19-01-2013, 01:12 PM
IMAGE AUTHENTICATION IN PCCP THROUGH CLICK-BASED GRAPHICAL PASSWORD
1IMAGE AUTHENTICATION.pptx (Size: 607.6 KB / Downloads: 81)
ABSTRACT
Persuasive Cued-Click points (PCCP) is effective in reducing hotspots and avoiding patterns formed by click-points within a graphical password.
This project deals with providing authentication in PCCP through click-points on an image including usability and security schemes.
We use persuasion to influence user choice in click-based graphical passwords making it more difficult to guess the click-points.
OBJECTIVES
The objective of our project is,
1. To prevent an attacker from gaining access to confidential information of an individual or organization.
2. To increase the performance of a knowledge-based authentication mechanism in security systems.
AUTHENTICATION METHODS
Current authentication methods can be divided into three main areas:
Token based authentication
Biometric based authentication
Knowledge based authentication
Token based authentication
Token based techniques, such as key cards, bank cards and smart cards are widely used. Many token-based authentication systems also use knowledge based techniques to enhance security. For example, ATM cards are generally used together with a PIN number.
SHOULDER SURFING ATTACK
Shoulder surfing refers to using direct observation techniques, such as looking over someone's shoulder, to get information.
Shoulder surfing is effective in crowded places because it's really easy to stand near someone and watch them entering a PIN number for instance at an ATM machine.
This attack is also possible at a distance using vision-enhancing devices like miniature closed circuit cameras which can be concealed in ceilings, walls or fixtures to observe data entry.
HOTSPOTS
Hotspots are areas of the image that have higher likelihood of being selected by users as password click-points.
Attackers who gain knowledge of these hotspots through harvesting sample passwords can build attack on dictionaries and more successfully guess PassPoints passwords.
Users also tend to select their click-points in predictable patterns(e.g., straight lines) which can also be exploited by attackers even without knowledge of the background image.
Attacks against PassPoints passwords are a threat to a security system.
CUED CLICK-POINTS
CCP was developed as an alternative click based graphical password scheme where users select one point per image for five images.
The system determines the next image to display based on the user’s click-point on the current image.
If a user enters an incorrect click-point during login, the next image displayed will also be incorrect.
Legitimate users who see an unrecognized image know that they made an error with their previous click-point.
Implicit feedback is not helpful to an attacker who does not know the expected sequence of images.
EXISTING SYSTEM
The existing system approaches Persuasive Cued-Click Points (PCCP) over PassPoints and Cued-Click Points (CCP) to resist against the standard security threats.
During a password creation in PCCP, most part of the image is dimmed except for a small view port area.
Users must selct a click-point within the viewport.
If they are unable or unwilling to select a point in the current view port, they may press the Shuffle button to randomly reposition the view port.
The view port guides users to select more random passwords that are less likely to include hotspots.
PROPOSED SYSTEM
We propose the concept of creating graphical password using PCCP to provide secured authentication.
This system solves the problem of remembering several click-points by replacing multiple image sequence with a single window containing a set of images.
The visual representation of the images are in form of 4x4 matrix which includes both elements and the non-elements.
The proposed system provides the same level of security as PCCP but in a quite enhanced manner.
CONCLUSION
This system allows user to create a simple but effective graphical password using PCCP for providing stronger authentication.
Recent trends concentrate on providing security through multi-biometrics which is expensive on the other hand.
But this system is both efficient and cost effective in the aspects of security.
Thus the overall system increases the performance of a knowledge-based authentication mechanisms.