03-08-2012, 03:38 PM
Integration of Sound Signature in Graphical Password Authentication System
ABSTRACT :
Here a graphical password system with a supportive sound signature to increase the remembrance of the password is discussed. In proposed work a click-based graphical password scheme called Cued Click Points (CCP) is presented. In this system a password consists of sequence of some images in which user can select one click-point per image. In addition user is asked to select a sound that will be used to help the user in recalling the click point on an image. System showed very good Performance in terms of speed, accuracy, and ease of use. Users preferred CCP to Pass Points, saying that selecting and remembering only one point per image was easier and sound signature helps considerably in recalling the click points.
Keywords: Sound signature, Authentication
Body of proposal:
Passwords are used for –
(a) Authentication (Establishes that the user is who they say they are).
(b) Authorization (The process used to decide if the authenticated person is allowed to access specific
© Access Control (Restriction of access-includes authentication & authorization).
Mostly user select password that is predictable. This happens with both graphical and text based passwords. Users tend to choose memorable password, unfortunately it means that the passwords tend to follow predictable patterns that are easier for attackers to guess. While the predictability problem can be solved by disallowing user choice and assigning passwords to users, this usually leads to usability issues since users cannot .
PREVIOUS WORK
Considerable work has been done in this area,The best known of these systems are assfaces [4][7]. Brostoff and Sasse (2000) carried out an empirical study of Passfaces, which illustrates well how a graphical password recognition system typically operates. Blonder-style passwords are based on cued recall. A user clicks on several previously chosen locations in a single image to log in. As implemented by Passlogix Corporation (Boroditsky, 2002), the user chooses several predefined regions in an image as his or her password. To login the user has to click on the same regions. The problem with this scheme is that the number of predefined regions is small,perhaps a few dozens in a picture. The password may have to be up to 12 clicks for adequate security, again tedious for the user. Another problem of this system is the need for the predefined regions to be readily identifiable. In effect, this requires artificial, cartoon-like images rather than complex, real-world scenes[5][6]. Cued Click Points (CCP) is a proposed alternative to PassPoints. In CCP, users click one point on each of 5 images rather than on five points on one image. It offers cued-recall and introduces visual cues that instantly alert valid users if they have made a mistake when entering their latest click-point (at which point they can cancel their ttempt and retry from the beginning). It also makes attacks based on hotspot analysis more challenging. As shown in Figure 1, each click results in showing a next-image, in effect leading users down a “path ” as they click on their sequence of points. A wrong click leads down an incorrect path, with an explicit indication of authentication failure only after the final click. Users can choose their images only to the extent that their click-point dictates the next image. If they dislike the resulting images, they could create a new password involving different click-points to get different images.
PROPOSED WORK In the proposed work we have integrated sound signature to help in recalling the password. No system has been devolved so far which uses sound signature in graphical password authentication. Study says that sound signature or tone can be used to recall facts like images, text etc[6]. In daily life we see various examples of recalling an object by the sound related to that object [6]. Our idea is inspired by this novel human ability.
Modules 1. User Authentication:- A user id and a password is given to respective users. This indicates that only authorized user can access the given software. When ever a password and id is been created by the user its becomes they code of signifance. where the computer recognize the person as per they id and password. When the id or a password is access by the unauthenticated user it denies the login set of access where the user cannot access the id.
2. Associate Digital Sound Signature:-
This module allows the user to associate a sound file(binary format) to the generated graphical password. This enhances the security strength and will be prompted and verified at the receiving end.
3. Generate Graphical Password:-
This module allows the user to generate a graphical password. The password can also be set by both graphical and text based passwords. Where the user tend to choose memorable password, unfortunately it means that the password tend to follow predictable patterns that are easier for at trackers to guess. But with help of graphical password and sound signature the unauthenticated user cannot access it. Where we generate the graphical password as a security purpose.
4. Secure Text:- This module allows the user to send a secure text from one set of data to the other. Where the user authentication is access with the same id and password. It set of action is to deliver the data from source to destination in a secure manner. where the text is to be securely delivered to the destination. This modules verifies both the above modules and then transvers the secure text.
5. Retrieve Graphical Password:-
This module allows the user of the receiver side to retrieve the graphical password in order to check its successful transfer result. As it does not make any difference if the given url address differ from the send url as it matter the given set of matter is in a secure text. Where the receiver need to login to view the secure data he/she need to access the same graphical password to access the data.
6. Verify Sound Signature:- The Sound Signature is verified with the sender Sound Signature. In order to check whether the data is safe or have been attacked. Legislation support digital and electronic signatures as a way to authenticate electronic data and transactions are implemented around the world. The US e-sign Bill, signed by former US President Bill Clinton and the EU Directive for Digital Signatures are just two examples of this global trend.
7. Regenerate Text:- Once the Password and the Sound Signature is received ,the text gets regenerated at the client side. The module verifies the sound file, the image used and the points to verify authenticity before generating the text.
4. EXPERIMENTAL RESULTS
Data collected from 20 participants. Each participant was asked to register himself/herself and then each was invited to for login trail 5 times as legitimate user and 5 times as impostor randomly. Participants were final year engineering students of age group 20-28 Y. Table 1 shows the detail of the data generated by legitimate users and Table 2 contains the data generated by imposters. According to the data generated FRR is 4.0 and FAR is 2.0 which are very good for Graphical password authentication system.
5. CONCLUSION
AND FUTURE WORK We have proposed a novel approach which uses sound signature to recall graphical password click points. No previously developed system used this approach this system is helpful when user is logging after a long time. In future systems other patterns may be used for recalling purpose like touch of smells, study shows that these patterns are very useful in recalling the associated objects like images or text.