen where he gets images in the same sequence as he gave the system during password creation, here as the sound file is verified the user gets some clue area where his click points are present, the user then needs to click on the exact correct click points on the image in the right sequence, these click points are verified by the system image by image by performing encryption on click coordinates and then comparing the encrypted form with the database Suresh Vankayalapati, IJRIT 172

IJRIT International Journal of Research in Information Technology, Volume 1, Issue 7, July 2014, Pg. 169-174

6. Results Data collected from 20 participants. Each participant was asked to register himself/herself and then each was invited to for login trail 5 times as legitimate user and 5 times as Impostor randomly. Participants were final year engineering students of age group 20-28 Y. Table 1 shows the detail of the data generated by legitimate users and Table 2 contains the data generated by imposters. According to the data generated FRR is 4.0 and FAR is 2.0 which are very good for Graphical password authentication system. The following Table.1 shows the login attempts we have seen with our users during testing.

Table.1 User Trails

7. Conclusions The use of graphical images and sound signatures strengthens the security system by almost removing the chances of getting breached. This application can be used for providing security to any application by placing this application over any application which is needed to be secured and whose security system is to be enhanced. The application here can be used by any organization or industry that needs to handle confidential data. The application ensures that only a legitimate user who can provide the right SQL user password, graphical password and there sequence and along with the right sound file for verification will be able to access the application protected by this security system. This system can further be enhanced by providing a more user friendly and easy access for legitimate users by providing them with the facility to use sound signature first and on its authentication system generates the approximate graphical password which must be further corrected by the legitimate user. Thus helps legitimate users in recollecting graphical password and stops any kind of false trails of illegitimate users.

Acknowledgments I consider it as a privilege to thank all those people who helped me a lot for successful completion of this paper. First of all I would like to thank our beloved CEO of VIIT Mr. K.Pavan Krisna who has given me a lot of support and freedom during my work. I would like to thank Principal of Vignan’s Institute of Information Technology Dr. K. Alice Mary, for her encouragement to me during the work. I would like to thank our ever-inspiring Head of the Department of Information Technology, Mr. B. Prasad, for his spontaneous response to every request though he was busy with his hectic schedule of administration and teaching. I would like to express my deep sense of thanks to my project guide G. Jyothi, Assistant Professor for enlightening me with constructive suggestions for solving my problems patiently and helping me to improve the quality of work.

References [1] Integration of Sound Signature in Graphical Password Authentication System International Journal of Computer Applications (0975 – 8887) Volume 12– No.9, January 2011 [2] R. Dhamija and A. Perrig, "Deja Vu: A User Study Using Images for Authentication," in Proceedings of 9th USENIX Security Symposium, 2000. [3] Davis, D., F. Monrose, and M.K. Reiter. On User Choice in Graphical Password Schemes.13th USENIX Security Symposium, 2004. [4] A.Perrig and D.Song, "Hash Visualization: A New Technique to Improve Real-World Security," in Proceedings of the 1999 International Workshop on Cryptographic Techniques and E-Commerce, 1999. Suresh Vankayalapati, IJRIT

173

IJRIT International Journal of Research in Information Technology, Volume 1, Issue 7, July 2014, Pg. 169-174

[5] D. Hong, S. Man, B. Hawes, and M. Mathews, "A password scheme strongly resistant to spyware," in Proceedings of International conference on security and management. Las Vergas, NV, 2004. [6] R. N. Sheppard, "Recognition memory for words, Sentences, and pictures," Journal of Verbal Learning And Verbal Behavior, vol. 6, pp. 156-163, 1967. [7] A. Perrig and D. Song, "Hash Visualization: A New Technique to Improve Real-World Security," in Proceedings of the 1999 International Workshop on Cryptographic Techniques and E-Commerce, 1999. [8] Vienna, Austria: ACM, 2004, pp. 1399-1402. [9] Graphical Passwords. ACM SOUPS, 2007. [10] Cranor, L.F., S. Garfinkel. Security and Usability. O’Reilly Media, 2005. [11] G. E. Blonder,“Graphical password. U.S. Patent 5559961, Lucent Technologies”, Ed. NJ: Murray Hill, 1995. [12] A. Almulhem,A Graphical Password Authentication System, 2011, pp. 223-225. [13] S. R. Chiasson, R. Biddle, P.C. van Oorschot,” A Second Look at the Usability of Click-based Graphical Passwords.ACM SOUPS”, 2007. [14] Passfaces, http://www.realuser.com Last accessed 2006. [15] S. Wiedenbeck, J.C. Birget, A. Brodskiy,N. Memon,”Authentication Using Graphical Passwords: Effects of Tolerance and Image Choice. ACM SOUPS”, 2005. [16] S. Wiedenbeck,J. Waters, J.C. Birget, A. Brodskiy, N. Memon,”PassPoints: Design and longitudinal evaluation of a graphical password system”,International Journal of Human-Computer Studies, 2005, vol. 63, pp.102-127. [17] J. C. Birget, D. Hong,N. Memon, “Graphical Passwords Based on Robust Discretization. IEEE Trans. Info. Forensics and Security”, 2006, ed.3, vol.1. [18] K. Renaud,“Evaluating Authentication Mechanisms” Chapter 6 in [4].

Authors 1

Suresh Vankayalapati M.Tech 2nd year – 2nd sem

Suresh Vankayalapati, IJRIT

2

Jyothi Goddu Assistant Professor

3

Prudhvi Kiran Pasam M.Tech 2nd year – 2nd sem

174

Simple Sound Signature Integration in Graphical ...

system was that the system needs to store a huge data in order to store images for ... Fig.1 Modular Architecture ... password and dumped into the SQL database.
Download PDF
348KB Sizes 2 Downloads 90 Views
Report

Recommend Documents

Integration of Sound Signature Authentication System..pdf ...
Integration of Sound Signature Authentication System..pdf. Integration of Sound Signature Authentication System..pdf. Open. Extract. Open with. Sign In.
Creating a Signature in Thunderbird
2. 3. 4. 5. 6. 7. Configuring Thunderbird. Select Tools > Account Settings. ... with Thunderbird available from http://www.lclark.edu/~infotech/HELP/hsindex.html.
Process Integration in Semantic Enterprise Application Integration: a ...
Process Integration in Semantic Enterprise Application Integration: a Systematic Mapping.pdf. Process Integration in Semantic Enterprise Application Integration: ...
verify digital signature in pdf
There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. verify digital ...
electronic signature in pdf
electronic signature in pdf. electronic signature in pdf. Open. Extract. Open with. Sign In. Main menu. Displaying electronic signature in pdf.
Graphical Models
Nov 8, 2003 - The fields of Statistics and Computer Science have generally followed ...... is a binary symmetric channel (BSC), in which each message bit is ...
Graphical Abstract
emissions are selectively quenched because of the electron transfer (eT) from the pyrene units to ... between H atom of pyrenyl amide group and O atom of the.
Graphical Models
Nov 8, 2003 - Computer scientists are increasingly concerned with systems that interact with the external world and interpret uncertain data in terms of underlying probabilistic models. One area in which these trends are most evident is that of proba
Graphical RNN Models
Dec 15, 2016 - Further, stations with extreme data were then manually removed. This process was repeated till we got a reasonably clean dataset. For each weather station, we also have its physical location on the map as given by the latitude and long
STATIONARITY AGAINST INTEGRATION IN THE ...
+ αr tr. T )I{κ ̸= 0} + t. ∑ k=1 ρt−kηk + εt where the source of the stochastic .... Let the partial sum processes of (̂εt) and (̂ε 2 t ) be defined as. (1.9). St = t. ∑.
INTEGRATION OF METADATA IN SPOKEN ... | Google Sites
text content sources for the document search problem, as well as its usefulness from .... when indexing HTML documents and web pages can thus be readily used for ... standard clustered tri-phone, 3-states-per-phone model. Nei- ther model ...
Bhaktivedanta Lives In Sound Society Newsletter September ...
Bhaktivedanta Lives In Sound Society Newsletter September October.pdf. Bhaktivedanta Lives In Sound Society Newsletter September October.pdf. Open.
SPEECH SOUND CATEGORIES IN LANGUAGE ...
to produce speech errors when their reading rhythm is accelerated. ...... Items within blocks were randomly selected (without replacement) by the program ...... Aslin, R. N., & Pisoni, D. B. (1980) Effects of early linguistic experience on speech.
Spontaneous Integration of Services in Pervasive ... - CiteSeerX
10. 2 Overview of the Service Integration Middleware. 11. 2.1 Component ... 2.2.2 MIDAS: Model drIven methodology for the Development of web InformAtion.
A graphical technique for finding equilibrium magnetic domain walls in ...
For the case of a two layer wire this technique is used to find two domain wall ... Keywords: Multilayer nanowire; Domain wall; Magnetization reversal; Thermal ...
Object Detection in Video with Graphical Models
demonstrate the importance of temporal information, we ap- ply graphical models to the task of text detection in video and compare the result of with and without ...
vi / vim graphical cheat sheet
F "back" fwd. G eof/ goto ln Hscreen top. J join lines. K help. L screen bottom ... version at http://www.viemu.com/a_vi_vim_graphical_cheat_sheet_tutorial.html.
sound change in functional phonology
Dec 22, 1997 - Sound systems may never stop changing, not even if only internal ... thus creating a new underlying segment (= bundle of perceptual features) сpHс. This ... Filling of gaps. ..... 8. 1.4 Merger. The fact that two segments often merge
digital-signature-in-huddle-instant-paperless-peregrine-forms-docs-in ...
There was a problem loading this page. digital-signature-in-huddle-instant-paperless-peregrine ... cs-in-addition-to-gmail-freefind-with-1499494078686.pdf.
Textual vs. Graphical Interaction in an Interactive Fiction ... - CiteSeerX
a more graphical representation with advances in graphical technology. Even though a ... We analyzed the data using a qualitative analysis method known as ...
8.2B Lesson Graphical Representations (FILLED IN).pdf
8.2B Lesson Graphical Representations (FILLED IN).pdf. 8.2B Lesson Graphical Representations (FILLED IN).pdf. Open. Extract. Open with. Sign In. Main menu.
Spontaneous Integration of Services in Pervasive ... - CiteSeerX
3.1.1 A Service Integration Middleware Model: the SIM Model . . . . . . . . . . . 34 ..... Many of these problems of computer science deal with the challenges of.