Professional Documents
Culture Documents
Graphical Password by Image Segmentation System: A Project Report On
Graphical Password by Image Segmentation System: A Project Report On
Submitted in partial fulfillment of the requirement for the award of the degree in
BACHELOR OF TECHNOLOGY
IN
Submitted By
CERTIFICATE
This is to certify that the project report entitled Graphical Password By Image Segmentation
System being submitted by
in partial fulfillment for the award of the Degree of Bachelor of Technology in Computer
The result embedded in this thesis has not been submitted to any other university /institute
EXTERNAL EXAMINER
DECLARATION
We hereby declare that the work described in the project report, entitled “Graphical
Password By Image Segmentation System” which is submitted by us in partial
fulfilment for the award of Bachelor of Technology in the Department of Computer
Science and Engineering, KHIT, Andhra Pradesh is the record original and
independent research work done by us during the academic year 2022–2023 under
the supervision of Prof.P.Ratna Babu. The work is original and has not been
submitted for the award of any Degree or Diploma of associate ship or Fellowship or
any other similar title to this or any other university.
We profoundly grateful to express our deep sense of gratitude and respect towards our
honourable chairman, Sri KALLAM MOHAN REDDY, Chairman of Kallam group for his
precious support in the college.
We are thankful to Dr. M. UMA SANKAR REDDY, Director, KHIT, GUNTUR for
his encouragement and support for the completion of the project.
We are much thankful to Dr. B. SIVA BASIVI REDDY, Principal, KHIT, GUNTUR
for his support during and until the completion of the project.
We are greatly indebted to Prof. V. RAJEEV JETSON, Professor, & Head of the
department, Computer Science and Engineering, KHIT, GUNTUR for providing the laboratory
facilities fully as and when required and for giving us the opportunity to carry the project work
in the college.
We are also thankful to our Project Coordinators Mr. Ram Prasad Mati who helped
us in each step of our Project.
We extend our deep sense of gratitude to our Internal Guide Prof.P.Ratna Babu,
Professor, & Head of the department and other Faculty Members & Support staff for their
valuable suggestions, guidance and constructive ideas in each and every step, which was
indeed of great help towards the successful completion of our project.
Team members
Discretization is a standard technique used in click-based graphical passwords for tolerating input
variance so that approximately correct passwords are accepted by the system. In this paper, we show for
the first time that two representative discretization schemes leak a significant amount of password
information, undermining the security of such graphical passwords. We exploit such information leakage
for successful dictionary attacks on Persuasive Cued Click Points (PGPIS), which is to date the most secure
click-based graphical password scheme and was considered to be resistant to such attacks. In our
experiments, our purely automated attack successfully guessed 69.2% of the passwords when Centred
Discretization was used to implement PGPIS, and 39.4% of the passwords when Robust Discretization
was used. Each attack dictionary we used was of approximately entries, whereas the full password space
was of entries. For Centred Discretization, our attack still successfully guessed 50% of the passwords
when the dictionary size was reduced to approximately entries. Our attack is also applicable to common
implementations of other click-based graphical password systems such as Pass Points and Cued Click
Points both have been extensively studied in the research communities.
Keywords : image processing, pattern recognition. Graphical Password. Image Segmentation and
storage, Image recognization , Part jumbling, Image submission, Authentication.
i
LIST OF FIGURES
ii
LIST OF TABLES
iii
CHAPTER 1
INTRODUCTION
1
1.INTRODUCTION
Passwords have been widely used to authenticate users to remote servers in Web and other
applications. Text passwords have been used for a long time. Graphical passwords, introduced by Blonder
in 1996, are an alternative to text passwords. In a graphical password, a user interacts with one or more
images to create or enter a password. Graphical passwords are intended to capitalize on the promise of
better memorability and improved security against guessing attacks. Graphical passwords are particularly
suitable for keyboard less devices such as iPads and iPhones whereon inputting a text password is
cumbersome. For example, Windows 8 recently released by Microsoft supports graphical password logon.
With increasingly popularity of smart phones and slate computers, we expect to see a wider deployment
of graphical passwords in Web applications.1
The project allows user to input an image as its password and only user knows what the image looks
like as a whole. On receiving the image the system segments the image into an array of images and stores
them accordingly. The next time user logs on to the system the segmented image is received by the system
in a jumbled order. Now if user chooses the parts of image in an order so as to make the original image he
sent then user is considered authentic. Else the user is not granted access.
2
1.2 PROBLEM STATEMENT
Passwords are ubiquitous today on any platform, on possibly any website. But to remember
difficult passwords and that too on numerous websites seems daunting and therefore we devised a project
illustrating graphical password strategy. This will allow the user to set passwords in the form of graphical
presentation in a certain pattern and later use that pattern to login the system. In order to Satisfy the
shortcomings of the existing Text based Password Systems and to make the systems more secure from
hacking and predictability we are developing a new generation of passwords that are based on images that
cannot be easily predicted or hacked. Solution to above mentioned limitation of existing system. In order
to Satisfy the shortcomings of the existing Text based Password Systems and to make the systems more
secure from hacking and predictability we are developing a new generation of passwords that are based
on images that cannot be easily predicted or hacked. They cannot be written in any form so there no scope
for stealing.
1.3 SCOPE
Picture passwords are an alternative to textual alphanumeric password. Most of the existing
authentication system has certain drawbacks for that reason graphical passwords are most preferable
authentication system where users click on images to authenticate themselves. As authentication
techniques generate passwords but they have to face attacks like dictionary attacks, brute force attacks,
shoulder surfing. An important usability goal of an authentication system is to support users for selecting
the better password. User creates memorable password which is easy to guess by an attacker and strong
system assigned passwords are difficult to memorize. So researchers of modern days have gone through
different alternative methods and concluded that graphical passwords are most preferable authentication
system. By implementing encryption algorithms and hashing for storing and retrieving pictures and points,
one can achieve more security. The proposed system combines the existing cued click point technique
with the persuasive feature to influence user choice, encouraging user to select more random click point
which is difficult to guess. Picture password is still immature more research is required in this field.
3
CHAPTER 2
LITERATURE SURVEY
4
2. LITERATURE SURVEY
Authors: Wantong Zheng and Chun fu Jia proposed a method "Combined PWD".
Description: This scheme proposes an online secret phrase verification component, combined PWD,
through embedding separators (e.g., spaces) into the passwords to reinforce the current secret word
validation framework. This plan uses the custom of the client's input. In this examination site clients can
embed spaces in their secret word where they need to stop when they register a record, and the site back-
end records the number of spaces in each hole in the paper
Link:https://www.ijert.org/web-based-graphical-password-authentication-system
5
2.1.2 Time Based Unique Password :
Description: A novel time-based unique password was contributed to avoiding challenges focusing a third
party such as one-time password email, test and token device, the client will set an underlying secret word
to characterize how the secret key will be changing throughout a characterized time, we tracked down that
the framework. Then found that the system retains the strength of the dynamic password and improves the
usability of the system in terms of availability A strong password authentication scheme was proposed by
Yang Jing boo. The one-time password authentication schemes can be divided into two types namely weak
password authentication schemes and strong-password authentication schemes.
Link: Link:https://www.ijert.org/web-based-graphical-password-authentication-system
Description: Proposes another reuse- situated secret phase authentication system, called Desktop
Password Authentication Center (DPAC), to reuse counter-measures among applications, along these lines
lessening the expense of protecting passwords against dangers. This arrangement can take out a ton of
tedious work and reduces the expense essentially, we demonstrate the feasibility of DPAC by
implementing a prototype, in which we migrate the widely used OpenSSH to DPAC and implement two
example countermeasures
Link: Link:https://www.ijert.org/web-based-graphical-password-authentication-system
Description: Password authentication code (PAC) is a very important issue in many applications such as
web-sites and database systems etc. Salah Refish proposes a PAC-RMPN scheme. In this paper, PAC
between two clients to affirm verification between them has been introduced. This research presents a
novel solution to the era-long problem of password authentication at the incoming level. They should
6
discover a strategy to secure this a secret word from anticipated attackers. A legitimate user types his
password only and presses enterto propagate it to another user which he wants to be authenticated
Link:Link:https://www.ijert.org/web-based-graphical-password-authentication-system
Description : A secure password authentication scheme is proposed which gives more security. This
method es a combination of patten, key, and dummy digits. For this, the client needs to perceive and enlist
design as area numbers from the network, register key qualities that guide esteem to secret password, and
attach faker qualities to misguide the attacker. From that point forward to log in, the client needs to review
the example and guides the secret key from design with enrolled key qualities, making a secret word by
including sham digits. It minimizes shoulder surfing, brute force attacks, cross site scripting etc. due to the
high complexity of guessing passwords in multi-levels: first from the pattern, then from key, and then
from dummy values.
Link: https://www.jjert.org/web-based-graphical-password-authentication-system
Description: The secret key is the fundamental key to get approval however programmers area lot of
fruitful in secret phrase breaking because of the frail secret key chose by the client. Honeywords are false
passwords which are put away with unique secret word to draw the aggressor. The basic idea behind
Honeyword is the insertion of false passwords. These are to lure the attack. To generate the Honeyword
of original password different techniques like Chaffing-with-tweaking, Chaffing-with 0password model,
etc. are available, but in the existing approach.
Link: https://www.ijert.org/web-based-graphical-password-authentication-system
7
CHAPTER 3
SYSTEM ANALYSIS
8
3. SYSTEM ANALYSIS
The traditional way to set a password is by using characters. Some users makes them complex
by using numbers, lowercase letters, uppercase letters and special characters for high security. However,
this isn’t gives high security as well as hard to remember.
These types of passwords are vulnerable to attacks such as Token based(card based),Digital Signature,
pattern based etc..
• Difficult to remember.
• Difficult to always carry cards.
• Difficult to write the exact signature.
• Users tend to choose passwords that can be easily guessed and will be hacked easily.
• Low security.
9
method still forces the user to memorize many text strings and therefore suffer from the many drawbacks
of text-based passwords.
3.3 MODULES
The Study implements the graphical password based authentication system by using the following
methods:
Image Submission Module: This module collects data from the user along with an image to be
used as a password and store it in the database.
Image Fragmentation & Storage Module: This module selects a suitable algorithm for image
fragmentation, applies the algorithm on it and prepares them for storage and checks for contiguous
spaces in the memory and store the fragments in it.
Images Jumbling Module: This module jumbles the images row-wise and displays them on the
users screen so that he/she can arrange the images in correct order.
Authentication Module: This module matches the arranged image with the original image and
authenticates the user if they matches otherwise asks the user to try again.
10
CHAPTER 4
11
4.SYSTEM REQUIREMENT SPECIFICATION
12
• The most basic edition of Visual Studio, the Community edition, is available free of charge. The
slogan for Visual Studio Community edition is "Free, fully-featured IDE for students, open-source
and individual developers".
• As of November 8, 2021, Visual Studio 2022 is a current production-ready version, and older
versions such as 2013 and 2015 are on Extended Support, and 2017 and 2019 on Mainstream
Support. The most basic edition of Visual Studio, the Community edition, is available free of
charge. The slogan for Visual Studio Community edition is "Free, fully-featured IDE for students,
open-source and individual developers".
• As of November 8, 2021, Visual Studio 2022 is a current production-ready version, and older
versions such as 2013 and 2015 are on Extended Support, and 2017 and 2019 on Mainstream
Support.
13
4.3 FUNCTIONAL REQUIREMENTS
The .NET Framework class library is a collection of reusable types that tightly integrate with the common
language runtime. The class library is object oriented, providing types from which your own managed
code can derive functionality. This not only makes the .NET Framework types easy to use, but also reduces
the time associated with learning new features of the .NET Framework. In addition, third-party
components can integrate seamlessly with classes in the .NET Framework.
For example, the .NET Framework collection classes implement a set of interfaces that you can use to
develop your own collection classes. Your collection classes will blend seamlessly with the classes in the
.NET Framework.
As you would expect from an object-oriented class library, the .NET Framework types enable you to
accomplish a range of common programming tasks, including tasks such as string management, data
collection, database connectivity, and file access.
In addition to these common tasks, the class library includes types that support a variety of specialized
development scenarios. For example, you can use the .NET Framework to develop the following types of
applications and services:
• Console applications.
• Scripted or hosted applications.
• Windows GUI applications (Windows Forms).
• ASP.NET applications.
• XML Web services.
• Windows services.
For example, the Windows Forms classes are a comprehensive set of reusable types that vastly simplify
Windows GUI development. If you write an ASP.NET Web Form application, you can use the Web Forms
classes.
14
BACK END TECHNOLOGY:
Microsoft SQL Server is a Structured Query Language (SQL) based, client/server relational database.
Each of these terms describes a fundamental part of the architecture of SQL Server.
Database:
A database is similar to a data file in that it is a storage place for data. Like a data file, a database
does not present information directly to a user; the user runs an application that accesses data from the
database and presents it to the user in an understandable format. A database typically has two components:
the files holding the physical database and the database management system (DBMS) software that
applications use to access data. The DBMS is responsible for enforcing the database structure, including:
Relational Database:
There are different ways to organize data in a database but relational databases are one of the most
effective. Relational database systems are an application of mathematical set theory to the problem of
effectively organizing data. In a relational database, data is collected into tables (called relations in
relational theory).
When organizing data into tables, you can usually find many different ways to define tables.
Relational database theory defines a process, normalization, which ensures that the set of tables you define
will organize your data effectively.
Client/Server:
In a client/server system, the server is a relatively large computer in a central location that manages
a resource used by many people. When individuals need to use the resource, they connect over the network
from their computers, or clients, to the server.
15
Examples of servers are: In a client/server database architecture, the database files and DBMS software
reside on a server. A communications component is provided so applications can run on separate clients
and communicate to the database server over a network. The SQL Server communication component also
allows communication between an application running on the server and SQL Server.
Server applications are usually capable of working with several clients at the same time. SQL Server can
work with thousands of client applications simultaneously. The server has features to prevent the logical
problems that occur if a user tries to read or modify data currently being used by others.
While SQL Server is designed to work as a server in a client/server network, it is also capable of
working as a stand-alone database directly on the client. The scalability and ease-of-use features of SQL
Server allow it to work efficiently on a client without consuming too many resources.
To work with data in a database, you must use a set of commands and statements (language) defined
by the DBMS software. There are several different languages that can be used with relational databases;
the most common is SQL.
Both the American National Standards Institute (ANSI) and the International Standards
Organization (ISO) have defined standards for SQL. Most modern DBMS products support the Entry
Level of SQL-92, the latest SQL standard (published in 1992).
16
Normalization Theory :
Relations are to be normalized to avoid anomalies. In insert, update and delete operations.
Normalization theory is built around the concept of normal forms. A relation is said to be in a particular
form if it satisfies a certain specified set if constraints. To decide a suitable logical structure for given
database design the concept of normalization, which are briefly described below.
• 1st Normal Form (1 N.F) : A relation is said to be in 1 NF is and only if all unaligned domains
contain values only. That is the fields of an n-set should have no group items and no repeating
groups.
• 2nd Normal Form (2 N.F) : A relation is said to be in 2 NF is and only if it is in 1 NF and every
non key attribute is fully dependent on primary key. This normal takes care of functional
dependencies on non-key attributes.
• 3rd Normal Form (3 N.F) : A relation is said to be in 3 NF is and only if it is in 2 NF and every
non key attribute is non transitively dependent on the primary key. This normal form avoids the
transitive dependencies on the primary key.
• Boyce code Normal Form (BCNF) : This is a stronger definition than that of NF. A relation is
said to be in BCNF if and only if every determinant is a Candidate key.
• 4th Normal Form (4 NF) : A relation is said to be in 4 NF if and only if whenever there exists a
multi valued dependency in a relation say A->->B then all of the relation are also functionally
dependent on A(i.e. A->X for all attributes x of the relation.).
• 5th Normal Form (5 NF) OR Projection Join Normal Form (PJNF) : A relation R is in 5 NF
.if and only if every join dependency in R is implied by the candidate key on R. A relation can’t
be non-loss split into two tables but can be split into three tables. This is called Join Dependency.
Middleware Technology :
Active Data Objects.Net Overview :
ADO.NET is an evolution of the ADO data access model that directly addresses user requirements
for developing scalable applications. It was designed specifically for the web with scalability,
statelessness, and XML in mind.
ADO.NET uses some ADO objects, such as the Connection and Command objects, and also introduces
new objects. Key new ADO.NET objects include the Dataset, Data Reader, and Data Adapter.
17
The important distinction between this evolved stage of ADO.NET and previous data architectures
is that there exists an object -- the Dataset -- that is separate and distinct from any data stores. Because of
that, the Dataset functions as a standalone entity. You can think of the Dataset as an always disconnected
record set that knows nothing about the source or destination of the data it contains. Inside a Dataset, much
like in a database, there are tables, columns, relationships, constraints, views, and so forth.
A Data Adapter is the object that connects to the database to fill the Dataset. Then, it connects back
to the database to update the data there, based on operations performed while the Dataset held the data. In
the past, data processing has been primarily connection-based. Now, in an effort to make multi-tiered apps
more efficient, data processing is turning to a message-based approach that revolves around chunks of
information. At the center of this approach is the Data Adapter, which provides a bridge to retrieve and
save data between a Dataset and its source data store. It accomplishes this by means of requests to the
appropriate SQL commands made against the data store.
The XML-based Dataset object provides a consistent programming model that works with all
models of data storage: flat, relational, and hierarchical. It does this by having no 'knowledge' of the source
of its data, and by representing the data that it holds as collections and data types. No matter what the
source of the data within the Dataset is, it is manipulated through the same set of standard APIs exposed
through the Dataset and its subordinate objects.
While the Dataset has no knowledge of the source of its data, the managed provider has detailed
and specific information. The role of the managed provider is to connect, fill, and persist the Dataset to
and from data stores. The OLE DB and SQL Server .NET Data Providers (System.Data.OleDb and
System.Data.SqlClient) that are part of the .Net Framework provide four basic objects: the Command,
Connection, Data Reader and Data Adapter. In the remaining sections of this document, we'll walk through
each part of the Dataset and the OLE DB/SQL Server .NET Data Providers explaining what they are, and
how to program against them. The following sections will introduce you to some objects that have evolved,
and some that are new. These objects are:
18
When dealing with connections to a database, there are two different options: SQL Server .NET Data
Provider (System.Data.SqlClient) and OLE DB .NET Data Provider (System.Data.OleDb). In these
samples we will use the SQL Server .NET Data Provider. These are written to talk directly to Microsoft
SQL Server. The OLE DB .NET Data Provider is used to talk to any OLE DB provider (as it uses OLE
DB underneath).
Enhanced Performance : ASP.NET is compiled common language runtime code running on the
server. Unlike its interpreted predecessors, ASP.NET can take advantage of early binding, just-in-time
compilation, native optimization, and caching services right out of the box. This amounts to dramatically
better performance before you ever write a line of code.
Power and Flexibility : Because ASP.NET is based on the common language runtime, the power and
flexibility of that entire platform is available to Web application developers. The .NET Framework class
library, Messaging, and Data Access solutions are all seamlessly accessible from the Web.
ASP.NET is also language-independent, so you can choose the language that best applies to your
application or partition your application across many languages.
Simplicity : ASP.NET makes it easy to perform common tasks, from simple form submission and client
authentication to deployment and site configuration. For example, the ASP.NET page framework allows
you to build user interfaces that cleanly separate application logic from presentation code and to handle
events in a simple, Visual Basic - like forms processing model. Additionally, the common language
runtime simplifies development, with managed code services such as automatic reference counting and
garbage collection.
19
Manageability : ASP.NET employs a text-based, hierarchical configuration system, which simplifies
applying settings to your server environment and Web applications. Because configuration information is
stored as plain text, new settings may be applied without the aid of local administration tools.
This "zero local administration" philosophy extends to deploying ASP.NET Framework applications as
well. An ASP.NET Framework application is deployed to a server simply by copying the necessary files
to the server. No server restart is required, even to deploy or replace running compiled code.
Scalability and Availability : ASP.NET has been designed with scalability in mind, with features
specifically tailored to improve performance in clustered and multiprocessor environments. Further,
processes are closely monitored and managed by the ASP.NET runtime, so that if one misbehaves (leaks,
deadlocks), a new process can be created in its place, which helps keep your application constantly
available to handle requests.
Security : With built in Windows authentication and per-application configuration, you can be assured
that your applications are secure.
Language Support:
The Microsoft .NET Platform currently offers built-in support for three languages: C#, Visual
Basic, and JScript.
20
CHAPTER 5
SYSTEM DESIGN
21
5. SYSTEM DESIGN
22
5.2 DATA FLOW DIAGRAM
A data flow diagram is graphical tool used to describe and analyse movement of data through a
system. These are the central tool and the basis from which the other components are developed. The
transformation of data from input to output, through processed, may be described logically and
independently of physical components associated with the system. These are known as the logical data
flow diagrams. The physical data flow diagrams show the actual implements and movement of data
between people, departments and workstations. A full description of a system actually consists of a set of
data flow diagrams. Using two familiar notations Yourdon, Gane and Sarson notation develops the data
flow diagrams. Each component in a DFD is labelled with a descriptive name. Process is further identified
with a number that will be used for identification purpose. The development of DFD’s is done in several
levels. Each process in lower level diagrams can be broken down into a more detailed DFD in the next
level. The lop-level diagram is often called context diagram. It consists a single process bit, which plays
vital role in studying the current system. The process in the context level diagram is exploded into other
process at the first level DFD.
The idea behind the explosion of a process into more process is that understanding at one level of
detail is exploded into greater detail at the next level. This is done until further explosion is necessary and
an adequate amount of detail is described for analyst to understand the process.Larry Constantine first
developed the DFD as a way of expressing system requirements in a graphical from, this lead to the
modular design.
A DFD is also known as a “bubble Chart” has the purpose of clarifying system requirements and
identifying major transformations that will become programs in system design. So it is the starting point
of the design to the lowest level of detail. A DFD consists of a series of bubbles joined by data flows in
the system.
23
DFD LEVEL-0
INFORMATION REQUEST
USER GRAPHICAL
PASSWORD GPIS
AUTHENTICATION
DFD LEVEL – 1
Retrieve
Registration
picture
Information REGISTRATION
PROCESS PICTURE
Password
USER information
Login
information
Request LOG
information
Login result
LOGIN PROCESS Retrieve
information
24
5.3 UML DIAGRAMS
25
5.3.2 Sequence Diagram
• The sequence diagram represents the flow of messages in the system and is also termed as an event
diagram. It helps in envisioning several dynamic scenarios.
• It portrays the communication between any two lifelines as a time-ordered sequence of events,
such that these lifelines took part at the run time.
• In UML, the lifeline is represented by a vertical bar, whereas the message flow is represented by a
vertical dotted line that extends across the bottom of the page.
26
5.3.3 Activity Diagram
• In UML, the activity diagram is used to demonstrate the flow of control within the system rather
than the implementation. It models the concurrent and sequential activities.
• The activity diagram helps in envisioning the workflow from one activity to another. It put
emphasis on the condition of flow and the order in which it occurs.
• The flow can be sequential, branched, or concurrent, and to deal with such kinds of flows, the
activity diagram has come up with a fork, join, etc.
27
5.3.4 Class Diagram
• The class diagram depicts a static view of an application. It represents the types of objects
residing in the system and the relationships between them.
• A class consists of its objects, and also it may inherit from other classes. A class diagram is
used to visualize, describe, document various different aspects of the system, and also construct
executable software code.
• It shows the attributes, classes, functions, and relationships to give an overview of the software
system
28
5.4 DATABASE DESIGN
A database design is a collection of stored data organized in such a way that the data requirements
are satisfied by the database. The general objective is to make information access easy, quick, inexpensive
and flexible for the user. There are also some specific objectives like controlled redundancy from failure,
privacy, security and performance. A collection of relative records make up a table. To design and store
data to the needed forms database tables are prepared. Two essential settings for a database are:
• Primary key : - The field that is unique for all the record occurrences.
• Foreign key : - The field used to set relation between tables. Normalization is a technique to avoid
redundancy in the tables.
DATABASE:
There are two tables in the database GPIS. They are login and picture.
Tables_in_GPIS
Login picture
Table Design
29
Serial Column Data Size Key Default
Type
No. Name
30
5.5 E-R DIAGRAM
ER Diagram : stands for Entity Relationship Diagram, also known as ERD is a diagram that displays the
relationship of entity sets stored in a database. In other words, ER diagrams help to explain the logical
structure of databases. ER diagrams are created based on three basic concepts: entities, attributes and
relationships.ER Diagrams contain different symbols that use rectangles to represent entities, ovals to
define attributes and diamond shapes to represent relationships.
31
CHAPTER 6
IMPLEMENTATION
32
6. IMPLEMENTATION
namespace WindowsFormsApplication1
{
public partial class Test : Form
{
string s;
public Test(string s1)
{
s = s1;
InitializeComponent();
}
33
Button2.Enabled = true;
Button3.Enabled = true;
Button4.Enabled = true;
Button5.Enabled = true;
Button6.Enabled = true;
Button7.Enabled = true;
Button8.Enabled = true;
Button9.Enabled = true;
}
34
{
string values = ListBox1.Items[0].ToString();
string[] tokens = values.Split(',');
{
string values = ListBox1.Items[1].ToString();
string[] tokens = values.Split(',');
{
string values = ListBox1.Items[2].ToString();
string[] tokens = values.Split(',');
{
string values = ListBox1.Items[3].ToString();
string[] tokens = values.Split(',');
35
{
string values = ListBox1.Items[4].ToString();
string[] tokens = values.Split(',');
{
string values = ListBox1.Items[5].ToString();
string[] tokens = values.Split(',');
{
string values = ListBox1.Items[6].ToString();
string[] tokens = values.Split(',');
{
string values = ListBox1.Items[7].ToString();
string[] tokens = values.Split(',');
36
}
{
string values = ListBox1.Items[8].ToString();
string[] tokens = values.Split(',');
Process.Start("calc.exe");
37
this.Close();
}
}
else
{
MessageBox.Show("Invalid Password", "ERROR !!!", MessageBoxButtons.OK,
MessageBoxIcon.Error);
}
}
else
{
MessageBox.Show("Invalid Password", "ERROR !!!", MessageBoxButtons.OK,
MessageBoxIcon.Error);
}
}
39
private void Button9_Click(object sender, EventArgs e)
{
textBox1.AppendText("9");
Button9.Enabled = false;
}
random();
}
}
}
40
CHAPTER 7
TESTING
41
7.TESTING
Software testing is the process of checking whether the developed system is working according to
the original objectives and requirements. Software testing process commences once the program is created
and the documentation and related data structures are designed. Software testing is essential for correcting
errors. Otherwise the project is not said to be complete.
The system should be tested experimentally with test data so as to ensure that the system works
according to the required specification. When the system is found working, test it with actual data and
check performance. Software testing is a critical element of software quality assurance and represents the
ultimate review of specification, design and coding.
Testing Strategies
The philosophy behind testing is to find errors. Test cases are devised with this purpose in mind.
Test case is a set of data that the system will process as normal input.
42
Characteristics of a Good Test:
The primary goal of unit testing is to take the smallest piece of testable software in the application,
isolate it from the remainder of the code, and determine whether it behaves exactly as you expect. Each
unit is tested separately before integrating them into modules to test the interfaces between modules. Unit
testing has proven its value in that a large percentage of defects are identified during its use. Unit testing
is a software verification and validation method where the programmer gains confidence that individual
units of source code are fit for use. A unit is the smallest testable part of an application. In procedural
programming a unit may be an individual program, function, procedure, etc., while in object-oriented
Programming, the smallest unit is a class, which may belong to a base/super class, abstract class or
derived/child class. Ideally, each test case is independent from the others: substitutes like method stubs,
mock objects, fakes and test harnesses can be used to assist testing a module in isolation. Unit tests are
typically written and run by software developers to ensure that code meets its design and behaves as
intended. Its implementation can vary from being very manual (pencil and paper) to being formalized as
part of build automation.
Integration testing, also known as integration and testing (I&T), is a software development
process which program units are combined and tested as groups in multiple ways. In this context, a unit is
defined as the smallest testable part of an application. Integration testing can expose problems with the
interfaces among program components before trouble occurs in real-world program execution. Integration
testing is a component of Extreme Programming (XP), a pragmatic method of software development that
takes a meticulous approach to building a product by means of continual testing and revision.
There are two major ways of carrying out an integration test, called the bottom-up method and the top-
down method. Bottom-up integration testing begins with unit testing, followed by tests of progressively
43
higher-level combinations of units called modules or builds. In top-down integration testing, the highest-
level modules are tested first and progressively lower-level modules are tested after that. In a
comprehensive software development environment, bottom-up testing is usually done first, followed by
top-down testing.
At the validation level, testing focuses on user visible actions and user recognizable output
from the system. Validations testing is said to be successful when software functions in a manner that can
be reasonably expected by the customer.
Beta testing comes after alpha testing. Versions of the software, known as beta version, are released to a
limited audience outside of the programming team. The software is released to groups of people so that
further testing can ensure the product has few faults or bugs. Sometimes, beta versions are made available
to the open public to increase the feedback field to a maximal number of future users.
44
CHAPTER 8
OUTPUT SCREENS
45
Fig 9: Registration Page
46
Fig 11: Successful Registration
47
Fig 13 : Jumbled Image
48
CHAPTER 9
CONCLUSION
49
9.CONCLUSION
The proposed Cued Click Points scheme shows promise as a usable and memorable authentication
mechanism. By taking advantage of users’ ability to recognize images and the memory trigger associated
with seeing a new image, GPIS has advantages over Pass Points in terms of usability. Being cued as each
images shown and having to remember only one click-point per image appears easier than having to
remember an ordered series of clicks on one image.
GPIS offers a more secure alternative to Pass Points. GPIS increases the workload for attackers by
forcing them to first acquire image sets for each user, and then conduct hotspot analysis on each of these
images.
50
CHAPTER 10
REFERENCE
51
10. REFERENCE
► Websites
✓ http://searchsecurity.techtarget.com/definition/graphical-password
✓ http://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=8&ved=0CEs
QFjAH&url=http%3A%2F%2Fclam.rutgers.edu%2F~birget%2FgrPssw%2Fsusan3.p
df&ei=_HPdUsH5CI7xrQe87IEo&usg=AFQjCNGUZJ80lCOHxp2_W_KeAq2a-
pGF3w&bvm=bv.59568121,d.bmk.
► Books
✓ Wiedenbeck, S., Waters, J., Birget, J. C., Brodskiy, A., and Memon, N. 2005.
Authentication using graphical passwords: Effects of tolerance and image choice. In
Proc. Symp. On Usable Privacy and Security (SOUPS’05).
✓ Chiasson, S., van Oorschot, P. C., and Biddle, R. 2007. A second look at the usability
of click-based graphical passwords. In Proc. Symp. on Usable Privacy and Security
(SOUPS’07).
✓ Dirik, A., Menon, N., and Birget, J. 2007. Modeling user choice in the PassPoints
graphical password scheme. In Proc. Symp. on Usable Privacy and Security
(SOUPS’07).
52
Journal of Engineering Sciences Vol 14 Issue 03,2023
ABSRACT
1. INTRODUCTION
In Web and other applications, passwords are frequently used to authenticate users to remote services.
Text- based passwords have been around for a while. Blonder introduced graphical passwords as an
alternative to text passwords in 1996. A user enters or creates a password using a graphical password by
interacting with one or more images. In order to take advantage of the promise of higher memorability
and increased security against guessing attempts, graphic passwords are used. For keyboard-less devices
like iPads and iPhones where entering a text password is difficult, graphical passwords are especially
useful. As an illustration, Microsoft's recently released Windows 8 offers graphical password logon.We
anticipate seeing a larger adoption of graphical passwords in Web apps as smart phones and slate PCs
become in popularity.
The project allows users to enter an image as their password, and only they are aware of the full
appearance of the image. The system divides the image upon receipt into an array of images and saves
them accordingly. The segmented image is received by the system in a disorganised order the following
time a user registers on. Now, if the user selects the image's component pieces in a manner that creates the
original image he sent, thenthe user is taken to be real. Otherwise, access is denied to the user.
2. LITERATURE SURVEY
In the article titled "Combined PWD: This Scheme Proposes An Online Secret Phrase Verification
Component," Wantong Zheng and Chun fu Jia suggested that the present secret word validation
framework be strengthened by adding separators (such as spaces) into the passwords. The client's
feedback is utilised in this strategy. When registering a record on this test site, users can insert spaces
into their secret words to indicate where they should stop, and the site's back end keeps track of how
many spaces are placed in each hole in the paper.
In his proposal "Time based Unique Password: The client will set an underlying secret word to describe
how the secret key will change over a defined period of time, and we found that the framework. This was
done to avoid issues focused on a third party, such as one-time password emails, tests, and token devices.
The system's usability in terms of availability was then discovered to be improved while maintaining the
strength of the dynamic password. Yang Jing yang suggested a secure password authentication system.
Weak password authentication methods and strong password authentication schemes are the two
categories into which one-time password authentication schemes fall. [2].
Refish Salah Proposed In many applications, including websites and database systems, the password
authentication code (PAC) is a crucial issue. PAC-RMPN is the solution Salah Refish suggests. This
paper introduces PAC between two clients to confirm verification between them. This study offers a fresh
approach to the age-old issue of incoming password authentication. They should devise a plan to protect
this secret word from any potential assailants. A legitimate user just enters his password and clicks Enter
to send it to another user for authentication. [3]
Shen pingpingping "A secure password authentication technique" was proposed, providing
greater security.This approach combines patterns, keys, and fictitious digits. In order to accomplish this,
the client must recognise and use network area numbers as design, register key qualities that direct respect
towards a secret password, and attach faker qualities to deceive the attacker. From that point on, the client
must review the example and follow the secret key from design with enrolled key qualities, creating a
secret word by incorporating fictitious digits, in order to log in. Because to the high complexity of
guessing passwords in multi-levels: first from the pattern, then from key, and lastly from dummy values,
it minimises shoulder surfing, brute force attacks, cross site scripting, etc. [4]
Rafiq M.Q. Ansari and Umar, S. proposed Password chafing model: The secret key is the essential key to
getting approval, however because the customer chose a weak secret key, programmers have had much
success in secret phrase breaking. The suggested framework combines Honey encryption with the
Honeyword procedure to strengthen the secret key stockpiling. Honeywords are fictitious passwords that
are hidden with a special secret word to entice the attacker. The fundamental concept underlying
Honeyword is the use of fictitious passwords. They will entice the attacker. Other methods, such as
chaffing-with-tweaking, chaffing-with password models, etc. are available to produce the Honeyword of
the original password, but thecurrent method is used. [5]
3. PROPOSED SYSTEM
Another shoulder-surfing-resistant method has been put out by us. In this method, the user chooses a
number of images to serve as pass-objects. Every pass-object contains a number of versions, and each
variant has its own code. The user is presented with a number of scenes to complete during authentication.
Many pass-objects (each in the form of a randomly selected version) and numerous decoy-objects are
present in every scenario. The user must enter a string containing the distinct codes for each of the pass-
object versions visible in the scene, as well as a code denoting the pass-objects' placement in relation to a
set of eyes. The claim is that even if the entire authentication procedure was videotaped, it would be
exceedingly difficult to crack this kind of password because there was no mouse click to provide the pass-
object information. The alphanumeric code for each pass-object version must still be memorised by users
of this technique. Later, this method was expanded to let users give their own codes to pass-object
variants. Unfortunately, this approach still necessitates that the user memorise numerous text strings,
resulting in all of the problems associated with text-based passwords.
3.1 MODULES
There are 5 modules in the system:
1. Image Submission
2.Image Fragmentation and Storage of Image
Parts3.Part Jumbling
4.Authentication
Description :-
A new computer platform called the.NET Framework makes it easier to construct applications
in the highly distributed Internet environment. Unmanaged components that host the.NET Framework can
start managed code execution by loading the common language runtime into their processes. This creates
a software environment that can take advantage of both managed and unmanaged features. In addition to
offering a number of runtime hosts, the.NET Framework also encourages the creation of runtime
hostsby third parties.
Microsoft SQL Server is a client/server relational database that uses Structured Query Language
(SQL). Each of these phrases describes a crucial element of SQL Server's design. You must employ a
set of commands and statements (a language) established by the DBMS programme in order to interact
with the data in a database. Relational databases support a variety of languages, the most popular of
which is SQL.
4.3 Results
Fig 8 : Part
Jumbling
6. CONCLUSION
As a practical and memorable authentication technique, the suggested Cued Click Points scheme has
promise. GPIS is more usable than PassPoints because it makes use of users' capacity to recognise images
and the memory trigger connected to seeing a new image. It seems simpler to be cued when each image is
displayed and to only have to remember one click point per image as opposed to having to remember an
ordered succession of clicks on a single image.
A safer substitute for PassPoints is GPIS. By requiring attackers to first obtain image sets for each
user and then perform hotspot analysis on each of these photos, GPIS increases the effort for attackers.
We can also include challenge response interactivity in future developments. In challenge-response
interactions, the server will pose a challenge, and the client will then need to respond in line with the
requirements. Access is allowed if the response is accurate. We can also restrict the number of
incorrect password entriesa user can make.
REFERENCES
Websites :
• http://searchsecurity.techtarget.com/definition/graphical-password.
• http://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=8&ved=0CEsQFjAH&url
=ht
tp%3A%2F%2Fclam.rutgers.edu%2F~birget%2FgrPssw%2Fsusan3.pdf&ei=_HPdUsH5CI7xrQe
87IEo&usg=AFQjCNGUZJ80lCOHxp2_W_KeAq2a-pGF3w&bvm=bv.59568121,d.bmk
Books :
• Wiedenbeck, S., Waters, J., Birget, J. C., Brodskiy, A., and Memon, N. 2005. Authentication
using graphical passwords: Effects of tolerance and image choice. In Proc. Symp. On Usable
Privacy and Security (SOUPS’05).
• S. Chiasson, P. C. van Oorschot, and R. Biddle 2007. a second look at the click-based graphical
passwords' usability. On Usable Privacy and Security (SOUPS'07) in Proc.
• A. Dirik, N. Menon, and J. Birget 2007. using the PassPoints graphical password to model user
choice scheme. In Proceedings of the 2007 Symposium on Usable Privacy and Security.