Presented by : Sitynoryasmin Binti Ahmad Khairuddin Norhasliza Binti Ibrahim Azlida Binti Osman.
NOR AZIDA BINTI MOHD FAZLI...Name: Nor Azida Binti Mohd Fazli Date: 28 January 2021 ii CONFIRMATION...
Transcript of NOR AZIDA BINTI MOHD FAZLI...Name: Nor Azida Binti Mohd Fazli Date: 28 January 2021 ii CONFIRMATION...
-
GRAPHICAL PASSWORD AUTHENTICATION USING
CUED CLICK POINT TECHNIQUE
NOR AZIDA BINTI MOHD FAZLI
BACHELOR OF COMPUTER SCIENCE (COMPUTER
NETWORK SECURITY) WITH HONOURS
UNIVERSITI SULTAN ZAINAL ABIDIN
2021
-
GRAPHICAL PASSWORD AUTHENTICATION USING CUED
CLICK POINT TECHNIQUE
NOR AZIDA BINTI MOHD FAZLI
BACHELOR OF COMPUTER SCIENCE (COMPUTER
NETWORK SECURITY) WITH HONOURS
Universiti Sultan Zainal Abidin
2021
-
i
DECLARATION
I hereby declare that the report is based on my original work with allocate the
information source of research knowledge except for quotations and citations, which
have been recognized correctly. I also declare that it has not been previously or
concurrently submitted for any other degree at Universiti Sultan Zainal Abidin or other
institutions.
_______________________________
Name: Nor Azida Binti Mohd Fazli
Date: 28 January 2021
-
ii
CONFIRMATION
This is to confirm that:
The research conducted and the writing of this report were under my supervision.
__________________________
Name: Roslinda Binti Muda
Date: 28 January 2021
-
iii
DEDICATION
In the Name of Allah, the Most Gracious and the Most Merciful. Alhamdulillah, thank
God for His grace and grace, I can prepare myself to write the report with enough
healthy during pandemic time.
First of all, I would like to express my appreciation to thank my supervisor, Madam
Roslinda Binti Muda because I have the chance to effectively write this report with her
guidance and recommendation, advice, and insightful thoughts.
As well as my gratitude is also to my colleagues who share ideas, opinions, knowledge,
and reminders. They helped me answer every question that was important to me during
making the report. Thanks also to my beloved mother and family for always encourage,
give the support and understanding my task to prepare the report for Final Year Project
I in the house.
I would like to take the opportunity to thank all lecturers of the Informatics and
Computing Faculty for their supporting and exchanging ideas and perceptions to write
this report more focus, direction and advice.
May Allah SWT bless all the efforts that have been given in completing this report.
Thank you.
-
iv
ABSTRACT
Various kind of system generally uses a graphic-password approach in the
authentication process as an additional action to protect user’s privacy data. Password
authentication in graphics-based enhance the level of security login system rather than
only use a text-based password. The user tends to create memorable text password
where give a chance to attackers for guess the user’s password. Then, it will cause the
user’s password is weak and insecure. However, using a graphic password likewise a
vulnerable state to shoulder surfing attack. This scheme is designed to implement the
use of cued click point technique in graphical password authentication to improve the
data security of the user's password. In cued click point technique, it will request the user
to click a point of the image in the sequence where a specific part pixel’s value will
bring to click point x and y. Cued Click Point technique will create an effective way to
provide the graphical password in making the data user is more secure instead of only
using the textbase form. The expected outcome of this project is it can reduce the guess
by intruders and be alert of shoulder surfing attacks by applying cued click point
technique in graphical password authentication.
-
v
ABSTRAK
Pelbagai jenis sistem umumnya menggunakan pendekatan kata laluan-grafik dalam
proses pengesahan sebagai tindakan tambahan untuk melindungi data privasi
pengguna. Pengesahan kata laluan berasaskan grafik meningkatkan tahap keselamatan
kemasukan ke dalam sistem daripada hanya menggunakan kata laluan berasaskan teks.
Pengguna cenderung membuat kata laluan teks yang tidak dapat dilupakan di mana
ianya memberi peluang kepada penceroboh untuk meneka kata laluan pengguna.
Kemudian, ia akan menyebabkan kata laluan pengguna lemah dan tidak selamat.
Namun begitu, menggunakan kata laluan grafik juga lemah terhadap serangan
“shoulder surfing”. Skema ini dirancang untuk menerapkan penggunaan teknik titik
klik yang disyaratkan dalam pengesahan kata laluan grafik untuk meningkatkan
keselamatan data kata laluan pengguna. Di dalam teknik petunjuk titik klik, pengguna
akan mengklik titik gambar dalam urutan di mana nilai piksel bahagian tertentu akan
membawa ke titik klik x dan y. Teknik petunjuk titik klik akan memberikan sebuah cara
yang berkesan dengan menggunakan kata laluan grafik untuk menjadikan data
pengguna lebih selamat dan bukan hanya menggunakan teks semata-mata. Hasil yang
diharapkan daripada projek ini adalah dapat mengurangkan cubaan oleh penceroboh
dan waspada terhadap serangan “shoulder surfing”dengan menerapkan teknik
petunjuk titik klik dalam pengesahan kata laluan grafik.
-
vi
CONTENTS
Pages
DECLARATION i CONFIRMATION ii DEDICATION iii
ABSTRACT iv ABSTRAK v
LIST OF TABLES vii LIST OF FIGURES viii LIST OF ABBREVIATIONS ix CHAPTER 1 INTRODUCTION 10
1.1 Project Background 10
1.2 Problem Statement 12 1.3 Objectives 12 1.4 Scope 12 1.5 Limitation of Work 13
1.6 Thesis Structure 13 1.7 Summary 14
CHAPTER 2 LITERATURE REVIEW 15 2.1 Introduction 15
2.2 Cued Recall Method 15 2.2.1 Blonder Algorithm 15 2.2.2 Passpoint Algorithm 16
2.2.3 Background DAS Algorithm 16 2.2.4 Passmap Algorithm 17
2.2.5 Passlogix v-Go Algorithm 18 2.3 Usability and security in graphical-password based 19 2.4 Summary 25
CHAPTER 3 METHODOLOGY 26
3.1 Introduction 26 3.2 Framework of Graphical Password Authentication Using CCP
Technique 26 3.3 Use Case Diagram Authentication System 27
3.4 Sequence Diagram Login Phase 28 3.5 Flowchart of Cued Click Point Technique 28 3.6 ERD Diagram of GPA Data Structure 30
3.7 Summary 30 CHAPTER 4 CONCLUSION 31
4.1 Introduction 31 REFERENCES 32
-
vii
LIST OF TABLES
Table No. Title Page
Table 1. Comparison of the method in Cued Recall based 19
Table 2: Usability and security parameters in graphical password 21
-
viii
LIST OF FIGURES
Figure No. Title Page
Figure 1: Blonder Algorithm 16
Figure 2: Passpoint Algorithm 16
Figure 3: Background DAS Algorithm 17
Figure 4: Passmap Algorithm 18
Figure 5: Bedroom Environment Passlogix v-Go Algorithm 18
Figure 6: The framework of GPA with Cued Click Point technique 27
Figure 7: Use Case Diagram Authentication System 27
Figure 8: Login Phase by Using Sequence Diagram 28
Figure 9: Flowchart of Password in Cued Click Point Technique 29
Figure 10: Cued Click Point Technique in Graphical Password 29
Figure 11: ERD Diagram of GPA Data Structure 30
-
ix
LIST OF ABBREVIATIONS
GPA GRAPHICAL PASSWORD AUTHENTICATION
CCP CUED CLICK POINT
-
10
CHAPTER 1
INTRODUCTION
1.1 Project Background
Along with the growing advancement technology, the world becomes digital at a fast
speed and develop several platforms happen in an online form such as online shopping
and storing all the credential information like phone number and credit card details in
digital storage. When everything is changing online, the risk of cyber fraud and data
breaches is rising. Secure data and information of users became a critical significant
in an authentication system. Password acts as a first-line level as defenders in avoiding
from intruders easily access user’s privacy. Many systems have provided an
authentication process (login form) to an authorized user before they can access their
account. Authentication acts as a mechanism where the system can determine and
verify the authorized user [1].
The user can prove their identity through three major authentication categories
are Token-Based Authentication, Biometric-Based Authentication, and Knowledge-
Based Authentication provided by the system [2]. Commonly, more system prefers
Knowledge-Based Authentication due to less cost rather than Biometric-Based and
Token-Based Authentication. In Knowledge-Based Authentication involves two
technique which is text-based and picture-based.
Since text-based password or traditional method authentication using
alphanumeric passwords, the main proposed for this password is to offer more security
level in resisting the intruders to gaining user’s data within a little time. Combination
of the mix (letter, upper and lower case, number and symbol) and long characters (more
-
11
then 8) will ensure the password becomes strong and hard to guess, thus the privacy
of a user is not easy to crack. Unfortunately, it will give the burden on the user for
memorizing the jumble of characters.
As an alternative to conquer this problem, other than Biometric-based,
graphical-password are used to assist the user in creating a password more convenient
and protected. In the graphical-password authentication (GPA) method, this method
offers to replace the alphanumeric password with graphics-based and implement the
two main aspects are usability and security parameter. With GPA, other than easy to
remember and its also provide more security than text-based as well goes to human
brain tend to recognize visual information like a photo than text information in their
memory [3]. Hence, the user will effortlessly recall the image used. GPA is classified
into two categories where are pure recalled-based and cued recall-based.
Cued Click Point (CCP) is a method under cued recall-based. In this method,
the user will click on any point of the image for each image that chose and then capture
the specific part pixel’s value will bring to point x and y. A click point is used on five
different images [4]. The user could fast create and re-enter their watchword and very
precise when entering their click point on the image and hard to guess by an attacker
due to having a large set of images [5].This project proposed to implement the CCP
technique in graphical password authentication to overcome the user’s problems and
thus increase the data security of the user’s password. Therefore, a password will be
more protected with the increasing number of the image where give workloads to
attacker especially shoulder surfing. The implementation of Cued Click Point
technique in graphical password based will be effective in making user use more
friendly and the data user is more secure instead of only using the textbase form.
-
12
1.2 Problem Statement
The user tends to create an easy-to-remember password scheme as well as use
memorable things as a password like date of birth. Without them realize, the password
will be easy to crack by an attacker with using several methods such as the use of tool
John The Ripper. Also, users keep the same password to different accounts [6] to avoid
themselves to forget many passwords that have been created.
Other issues come up is the potential of using graphical password based to
the authenticate user also give a drawback where the shoulder surfing attack can
capture the picture (password) loaded by the user during the authentication process
and by other attackers. Hence, the traditional method authentication, textual password
give burden to the user for remember it and at the same time protection of graphical
password in term of securing the password is low.
1.3 Objectives
The following objectives are being targeted in this project:
i. To study and examine various approaches in the graphical password method.
ii. To design an authentication system using graphical-based as a password.
iii. To evaluate Cued Click Point technique in graphical password authentication to ease the
user and get better security towards password.
1.4 Scope
This project will focus on creating graphic password authentication that is more secure
and easy to remember by applying cued click point technique in graphic password-
based.
-
13
1. User Scope
The new user needs to register in the system where requires basic access authentication
like username and other required details. Next, the user must choose five different
images and click a point for each image to insert the password to make registration
successful.
2. System scope
This project provides security for ensuring the user’s password was protected, so an
unauthorized user and intruder can’t invade into a user account. It will capture a point
on the image that is clicked by the user. Then generate value (involve two primes
number x and y) as a user’s password.
1.5 Limitation of Work
The limitation has been discovered in this project where for the user didn’t remember
their click point on the image, the system only provides two chances, and after that login
process was closed. It will cause the user to need to login back in to enter the system.
Also, the limited choice of picture to insert the point where the user needs to click on
the given picture only and the user need to re-click again the point for all pictures if they
want to change only one point on one image. Next, this proposed project also has a
limitation where it can’t provide the forget password form because this project wants to
test the level of effectiveness Cued Click Point technique as a method to alter the textual
method.
1.6 Thesis Structure
This thesis consists of 3 chapters where encompass the detailed information related to
this project.
-
14
Chapter 1
Chapter 1 covers the introduction of the idea of the whole project. The section that in
this chapter are project background, problem statement, objectives, scope, limitation,
and limitation work for this project.
Chapter 2
In the chapter 2, the review of the literature paper will be present and describe related to
the project to acquiring more information and understanding the proposed project. The
method that has been used for graphical passwords will be explained in this chapter.
Also, the important element of graphical passwords from reading materials such as
journals will be described in this chapter.
Chapter 3
In the chapter 3, the methodology of this project will be explained where to include its
process model and data model and adding some detailed design where include
framework and flowchart will be more illustrate and describe this project in this
chapter.
Chapter 4
Chapter 4 contains the conclusion regarding information about Graphical Password
Authentication by using Cued Click Point techniques.
1.7 Summary
The necessary information related to this project were discussed in this chapter. The
implementation of Cued Click Point as a technique or method in graphical password
were used to conquer(overcome) the problem in graphical-based password.
-
15
CHAPTER 2
LITERATURE REVIEW
2.1 Introduction
In the literature review, it will review cued recall method in a graphics-based password
where it will focus on click the point on the image and also review some study to
compare the element usability and security that should have in the graphics-based
password as the sources to complete the project.
2.2 Cued Recall Method
Graphical-based password is another method that uses in knowledge-based method to
verify authorized users. The various method that has been used to create a password
with graphic based. One of the main methods is cued recall based. In this method, the
user needs to click the point as their password on the image. These are the following
method in cued recall based.
2.2.1 Blonder Algorithm
This algorithm was created by Greg E. Blonder in 1996. The user needs to click the
point on the region in the given picture to get successful access to the system.
According to Blonder, this algorithm is safe because it has a million different regions
to choose from (Lashkari et al., 2010). Figure 1 shows the Blonder algorithm is being
used to create the password.
-
16
Figure 1: Blonder Algorithm
2.2.2 Passpoint Algorithm
An alternative algorithm was designed to enhance the limitation of the Blonder
technique (lack with have the predefined region in the image). This scheme has been
developed by Wiedenbeck et al. in 2005 and comprises a sequence of a click point (5
to 8) that allows the user to choose it on an image. With using any nature image or
favorite image as well, it should be rich enough to have many possible click points as
a hint (picture) to the user in remembering the click points (O, 2015). Figure 2
illustrated the clicked point in the Passpoint algorithm.
Figure 2: Passpoint Algorithm
2.2.3 Background DAS Algorithm
An improvement technique has been proposed in 2007 for easy for the user to create
the credentials and enhance security from the original DAS scheme. Instead of drawing
a grid, this technique adding a background image to provide a cued recall. Therefore, the
-
17
user needs to choose one of the three-way states:
i. Before starting drawing, users need to have a secret in their mind and then
by using point, draw it from a given background image.
ii. The user’s secret choice must affect by various characteristics of the image.
iii. User can mix two way afore.
User is easy to learn and create the graphical-password but it is the lack in reproduce the
previous secret password and allows shoulder surfing to do attack (Hafiz et al., 2008).
Figure 3 shows the example of creating a password in the Background DAS algorithm.
Figure 3: Background DAS Algorithm
2.2.4 Passmap Algorithm
In Passmap algorithm, its provide less click point than Passpoint and more security.
Other than that, the user will easy to memorize and it is also convenient to use in
practice. User is effortless to recall the landmarks on a well-known journey according
to studies of human memory (Aarthi & Elangovan, 2014). Figure 4 will show the
Passmap algorithm.
-
18
Figure 4: Passmap Algorithm
2.2.5 Passlogix v-Go Algorithm
Passlogic Inc. is a commercial security company located in New York City USA has
created this algorithm in 2002. In this algorithm, it uses a “Repeating a sequence of
actions” technique where the password is created by chronology situation. From this,
the user can select the image by drag a series of the item in the image based on
environment to create the password(Gokhale & Waghmare, 2016). Figure 5 will show
the environment that to create a password.
Figure 5: Bedroom Environment Passlogix v-Go Algorithm
-
19
Table 1. Comparison of the method in Cued Recall based
Algorithm Of
Cued Recall Method
Pros Cons
Blonder Safe algorithm to
keep password user is
secure.
The number of predefined
click regions was small thus
make the password is quite
long to be secure.
User can’t choose their point
in the image
Passpoint Allow user to choose
several points in the
picture with
particular order.
Taking a longer time than
the alphanumeric method
to log in.
Background DAS Easy to create by the
user on both
background image and
drawing grid.
Memory decaying next
a week later.
Passmap Not exposed to
shoulder surfing.
Vulnerable to Brute
Force Attack.
Passlogix v-Go Attract and ease the
user to create their
password with real
situation.
The size of the password
space is small.
Easy to guessable.
2.3 Usability and security in graphical-password based
Usability and security features are essential to get an efficient graphic-based password
method. Balancing both features is important that needs to observed when creating the
graphics-based password. It is because the usability of this scheme allows users to be
able to create their password with the graphic password with friendly and easy-to-use
and at the same time the security of this scheme can act as a defender to avoid any data
-
20
breach to the attacker. The previous study will be review to observed its effectiveness.
According to (Hafiz et al., 2008), the researchers recognized the traditional
authentication system has its flaws in the aspect of usability and security where can
give the problem to the user. A graphical password might be an option to conquer this
problem. In this paper, to improve the existing user authentication technology schemes
to make this method more usable and secure to the user, the longitudinal trial testing
method in a controlled lab environment has been used. Hence, a graphical password
scheme is difficult to be cracked by traditional attack methods such as brute force
search, dictionary, social engineering, and spyware attack have been identified. Even
though graphical authentication has been proposed as a possible alternative solution to
text-based authentication due to the strong password is difficult to memorize. (Masrom
et al., 2009) has found the common lacks that occur in the algorithm of Pure Recall-
Based and Cued Recall Based have been identified. And at the same time, if using the
graphical password, it may better to avoid dictionary attacks due to the number possible
of passwords space is high. (Singh & Chanu, 2013) stated the memorable of user
remember the graphic password have been described with the implementation of Cued
Click technique.
In graphical passwords, it is important to achieve the two main elements
which are security and usability. (Bhanushali et al., 2015) have compared the
algorithm based on two metrics which are the security (attack in graphic password
method) and usability (password space and entropy). Hence, the graphical password
has better security more reliable have been founded. It is true humans easy to remember
the graphic rather than text when (Khodadadi et al., 2016) stated in the paper that the
human psychology study reveals that humans find it not difficult to memorize pictures
as opposed to characters. Besides, the usability aspect of the graphical password scheme
-
21
has many categories. With using technique comparison of success rate login, login
time, and memorability in details, a set of usability attributes that can be applied in
recognition-based Graphical Password technique have been found which is can be
classified in nine categories like “User assigned Images, Meaningful Images, Category
of Images, Easy and Fun to Use, Easy to Create, Easy to Execute, Easy to learns and
Understand, Easy to Correct, and Nice and Simple Interface”. But, the graphical
password is unresistant to shoulder surfing attacks (Gokhale & Waghmare, 2016).
Then, the use of cued click point technique with many images and separated click point
can avoid the shoulder surfing attack(Sharma et al., 2017). Furthermore, the pattern
and the other common attacks have been identified(Poharkar, 2017). As a solution to
get more security, (S et al., 2018) found cued click point and persuasive cued click
point provide better security.
Table 2: Usability and security parameters in graphical password
Year Tittle Author Technique Descriptions
2017
Cued
Click
Point
(CCP)
Algorithm
for
Graphical
Password
To
Authentica
te
Sharma,
Soni
Pawar,
Monali
Patil,
Snehal
Gole,
Sonam
Cued Click Point
Algorithm
To provide more security
of graphical password to
resist the shoulder surfing
attack.
Percentage of shoulder
surfing attack before using
Cued Click Point is higher
than after using Cued
Click Point
-
22
Shoulder
Surfing
Resistance
2018 Authentica
tion
System–
Overview
of
Graphical
Passwords
S, Ms.
Dhiviyaa
R, Ms.
Rakshitha
K R, Ms.
Vijayabha
rathi
Method of
graphical
password:
recognition based
and recall based
authentication
Review of recognition
based and recall based
authentication
Proposed Cued Click Point
and Persuasive Cued Click
Point is better security
Graphic passwords are
more dependable and
cheaper than
authentication methods.
2017 Graphical
Password
Authentica
tion
Technique
: A Survey
Kanchan
Poharkar,
Dr.S.A.
Ladhake
Do a comparison
of security issue
in the graphical
password and
text-based
password and
identify major
design and
implementation
Survey of graphical
password techniques about
+ Security issue that
arrives + Design and
implementation issue
Survey on attack pattern
and common attacks in
graphical password
authentication.
-
23
issue of graphical
password
2016 The
Shoulder
Surfing
Resistant
Graphical
Password
Authentica
tion
Technique
Gokhale,
Mrs.
Aakansha
S.Waghm
are,
Vijaya S.
Modified of
Recognition and
Recall based
approach
+ To proposed new
graphical password
authentications that
resistant to shoulder
surfing and other types of
possible attacks.
+ Provide more strong
security against brute force
and guessing attack due to
having large password
space.
2016 Evaluation
of
Recognitio
n-Based
Graphical
Password
Scheme In
Term Of
Usability
and
Security
Attributes.
Touraj
Khodadadi
,A.K.M.
Muzahidul
Islam,
Sabariah
Baharun,
Shaza
Komaki
Make comparison
in details
according to
success rate login,
login time, and
memorability
+ Research usability
features that need to add
on and possible attacks
will happen in recognition-
based
+ Found a set of usability
attributes that can be
classified into 9 categories.
+ The possibility of the
attack on the Recognition-
Based Graphical Password
technique identified where
-
24
only the passfaces scheme
and triangle scheme has
the least attack were only
vulnerable Brute Force
Attack.
2015
Compariso
n of
Graphical
Password
Authentica
tion
Technique
s
Arti
Bhanushal
i, Bhavika
Mange,
Harshika
Vyas,
Hetal
Bhanushal
i, Poonam
Bhogle
Comparing the
algorithm based
on two metrics: 1)
Security +
Attack, password
space and entropy
resistance
2) Usability
+ Usability
features
+ Describe and discuss the
various approach by using
graphical passwords. +
Passpoint algorithm gives
a secure advantage over
other algorithms due to
having a large password
space than the
alphanumeric password.
But it is vulnerable to
Spyware attacks.
2009 Pure and
Cued
Recall-
Based
Graphical
User
Authentica
tion
Maslin
Masrom,
Farnaz
Towhidi,
Arash
Habibi
Lashkari
Identify the lacks
of the algorithm
of Pure Recall-
Based and Cued
Recall Based in
detail.
5 common lacks in 9 nine
algorithms (both
techniques) that have been
discovered.
-
25
2008 Towards
Identifyin
g Usability
and
Security
Features
of
Graphical
Password
in
Knowledg
e-Based
Authentica
tion
Technique
Muhamma
d Daniel
Hafiz,
Abdul
Hanan
Abdullah,
Norafida
Ithnin,
Hazinah
K. Mammi
Use the
longitudinal trial
testing method in
a controlled lab
environment
Graphical password
scheme is difficult to be
cracked by traditional
attack methods such as
brute force search,
dictionary, social
engineering, and spyware
attack.
2.4 Summary
In this chapter, the information related to this project will be used as the source after
reviewing and analyzing the previous research paper. It is important to find the best
method for overcoming the problem that has been stated.
-
26
CHAPTER 3
METHODOLOGY
3.1 Introduction
In methodology, the choice of the efficient method and technique will be described to
ensure the flow of the project is more systematic during development. The performances
of theoretical analysis (method) will be explained on how the method is used to run the
project. All the system design (diagram) are implemented including the framework, use
case diagram, sequence diagram, flowchart and ERD diagram of the project.
3.2 Framework of Graphical Password Authentication Using CCP Technique
This framework explained a series of steps and decisions that describing the way of
graphical-password is work completed during the authentication process. In this project,
in Figure 6 below shows, at the first stage, the new user needs to register their
information before creating a password like a username, date of birth, email, and phone
number. Then, they need to click the one point on the five given different picture in the
sequence. Their information will be saved into the database. During the login phase, the
user needs to enter the username, click the point same as the registration phase before.
The system will provide the registered image in the sequence. Then, compare the value
of point in the database and send back the result to the registered user. Hence, if the
information is the same as registration before, the user has success authenticate.
-
27
Figure 6: The framework of GPA with Cued Click Point technique
3.3 Use Case Diagram Authentication System
This diagram will show the general relationship between the use case, user, and database
in the authentication system. For new users, it will interact with the system where they
need to fill in requirements like username, date of birth, email, and password. During
set the password, the system will give several pictures that need the user to choose. The
user will choose 5 pictures and click a point on the chosen image. Then, the database
will save the information. For the registered user, they will enter the username and click
the point on images that give by the database.
Figure 7: Use Case Diagram Authentication System
-
28
3.4 Sequence Diagram Login Phase
By using a sequence diagram as a model, it will present concisely how the data flow
that happens during the login phase. It involves four entity which are user, login form,
system, and database. After the registered user clicks the login button and enter the
username, the database will provide the images and the system will send them to the
user in the sequences. The user needs to click a registered point on the image, this
process will repeat five times because, during registration, the user has registered the
point for five images which means 5 points. After clicking the valid point, the password
match and the user are passed and authenticate.
Figure 8: Login Phase by Using Sequence Diagram
3.5 Flowchart of Cued Click Point Technique
The Cued Click Point technique will be shown in the flowchart design how it can be
run in graphical-password. This technique will start doing the repetition where during
the process user will choose the image and click a point on the image. After the user
finishes their task, the technique will increment until the condition is equal or more than
5 where means the image is enough 5. The image is having some of the pixels. And then
on each pixel, the value of point X and Y was captured. Hence, both values as a user’s
password will store directly in the database.
-
29
Figure 9: Flowchart of Password in Cued Click Point Technique
In Figure 10 below, after the user login, this technique will also be doing repetition and
during the process click the registered point, it’s provided condition if the point is not
the same as registered, the user needs to re-click again on the image. Hence, they have
been success authenticate users after finish the process.
Figure 10: Cued Click Point Technique in Graphical Password
-
30
3.6 ERD Diagram of GPA Data Structure
In this diagram, it will show the data structure that happens in a graphical password
authentication system. To create an efficient and effective database, the ERD diagram
will help to organize the entity and relationships that happen in the database. The main
entity that will be focused is password and image. For these entities, it is essential to
ensure the user easily gain their password. Figure 11 below illustrates the relationships
that happen in graphical password authentications.
Figure 11: ERD Diagram of GPA Data Structure
3.7 Summary
In this chapter, it has been discussed the details about the method that measures before
applying it to the project. It is essential to ensure the determined project’s flow run
smoothly.
-
31
CHAPTER 4
CONCLUSION
4.1 Introduction
In conclusion, graphical-password based as an alternative method instead use the
alphanumeric password to ensure the user more easily to memorize and their credential
will be more protect from traditional attack method like Brute force attack. However,
the graphical password vulnerable to shoulder surfing attack. Hence, the Cued Click
Point technique as one of the methods in graphical-password based be a solution to
overcome this problem. The increase number of images will give the burden to attacker
for guessing the user’s password. The data and information user will be more secure.
-
32
REFERENCES
[1] Harold F. Tipton, M. K. (2007). Information Security Management Handbook Volume 1. New York: Auerbach Publication.
[2] Bhanushali, A., Mange, B., Vyas, H., Bhanushali, H., & Bhogle, P. (2015). Comparison of Graphical Password Authentication Techniques. International
Journal of Computer Applications, 116(1), 11–14. https://doi.org/10.5120/20299-
2332.
[3] Dhanashree Kadu, Shanthi Therese, Anil Chaturvedi, “An Effective Authentication Method Using Improved Persuasive Cued Click Points “, International Research Journal of
Engineering and Technology, Vol. 4, Issue 10, Oct 2017.
[4] Iranna A M, Pankaja Patil, “graphical password authentication using persuasive cued click point “, International Journal Advanced Research in Electrical,
Electronics, and Instrumentation Engineering, Vol. 2, Issue 7, July 2013.
[5] R. Shantha Selva Kumari, S. Viji, “Cued Click Point Using Picture Grid “, International Journal of Computer Science and Network”, Vol. 4, Issue 6, Dec
2015.
[6] S. Chiasson, R. Biddle, and P. van Oorchat, “A Second Look at the Usability of Click-Based Graphical Password,” Proc. ACM Symp. Usable Privacy and Security
(SOUPS), July 2007.
-
[7] Aarthi, D., & Elangovan, K. (2014). A Survey on Recall-Based Graphical User Authentications Algorithms. 2, 89–99.
[8] Bhanushali, A., Mange, B., Vyas, H., Bhanushali, H., & Bhogle, P. (2015). Comparison of Graphical Password Authentication Techniques. International
Journal of Computer Applications, 116(1), 11–14. https://doi.org/10.5120/20299-
2332
[9] Gokhale, M. A. S., & Waghmare, V. S. (2016). The Shoulder Surfing Resistant Graphical Password Authentication Technique. Procedia Computer Science, 79,
490–498. https://doi.org/10.1016/j.procs.2016.03.063
[10] Hafiz, M. D., Abdullah, A. H., Ithnin, N., & Mammi, H. K. (2008). Towards identifying usability and security features of graphical password in knowledge
based authentication technique. Proceedings - 2nd Asia International Conference
on Modelling and Simulation, AMS 2008, 396–403.
https://doi.org/10.1109/AMS.2008.136
[11] Khodadadi, T., Islam, A. K. M. M., Baharun, S., & Komaki, S. (2016). Evaluation of recognition-based graphical password schemes in terms of usability and security
attributes. International Journal of Electrical and Computer Engineering, 6(6),
2939–2948. https://doi.org/10.11591/ijece.v6i6.11227
[12] Lashkari, A. H., Gani, A., Sabet, L. G., & Farmand, S. (2010). A new algorithm on Graphical User Authentication (GUA) based on multi-line grids. Scientific
Research and Essays, 5(24), 3865–3875.
[13] Masrom, M., Towhidi, F., & Lashkari, A. H. (2009). Pure and cued recall-based graphical user authentication. 2009 International Conference on Application of
Information and Communication Technologies, AICT 2009, 1–6.
https://doi.org/10.1109/ICAICT.2009.5372534
[14] O, V. B. (2015). Authentication Scheme for Passwords using Color and Text. 3(3), 316–323.
[15] Poharkar, K. (2017). Graphical Password Authentication Technique : A Survey. International Journal For Research and Development in Technology, 7(4), 16–20.
[16] S, M. D., R, M. R. K., & R, M. V. (2018). AUTHENTICATION SYSTEM – OVERVIEW OF GRAPHICAL PASSWORDS. International Research Journal of
Engineering and Technology (IRJET), 05(02), 449–455.
[17] Sharma, S., Pawar, M., Patil, S., & Gole, S. (2017). Cued Click Point ( Ccp ) Algorithm for Graphical Password To Authenticate Shoulder Surfing Resistance.
International Conference on Academic Research in Engineering and Management,
224–230.
[18] Singh, K. J., & Chanu, U. S. (2013). Graphical Password or Graphical User Authentication as Effective Password Provider. 2(9), 2765–2769.
-
APPENDIX
-
(A) Gantt Chart FYP I
W
1
W
2
W
3
W
4
W
5
W
6
W
7
W
8
W
9
W
10
W
11
W
12
W
13
W
14
Discussion tittle
and method
with supervisor
Discussion
abstract with
supervisor
Tittle, abstract
and project
scope
submission
Introduction
project
Literature
review
discussion
Proposal, slide
and gantt chart
preparation
Proposal
Presentation
Proposal
correction
Methodology
POC
Methodology
conference
Format writing
conference
Proposal draft
preparation and
discussion
Proposal draf
submission
Final report and
presentation
preparation
Final
Presentation
Proposal
correction
Proposal report
submission
Task Week
-
(B) Gantt Chart FYP II
W
1
W
2
W
3
W
4
W
5
W
6
W
7
W
8
W
9
W
1
0
W
1
1
W
1
2
W
1
3
W
1
4
W
1
5
Project
Meeting with
Supervisor
Project
Development
Implementatio
n and
Documentatio
n
Progress
Presentation
and Panel’s
evaluation
Development
project and
documentatio
n
Project
Testing
Project
Testing and
documentatio
n
FYP format
writing
workshop
Draft report
of project
submission
Poster
submission
Preparation
for final
presentation
Final
Presentation
and panel’s
evaluation
Submission
Final Thesis
Supervisor’s
evaluation
Task
Week