ISSN (Online) 2278-1021

IJARCCE ISSN (Print) 2319 5940

International Journal of Advanced Research in Computer and Communication Engineering

Vol. 5, Issue 2, February 2016

Graphical Password based Authentication System

Anitha H.B1, Adithi Reddy2, Irudaya Mary S3, Vidya V4

Abstract: Most of the existing authentication system has certain drawbacks for that reason graphical passwords are
most preferable authentication system where users click on images to authenticate themselves. Access to computer
systems is most often based on the use of alphanumeric passwords. However, users have difficulty remembering a
password that is long and random-appearing. Instead, they create short, simple, and insecure passwords. Graphical
passwords have been designed to try to make passwords more memorable and easier for people to use and, therefore,
more secure. Using a graphical password, users click on images rather than type alphanumeric characters. We have
designed a new and more secure graphical password system, called gSign. An important usability goal of an
authentication system is to support users for selecting the better password. User creates memorable password which is
easy to guess by an attacker and strong system assigned passwords are difficult to memorize. So researchers of modern
days have gone through different alternative methods and concluded that graphical passwords are most preferable
authentication system. The proposed system combines the existing cued click point technique with the persuasive
feature to influence user choice along with image steganography techniques, encouraging user to select more random
click point which is difficult to guess. Image steganography, the art of hiding data within an image is used to improve
the security of the authentication system. Textual passwords are stored within the images using the steganography
techniques.

Index Terms: Graphical password, Steganography, Image steganography.

INTRODUCTION
The problem of Knowledge based authentication that their previous click-point is incorrect and user can
mechanism (KBAM) typically text based password are restart the password entry whereas explicit indication is
well known. The goal of an authentication system is to provided after the final click point.
support users in selecting the superior password. An
alternative to alphanumeric password is the graphical RELATED WORK
password. Graphical password uses images or To understand the introductory concepts related to
representation of an image as a password. Human brains authentication system various books have been referred
easily recognize pictures than the text. Most of the time [1,2, 3] which gave a thorough knowledge about the basic
user create memorable password which is easy to guess concepts. This introductory books leads the user through a
but strong system assigned password are difficult to clear, step-by-step, screen-by-screen approach to learning
remember. An authentication system should allow user the authentication methods. Alphanumeric and graphical
choice while influencing user towards stronger passwords. passwords are the two commonly used authentication
An important usability goal of Knowledge based techniques.
authentication system is to support users in selecting In alpha numeric password the password are:
password of higher security with larger password space.
Basically persuasion is used to control user choice in click • The password should be at least 8 characters long.
based graphical password, encouraging user to select more • The password should not be easy to relate to the user.
random click point which is difficult to guess. In the • The password should not be a word that can be found
proposed system, the task of selecting weak password in dictionary or public dictionary [4].
which is easy for an attacker to guess is more tedious; Because human beings live and interact in an environment
discourages users from making such choices. In where the sense of sight is predominant for most activities,
consequence, this approach chooses the more secure our brains are capable of processing and storing large
password the path of least confrontation. Instead of amounts of graphical information with ease. While we
increasing the burden on users it’s easier to track the may find it very hard to remember a string of fifty
system suggestions for a secure password which is the characters, we are able easily to remember faces of people,
feature lacking in most of the schemes. Here persuasive places we visited, and things we have seen. These
feature is combined with previous cued click point graphical data represent millions of bytes of information
technique which uses one click point on five different and thus provide large password spaces. Thus, graphical
images. The next image to be displayed is based on password schemes provide a way of making more human-
previous click-point friendly passwords while increasing the level of security
Here the password entry becomes a true cued recall [5][6].
scenario wherein each image triggers the memory of Authentication schemes such as sessions method
corresponding click-point. For valid users it provides authenticate the user by session passwords which are used
implicit feedback such that while logging if user is unable only once. Once the session is terminated, the session
to recognize the image then it automatically alters the user password is no longer useful. For every login process,

Copyright to IJARCCE DOI 10.17148/IJARCCE.2016.5236 169

 ISSN (Online) 2278-1021
IJARCCE ISSN (Print) 2319 5940

International Journal of Advanced Research in Computer and Communication Engineering

Vol. 5, Issue 2, February 2016

users input different passwords. The session passwords system suggestion. An important usability goal of
provide better security against dictionary and brute force proposed system is to support users in selecting password
attacks as password changes for every session. But in this of higher security with larger password space. The
same problem occurs that every time user has to enter proposed system removes the pattern formation attack and
password again and again. It is too hard to remember Hotspot attack (it is an area of an image where most of the
password and as the session password is only for a user is selecting it as the click-point).Also it removes the
particular time . shoulder surfing attack. The user is also given an option to
To remove the drawback of textual password removed by store a text password which will then be encrypted in the
graphical password schemes which provide a way of images selected by the user through the technique of
making more user friendly passwords, while increasing the steganography. Image steganography is an art of hiding
level of security, they are vulnerable to shoulder surfing data within an image. The system also is a utility tool for
.Here text was combine with image and color to generate authentication with the implementation of the API module.
the session password and every time user have to enter
new password as session ends[4]. SYSTEM ARCHITECTURE
The architecture used in this project is a three tier
SYSTEM OVERVIEW architecture, which comprises of the presentation tier,
The graphical password based authentication system is logical tier and the data tier. Below is the architecture
based on click based graphical password system that not diagram of the system:
only guides and helps the user for password selection but
also encourages the user to select more random distributed
password. The proposed system is based on Persuasive
Technology which motivates and influence people to
behave in a desired manner. The system model is as given
below:

Fig 2. System Architecture

Registration
Fig 1. System Model The users of the system have to firstly register with the
application before going ahead and logging into it. The
The proposed system combines the Persuasive features
registration consists of firstly choosing the set of images
with the cued click point to make authentication system
that the user desires for setting the password, out of each
more secure. Basically during password creation the part
those images the user selects the area in the image which
of an image which is less guessable is highlighted and user
least likely guessable. For more security the user also
has to select the click-point within the highlighted portion
gives a text password which will in turn be hidden in the
and if the user is unable to select the click-point then he
set of images that the user had selected before this will be
can move towards the next highlighted portion by pressing
done by the concept of image steganography.
the shuffle button. The highlighted part of an image
basically guides users to select more random passwords Image Steganography
that are less likely to include hotspots. Therefore this Image steganography is performed during the registration
works encouraging users to select more random, and and login process of the application. It is the process of
difficult passwords to guess. During Login, images are hiding a data within another. If any type of data such as
displayed normally and user has to select the click point as image, text etc. are hidden within an image, it is known as
chosen at the time of password creation but this time image steganography. During registration process, a
highlighted portion is not present as it only provides the textual password is asked from the user, which is then

Copyright to IJARCCE DOI 10.17148/IJARCCE.2016.5236 170

 ISSN (Online) 2278-1021
IJARCCE ISSN (Print) 2319 5940

International Journal of Advanced Research in Computer and Communication Engineering

Vol. 5, Issue 2, February 2016

stored within the images. While the login process, the user
is asked to re-enter the password, which will then be
compared with the one retrieved from the image. If the
retrieved password matches with the one stored during the
login process, the user is considered authenticated.
Login Process
During logging in the user is asked to type the text
password which is matched to the text which will be
retrieved from the images which was stored during the
registration. Along with the text, the images that the user
had selected during the registration will be displayed out
of which the user will have to click on the same areas that
were clicked before.

EXPERIMENTAL RESULTS
The proposed method is practically experimented to
demonstrate the working model of the same. As mention Fig 5. Selecting the pixel on image 2
in the system architecture the first step is the registration Selecting the pixel: The highlighted area on the images is
process. Given below are the screen shots taken while a the area from which the user can select the pixel for setting
user is registering with the system: the password. This area is mathematically calculated and
projected as the least guessable area. This highlighted area
will be different for different users and images.

CONCLUSIONS AND FUTURE SCOPE

Picture passwords are an alternative to textual
alphanumeric password. Most of the existing
authentication system has certain drawbacks for that
reason graphical passwords are most preferable
authentication system where users click on images to
authenticate themselves. As authentication techniques
generate passwords but they have to face attacks like
dictionary attacks, brute force attacks, shoulder surfing.
An important usability goal of an authentication system is
to support users for selecting the better password. User
creates memorable password which is easy to guess by an
attacker and strong system assigned passwords are
difficult to memorize. So researchers of modern days have
Fig 3. Registration Process gone through different alternative methods and concluded
Here the user will enter the email address, user name, and that graphical passwords are most preferable
then selects the images for setting the password. Given authentication system. By implementing encryption
below are the images for setting the password: algorithms and hashing for storing and retrieving pictures
and points, one can achieve more security. The proposed
system combines the existing cued click point technique
with the persuasive feature to influence user choice,
encouraging user to select more random click point which
is difficult to guess. Picture password is still immature
more research is required in this field.
REFERENCES
[1] Diffie, W., and Hellman, M.E., New Directions in Cryptography, IEEE
Transactions on Information Theory, vol. 22, no. 6, November 1976, pp.
[2] Garret, Paul. Making, Breaking Codes: An Introduction to Cryptology.
Upper Saddle River, NJ: Prentice-Hall, 2001
[3] Hoffstein, Jeffery, Pipher, Jill and Silverman, Joseph H. NTRU: A
Public Key Crypto
http://grouper.ieee.org/groups/1363/lattPK/submissions.html#NTRU1.
[4] Priti Jadhao and Lalit Dole, “Survey on Authentication Password
Techniques”, International Journal of Soft Computing and Engineering
(IJSCE) ISSN: 2231-2307, Volume-3, Issue-2, May 2013
[5] L.Sobrado and J.C. Birget, “Graphical Passwords”, The Rutgers Schloar,
An Electronic Bulletin for Undergraduate Research, vol 4, 2002.
Fig 4. Selecting the pixel on image 1 [6] G. E. Blonder. Graphical passwords. United States Patent5559961, 1996.

Copyright to IJARCCE DOI 10.17148/IJARCCE.2016.5236 171