GRAPHICAL PASSWORD AUTHENTICATION

CHAPTER 1

INTRODUCTION

Cyber Security

Cyber security is the practice of protecting computer systems, networks, and data from
unauthorized access, attacks, and damage. It involves using technologies, processes, and
practices to secure sensitive information, prevent breaches, and ensure the integrity,
confidentiality, and availability of data. Cybersecurity is crucial in today's digital age to
safeguard personal information, financial data, and critical infrastructure from cyber threats
like hacking, malware, and phishing attacks.

Issues related to password authentication

Password authentication has some issues that make it less secure. Many people use weak or
common passwords that are easy for attackers to guess. Reusing the same password across
multiple sites also increases the risk—if one account is compromised, others can be too.
Additionally, passwords can be stolen through phishing, malware, or data breaches. These
vulnerabilities make it challenging to rely solely on passwords for secure authentication.

Web authentication at first only used text passwords. The fact that this system was insecure
and simple to hack, however, made it troublesome. Users also had to remember numerous
passwords, which was a difficult chore. Biometric authentication, QR codes, and mobile two-
step verification technologies were introduced to address the shortcomings of the text
password approach. These substitutes, however, were costly and sparsely accessible.
Graphical password authentication systems were developed to solve these problems. These
systems employ photos, which the user chooses via a graphical user interface and arranges in
a particular arrangement

DEPT of INFORMATION SCIENCE & ENGINEERING, PDACEK Page 1

 GRAPHICAL PASSWORD AUTHENTICATION

CHAPTER 2

LITERATURE SURVEY

Blonder (1996) have introduced the concept of "Graphical Passwords," where users
authenticate by selecting a sequence of images. This approach leverages image selection
rather than text-based passwords, making authentication more memorable due to the human
tendency to recall pictures more easily than words.

Building on this idea, Dhamija and Perrig (2000) has proposed a graphical authentication
scheme where users select a certain number of images from a set of randomly generated
pictures. During authentication, users must identify these pre-selected images. This method
enhances security by increasing the difficulty of brute-force attacks, given the larger search
space of possible image combinations compared to text-based passwords.

Jermyn et al. (1999) has further expanded on graphical passwords with their "click-based"
system. In this approach, users authenticate by clicking on predefined points within an image.
This method combines visual recall with spatial memory, adding an additional layer of
complexity and security.

From the literature, it is evident that graphical password systems offer superior resistance to
brute-force attacks compared to traditional text-based passwords. By utilizing pictures or
drawings, these systems tap into the human ability to remember visual information more
readily. Furthermore, the search space in graphical passwords is significantly larger, which
enhances protection against brute-force assaults.

Graphical passwords can be broadly classified into two primary categories: recognition-based
and recall-based strategies. Recognition-based strategies require users to recognize specific
images selected during registration. In contrast, recall-based strategies involve users
replicating an action or choice made during registration, such as clicking on predetermined
points within an image. Both approaches leverage the advantages of visual memory to
improve authentication security and user experience.

DEPT of INFORMATION SCIENCE & ENGINEERING, PDACEK Page 2

 GRAPHICAL PASSWORD AUTHENTICATION

OBJECTIVES:

Design a Sign-Up Process: Develop a system where users can securely register by providing
their name, username, and selecting an image as their password.

Implement an Image-Based Login Mechanism: Create a login process where users

authenticate using their username and the previously selected image password.

Ensure Secure Authentication: Make sure that the model securely matches the username with
the correct image password to grant access to the dashboard.

Enhance User Experience: Provide a straightforward and intuitive interface for both the sign-
up and login processes, ensuring ease of use.

Validate the System's Functionality: Test the system to ensure that the image password
correctly allows access only when the correct username and image are provided.

DEPT of INFORMATION SCIENCE & ENGINEERING, PDACEK Page 3

 GRAPHICAL PASSWORD AUTHENTICATION

PROBLEM STATEMENT:

Graphical password authentication, or image-based authentication, aims to enhance security

and user experience by replacing traditional alphanumeric passwords with graphical
elements. The problem arises from the challenge of designing systems that balance user
convenience with robust security. Users might find it easier to remember and interact with
images or patterns instead of complex passwords, but the system must ensure that these
graphical passwords are resistant to attacks such as guessing, shoulder surfing, or automated
cracking. Furthermore, the system must address usability concerns such as the ease of image
selection and recall, as well as accessibility for users with varying needs.

DEPT of INFORMATION SCIENCE & ENGINEERING, PDACEK Page 4

 GRAPHICAL PASSWORD AUTHENTICATION

PROPOSED SYSTEM:

The aim of our system was to overcome the drawbacks associated with traditional web
authentication methods, such as password cracking and the inconvenience of remembering
multiple passwords for various accounts. We have devised a user-friendly graphical password
system that is easy to remember and recognize, but challenging for hackers to break into.
Graphical passwords techniques are categorized into two main techniques: recall-based and
recognition-based graphical techniques.

 Recognition Based System

In recognition-based techniques, Authentication is done by challenging the user to

identify image or images that the user had selected during the registration stage. Another
name for recognition-based systems is search metric systems. It is generally require that users
memorize a number of images during password creation, and then to log in, must identify
their images among them. Humans have unique ability to identify images previously seen,
even those which has been viewed very briefly.

 Recall Based System

In recall-based techniques, a user is asked to reproduce something that he or she created or

selected earlier during the registration stage. Recall-based graphical password systems are
occasionally referred as draw metric systems since a secret drawing is recalled and
reproduced by the user.

The proposed authentication system is divided into two phases – Registration and
Authentication. Following events occur during the Registration phase of the system:

DEPT of INFORMATION SCIENCE & ENGINEERING, PDACEK Page 5

 GRAPHICAL PASSWORD AUTHENTICATION

A. Registration phase

Fig 1: Registration phase

In the above figure, the user enters their name and username. Then, a set of images is shown
as a password. The user must select the images in sequence. This sequence of images is
securely stored in local storage as a password.

DEPT of INFORMATION SCIENCE & ENGINEERING, PDACEK Page 6

 GRAPHICAL PASSWORD AUTHENTICATION

B. Authentication phase

Fig 2: Authentication Phase

In the above figure, the user enters their username. The same set of images is shown, and the
user needs to select the images in the sequence they previously set.

Access is granted if the user enters the correct username and password; otherwise, the system
prompts them to re-enter the information. Once the login is successful, it opens the
dashboard.

DEPT of INFORMATION SCIENCE & ENGINEERING, PDACEK Page 7

 GRAPHICAL PASSWORD AUTHENTICATION

METHODOLOGY:

A graphical user interface (GUI) is necessary for a graphical authentication system in order
for users to interact with it and carry out required tasks. The Interface was created using the
HTML/CSS programming language, with JavaScript changes included for dynamic
operations like picture splitting and selection.

The initial page of the suggested system, titled "Graphical Password," has three fields for
collecting user data in general and a username. The page offers various categories of images,
and the study suggests that images of recognizable object may be easier to remember as
passwords.

DEPT of INFORMATION SCIENCE & ENGINEERING, PDACEK Page 8

 GRAPHICAL PASSWORD AUTHENTICATION

HTML (Hyper Text Markup Language): The standard markup language for creating the
structure of web pages. It defines the elements and layout, such as headings, paragraphs,
forms, and images.

DEPT of INFORMATION SCIENCE & ENGINEERING, PDACEK Page 9

 GRAPHICAL PASSWORD AUTHENTICATION

CSS (Cascading Style Sheets): Used for styling and visual presentation of HTML elements,
including layout design, color schemes, fonts, and responsiveness.

DEPT of INFORMATION SCIENCE & ENGINEERING, PDACEK Page 10

 GRAPHICAL PASSWORD AUTHENTICATION

JavaScript is used to make web pages interactive and dynamic. It allows you to create and
control elements on a web page, handle events like clicks and form submissions, and
manipulate the content and style of a page in real-time. JavaScript is essential for adding
functionality such as animations, user interactions, and data processing on the client side

DEPT of INFORMATION SCIENCE & ENGINEERING, PDACEK Page 11

 GRAPHICAL PASSWORD AUTHENTICATION

Node.js is used for running JavaScript on the server side, allowing developers to build
scalable and efficient server-side applications. Express is a framework built on top of Node.js
that simplifies the process of creating web applications and APIs by providing a set of tools
and conventions for handling requests, routing, and middleware. Together, they streamline
server-side development and enhance functionality.

DEPT of INFORMATION SCIENCE & ENGINEERING, PDACEK Page 12

 GRAPHICAL PASSWORD AUTHENTICATION

RESULTS

Fig 3: Sign up page of Graphical Password Authentication

Fig 4: Sign in page of Graphical Password Authentication

DEPT of INFORMATION SCIENCE & ENGINEERING, PDACEK Page 13

 GRAPHICAL PASSWORD AUTHENTICATION

ADVANTAGES:

Enhanced security: Graphical passwords are more resistant to guessing and dictionary
attacks.

Increased user engagement: Graphical passwords provide a more interactive and engaging
authentication experience.

Reduced password fatigue: Graphical passwords can reduce the need for multiple text-based
passwords.

Improved user experience: Graphical passwords can provide a more intuitive and natural
authentication process.

Multi-factor authentication: Graphical passwords can be combined with other authentication

methods for added security.

Reduced keyboard errors: Graphical passwords eliminate keyboard entry errors.

Flexibility and customization: Graphical passwords can be tailored to individual users'

preferences and needs.

Hard to guess: Graphical passwords are difficult for others to guess or crack.

DEPT of INFORMATION SCIENCE & ENGINEERING, PDACEK Page 14

 GRAPHICAL PASSWORD AUTHENTICATION

CONCLUSION:
Based on the results of studies on human psychology, graphical passwords are more easily
recalled by the human brain compared to text-based passwords

Our proposed system was successfully implemented and tested, and as a result, we came to
the conclusion that a graphical password authentication system is very efficient, secure, and
adaptable.

This system is also cost effective compared to a biometric system.

By using a graphical password system, we can minimize the risk of attacks, brute-force
attacks, guessing attacks, and shoulder-surfing attacks, among others.

DEPT of INFORMATION SCIENCE & ENGINEERING, PDACEK Page 15

 GRAPHICAL PASSWORD AUTHENTICATION

REFERENCES:
[1] Ali Mohamed Eljetlawi; Norafida Ithnin - Graphical Password: Comprehensive Study of
the Usability Features of the Recognition Base Graphical Password Methods - 2008 Third
International Conference on Convergence and Hybrid Information Technology.

[2] M. Arun Prakash; T.R. Gokul - Network security-overcome password hacking through
graphical password authentication - 2011 National Conference on Innovations in Emerging
Technology

[3]. S. Shadbakht and B. Hassibi, "MCMC methods for entropy optimization and nonlinear
network coding", IEEE Int. Symp. Inform. Theory, pp. 2383-2387, Jun. 2010.

[4]. S. Russell and P. Norvig, Artificial Intelligence: A Modern Approach, Upper Saddle
River, NJ, USA:Prentice Hall Press, 2009.

[5]. D. Davis, F. Monrose, and M. K. Reiter, "On user choice in graphical password
schemes," in Proceedings of the 13thUsenix Security Symposium. San Diego, CA, 2004.

DEPT of INFORMATION SCIENCE & ENGINEERING, PDACEK Page 16