01-05-2013, 02:12 PM
DEFENSES AGAINST LARGE SCALE ONLINE PASSWORD GUESSING ATTACKS BY USING PERSUASIVE CLICK POINTS
DEFENSES AGAINST LARGE.doc (Size: 309.5 KB / Downloads: 37)
Introduction to Project:
There has been a great deal of hype for graphical passwords since two decade due to the fact that primitives methods suffered from an innumerable number of attacks which could be imposed easily. Here we will progress down the taxonomy of authentication methods. To start with we focus on the most common computer authentication method that makes use of text passwords. Despite the vulnerabilities, it’s the user natural tendency of the users that they will always prefer to go for short passwords for ease of remembrance [10] and also lack of awareness About how attackers tend to attacks.
Unfortunately, these passwords are broken mercilessly by intruders by several simple means such as masquerading, Eaves dropping and other rude means say dictionary attacks, shoulder surfing attacks, social engineering attacks [10][1].To mitigate the problems with traditional methods, advanced methods have been proposed using graphical as passwords. The idea of graphical passwords first described by Greg Blonder (1996). For Blonder, graphical passwords have a predetermined image that the sequence and the tap regions selected are interpreted as the graphical password. Since then, many other graphical password schemes have been proposed. The desirable quality associated with graphical passwords is that psychologically humans can remember graphical far better than text and
hence is the best alternative being proposed. There is a rapid and growing interest in graphical passwords for they are more or infinite in numbers thus providing more resistance. The major goal of this work is to reduce the guessing attacks as well as encouraging users to select more random, and difficult passwords to guess.
EXISTING SYSTEM:
Existing approaches to Users often create memorable passwords that are easy for attackers to guess, but strong system-assigned passwords are difficult for users to remember. Despite the vulnerabilities, it’s the user natural tendency of the users that they will always prefer to go for short passwords for ease of remembrance and also lack of awareness about how attackers tend to attacks. Unfortunately, these passwords are broken mercilessly by intruders by several simple means such as masquerading, Eaves dropping and other rude means say dictionary attacks, shoulder surfing attacks, social engineering attacks.
PROPOSED SYSTEM:
We propose is to reduce the guessing attacks as well as encouraging users to select more random, and difficult passwords to guess. The proposed system work merges persuasive cued click points and password guessing resistant protocol.
The Java Platform
A platform is the hardware or software environment in which a program runs. The Java platform differs from most other platforms in that it's a software-only platform that runs on top of other, hardware-based platforms. Most other platforms are described as a combination of hardware and operating system.
APPLICATION:
It is a program that we can execute from any operating system prompt. A special kind of application known as a server serves and supports clients on a network. Examples of servers include Web servers, proxy servers, mail servers, print servers, and boot servers. Another specialized program is a servlet. Servlets are similar to applets in that they are runtime extensions of applications. Instead of working in browsers, servlets run within Java servers, configuring the server.
APPLET:
It is a java program that executes inside a web page. It requires a java enabled browser which requires an interpreter. Applets are commonly used to enhance the interactivity of a web page, and deliver client-side content. Applets run in their own frame, and can display graphics, accept input from GUI components, and even open network connections. Due the potential security risks associated with running applets from external and potentially malicious sources, most web browsers limit file access, and impose additional restrictions on applets.
Stand-alone applications have no such restrictions, and a full range of functionality is provided for in the way of pre-written Java classes. Stand-alone applications can run as a console application (writing text to the screen or terminal window), or they can have a graphical user-interface, by opening a new window or dialog box.
Method overloading
It is a feature found in various programming languages such as Ada, C#, C++, D and Java that allows the creation of several methods with the same name which differ from each other in terms of the type of the input and the type of the output of the function.
For example, doTask() and doTask(object O) are overloaded methods. To call the latter, an object must be passed as a parameter, whereas the former does not require a parameter, and is called with an empty parameter field. A common error would be to assign a default value to the object in the second method, which would result in an ambiguous call error, as the compiler wouldn't know which of the two methods to use.
Another example would be a Print(object O) method. In this case one might like the method to be different when printing, for example, text or pictures. The two different methods may be overloaded as Print(text_object T); Print(image_object P). If we write the overloaded print methods for all objects our program will "print", we never have to worry about the type of the object, and the correct function call again, the call is always: Print(something).
Microsoft SQL Server 2000 Storage Engine
MySQL was created by Michael Widenius, (monty[at]analytikerna.se). It is a small, fast and capable relational database in the tradition of Hughes Technologies Mini SQL database. (NOTE that the MySQL database package contains no Mini SQL source code, it does however share some of the same look and feel both in the C API and in the names and function of many of its programs. This has been done to make it relatively easy to port Mini SQL applications and utilities to MySQL.)
The client portion of MySQL has been placed in the public domain while most of the rest of MySQL is distributed under the license listed in appendix A of this document. Small portions are covered by either Berkeley style copyright, or GNU licenses.
David Axmark created and maintains the autoconf portion of MySQL, along with maintaining the MySQL
The MySQL database system is free for most uses, but if support is an issue for you, that is an option as well. Having said that, I urge people to register MySQL if they can afford it, even if the license would not require that they do so. Everyone benefits by supporting this sort of product. At this point I know a lot of people out there are making money off of MySQL. If you are one of them than I ask you as a favor to me for writing the manual, and to Monty for writing MySQL PLEASE register. If you need a pragmatic reason, how are you going to feel if MySQL goes away? How are your customers going to feel?
Conclusion & Future Enhancement
A major advantage of Persuasive cued click point scheme is its large password space over alphanumeric passwords. There is a growing interest for Graphical passwords since they are better than Text based passwords,
although the main argument for graphical passwords is that people are better at memorizing graphical passwords than text-based passwords. Online password guessing attacks on password-only systems have been observed for decade‟s
. Present-day attackers targeting such systems are empowered by having control of thousand to million node botnets. In previous ATT-based login protocols, there exists a security-usability trade-off with respect to the number of free
failed login attempts (i.e., with no ATTs) versus user login convenience (e.g., less
ATTs and other requirements). In contrast, PGRP is more restrictive against brute force and dictionary attacks while safely allowing a large number of free failed attempts for legitimate users. PGRP is apparently more effective in preventing password guessing attacks (without answering ATT challenges), it also offers more convenient login experience, e.g., fewer ATT challenges for legitimate users. PGRP appears suitable for organizations of both small and large number of user accounts.