A Project Report On

GRAPHICAL PASSWORD BY IMAGE SEGMENTATION

SYSTEM

Submitted in partial fulfillment of the requirement for the award of the degree in

BACHELOR OF TECHNOLOGY
IN

COMPUTER SCIENCE AND ENIGINEERING

Submitted By

Y Eswari Sai Tejaswi 198X1A05H0

Y Varun Kumar 198X1A05G9
U Chandra Kiran Reddy 198X1A05F4
Y Sai Rohith 198X1A05G8

Under the Guidance of

Prof.P.RATNA BABU M.Tech,Ph.D

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

KALLAM HARANADHREDDY INSTITUTE OF ENGINEERING
Approved by AICTE-New Delhi, Accredited by NAAC A Grade and NBA Accredited
Permanently Affiliated to Jawaharlal Nehru Technological University, Kakinada
NH-5, Chowdavaram, Guntur, Andhra Pradesh, India
2022-2023
 KALLAM HARANADHAREDDY INSTITUTE OF TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

CERTIFICATE
This is to certify that the project report entitled Graphical Password By Image Segmentation
System being submitted by

Yerragalla Eswari Sai Tejaswi 198X1A05H0

Yenuganti Varun Kumar 198X1A05G9
Udumula Chandra Kiran Reddy 198X1A05F4
Yenikepalli Sai Rohith 198X1A05G8

in partial fulfillment for the award of the Degree of Bachelor of Technology in Computer

Science and Engineering to the Jawaharlal Nehru Technological University, Kakinada is a

record of bonafide work carried out under my guidance and supervision.

The result embedded in this thesis has not been submitted to any other university /institute

for the award of any degree / diploma.

PROJECT SUPERVISOR HEAD OF THE DEPARTMENT

Prof P Ratna Babu Prof V Rajeev Jetson
Professor, Department of CSE, KHIT Professor, Department of CSE, KHIT

EXTERNAL EXAMINER
 DECLARATION

We hereby declare that the work described in the project report, entitled “Graphical
Password By Image Segmentation System” which is submitted by us in partial
fulfilment for the award of Bachelor of Technology in the Department of Computer
Science and Engineering, KHIT, Andhra Pradesh is the record original and
independent research work done by us during the academic year 2022–2023 under
the supervision of Prof.P.Ratna Babu. The work is original and has not been
submitted for the award of any Degree or Diploma of associate ship or Fellowship or
any other similar title to this or any other university.

Name of the Student Roll No Signature

Yerragalla Eswari Sai Tejaswi 198X1A05H0

Yenuganti Varun Kumar 198X1A05G9

Udumula Chandra Kiran Reddy 198X1A05F4

Yenikepalli Sai Rohith 198X1A05G8

 ACKNOWLEDGMENT

We profoundly grateful to express our deep sense of gratitude and respect towards our
honourable chairman, Sri KALLAM MOHAN REDDY, Chairman of Kallam group for his
precious support in the college.

We are thankful to Dr. M. UMA SANKAR REDDY, Director, KHIT, GUNTUR for
his encouragement and support for the completion of the project.

We are much thankful to Dr. B. SIVA BASIVI REDDY, Principal, KHIT, GUNTUR
for his support during and until the completion of the project.

We are greatly indebted to Prof. V. RAJEEV JETSON, Professor, & Head of the
department, Computer Science and Engineering, KHIT, GUNTUR for providing the laboratory
facilities fully as and when required and for giving us the opportunity to carry the project work
in the college.

We are also thankful to our Project Coordinators Mr. Ram Prasad Mati who helped
us in each step of our Project.

We extend our deep sense of gratitude to our Internal Guide Prof.P.Ratna Babu,
Professor, & Head of the department and other Faculty Members & Support staff for their
valuable suggestions, guidance and constructive ideas in each and every step, which was
indeed of great help towards the successful completion of our project.

Team members

Yerragalla Eswari Sai Tejaswi 198X1A05H0

Yenuganti Varun Kumar 198X1A05G9

Udumula Chandra Kiran Reddy 198X1A05F4

Yenikepalli Sai Rohith 198X1A05G8

 TABLE OF CONTENTS

SNO CHAPTER NAME Page No

ABSTRACT I
LIST OF FIGURES II
LIST OF TABLES III
1 INTRODUCTION 1
1.1 Introduction for Graphical Passwords 2
1.2 Problem Statement 3
1.3 Scope 3
2 LITERATURE SURVEY 4
2.1 Literature Survey 5
2.1.1 Combined PWD 5
2.1.2 Time based unique password 6
2.1.3 Desktop password authentication center 6
2.1.4 Password Authentication Code 6
2.1.5 A Secure Password authentication scheme 7
2.1.6 Chapping with password model 7
3 SYSTEM ANALYSIS 8
3.1 Existing System 9
3.1.1 Disadvantages of Existing System 9
3.2 Proposed System 9
3.2.1 Advantages of Proposed System 10
3.3 Modules 10
4 SYSTEM REQUIREMENT SPECIFICATION 11
4.1 Hardware Requirements 12
4.2 Software Requirements 12
4.3 Functionality Requirements 14
4.4 Non Functionality Requirements 19
5 SYSTEM DESIGN 21
 5.1 System Architecture 22
5.2 Data Flow Diagrams 23
5.3 UML Diagrams 25
5.3.1 Use Case Diagram 25
5.3.2 Sequence Diagram 26
5.3.3 Activity Daigram 27
5.3.4 Class Diagram 28
5.4 Database Design 29
5.5 E-R Diagram 31
6 IMPLEMNTATION 32
6.1 SAMPLE SOURCE CODE 33
7 TESTING 41
7.1 SOFTWARE TESTING 42
7.1.1 Unit Testing 43
7.1.2 Integration Testing 43
7.1.3 Validation Testing 44
8 OUTPUT SCREENS 45
9 CONCLUSION 49
10 REFERENCE 51
 ABSTRACT

Discretization is a standard technique used in click-based graphical passwords for tolerating input
variance so that approximately correct passwords are accepted by the system. In this paper, we show for
the first time that two representative discretization schemes leak a significant amount of password
information, undermining the security of such graphical passwords. We exploit such information leakage
for successful dictionary attacks on Persuasive Cued Click Points (PGPIS), which is to date the most secure
click-based graphical password scheme and was considered to be resistant to such attacks. In our
experiments, our purely automated attack successfully guessed 69.2% of the passwords when Centred
Discretization was used to implement PGPIS, and 39.4% of the passwords when Robust Discretization
was used. Each attack dictionary we used was of approximately entries, whereas the full password space
was of entries. For Centred Discretization, our attack still successfully guessed 50% of the passwords
when the dictionary size was reduced to approximately entries. Our attack is also applicable to common
implementations of other click-based graphical password systems such as Pass Points and Cued Click
Points both have been extensively studied in the research communities.

Keywords : image processing, pattern recognition. Graphical Password. Image Segmentation and
storage, Image recognization , Part jumbling, Image submission, Authentication.

i
 LIST OF FIGURES

FIGURE DESCRIPTION PAGE

NO NO
Fig 1 System Architecture 22

Fig 2 Data Flow Diagram Level 0 24

Fig 3 Data Flow Diagram Level 1 24

Fig 4 Use Case Diagram 27

Fig 5 Sequence Diagram 28

Fig 6 Activity Diagram 29

Fig 7 Class Diagram 30

Fig 8 E-R Diagram 31

Fig 9 Registration Page 46

Fig 10 Selection of Image for registration 46

Fig 11 Successful Registration 47

Fig 12 Login Page 47

Fig 13 Jumbled Image 48

Fig 14 Successful Login 48

ii
 LIST OF TABLES

TABLE No TABLE NAME PAGE No

Table 1 Picture Table in Database 29
Table 2 Log Table in Database 30

iii
 CHAPTER 1
INTRODUCTION

1
 1.INTRODUCTION

1.1 INTRODUCTION FOR GRAPHICAL PASSWORDS

Passwords have been widely used to authenticate users to remote servers in Web and other
applications. Text passwords have been used for a long time. Graphical passwords, introduced by Blonder
in 1996, are an alternative to text passwords. In a graphical password, a user interacts with one or more
images to create or enter a password. Graphical passwords are intended to capitalize on the promise of
better memorability and improved security against guessing attacks. Graphical passwords are particularly
suitable for keyboard less devices such as iPads and iPhones whereon inputting a text password is
cumbersome. For example, Windows 8 recently released by Microsoft supports graphical password logon.
With increasingly popularity of smart phones and slate computers, we expect to see a wider deployment
of graphical passwords in Web applications.1

The project allows user to input an image as its password and only user knows what the image looks
like as a whole. On receiving the image the system segments the image into an array of images and stores
them accordingly. The next time user logs on to the system the segmented image is received by the system
in a jumbled order. Now if user chooses the parts of image in an order so as to make the original image he
sent then user is considered authentic. Else the user is not granted access.

2
1.2 PROBLEM STATEMENT

Passwords are ubiquitous today on any platform, on possibly any website. But to remember
difficult passwords and that too on numerous websites seems daunting and therefore we devised a project
illustrating graphical password strategy. This will allow the user to set passwords in the form of graphical
presentation in a certain pattern and later use that pattern to login the system. In order to Satisfy the
shortcomings of the existing Text based Password Systems and to make the systems more secure from
hacking and predictability we are developing a new generation of passwords that are based on images that
cannot be easily predicted or hacked. Solution to above mentioned limitation of existing system. In order
to Satisfy the shortcomings of the existing Text based Password Systems and to make the systems more
secure from hacking and predictability we are developing a new generation of passwords that are based
on images that cannot be easily predicted or hacked. They cannot be written in any form so there no scope
for stealing.

1.3 SCOPE

Picture passwords are an alternative to textual alphanumeric password. Most of the existing
authentication system has certain drawbacks for that reason graphical passwords are most preferable
authentication system where users click on images to authenticate themselves. As authentication
techniques generate passwords but they have to face attacks like dictionary attacks, brute force attacks,
shoulder surfing. An important usability goal of an authentication system is to support users for selecting
the better password. User creates memorable password which is easy to guess by an attacker and strong
system assigned passwords are difficult to memorize. So researchers of modern days have gone through
different alternative methods and concluded that graphical passwords are most preferable authentication
system. By implementing encryption algorithms and hashing for storing and retrieving pictures and points,
one can achieve more security. The proposed system combines the existing cued click point technique
with the persuasive feature to influence user choice, encouraging user to select more random click point
which is difficult to guess. Picture password is still immature more research is required in this field.

3
 CHAPTER 2
LITERATURE SURVEY

4
 2. LITERATURE SURVEY

2.1 LITERATURE SURVEY

Graphical password schemes are often divided into three major categories supported the sort of
activity required to recollect the password: recognition, recall, and cued recall. Recognition is that the only
for human memory whereas pure recall is most difficult since the knowledge must be accessed from
memory with no triggers. Cued recall falls somewhere between these two because it offers a cue which
should establish context and trigger the stored memory. Among existing graphical passwords, CCP most
closely resembles aspects of Pass faces, Story, and Pass Points. Conceptually, CCP could even be a
mixture of the three; in terms of implementation, it is most almost like Pass Points. It also avoids the
complex user training requirements found during sort of graphical password proposals, like that of Wein
shall. Pass faces could even be a graphical password scheme based totally on recognizing human faces.
During password creation, users select kind of images from a much bigger set. To log in, users must
identify one among their pre-selected images from amongst several decoys. Users must correctly answer
kind of those challenges for every login. Proposed an alternate scheme, Story that used everyday images
rather than faces and required that users select their images within the proper order. Users were encouraged
to make a story as a memory aid. All Rights Reserved 396 in three separate in lab user studies to match
text passwords to pass Points, test whether the selection of image impacted usability, and determine the
minimum size of the tolerance square. the general conclusion was that Pass Points was a usable
authentication scheme.

2.1.1 Combined PWD :

Authors: Wantong Zheng and Chun fu Jia proposed a method "Combined PWD".

Description: This scheme proposes an online secret phrase verification component, combined PWD,
through embedding separators (e.g., spaces) into the passwords to reinforce the current secret word
validation framework. This plan uses the custom of the client's input. In this examination site clients can
embed spaces in their secret word where they need to stop when they register a record, and the site back-
end records the number of spaces in each hole in the paper

Link:https://www.ijert.org/web-based-graphical-password-authentication-system

5
2.1.2 Time Based Unique Password :

Authors: William Holmes Brown (3 September 1929-27 May 2001)

Description: A novel time-based unique password was contributed to avoiding challenges focusing a third
party such as one-time password email, test and token device, the client will set an underlying secret word
to characterize how the secret key will be changing throughout a characterized time, we tracked down that
the framework. Then found that the system retains the strength of the dynamic password and improves the
usability of the system in terms of availability A strong password authentication scheme was proposed by
Yang Jing boo. The one-time password authentication schemes can be divided into two types namely weak
password authentication schemes and strong-password authentication schemes.

Link: Link:https://www.ijert.org/web-based-graphical-password-authentication-system

2.1.3 Desktop Password Authentication Center :

Authors: Hua Wang, Yao Guo

Description: Proposes another reuse- situated secret phase authentication system, called Desktop
Password Authentication Center (DPAC), to reuse counter-measures among applications, along these lines
lessening the expense of protecting passwords against dangers. This arrangement can take out a ton of
tedious work and reduces the expense essentially, we demonstrate the feasibility of DPAC by
implementing a prototype, in which we migrate the widely used OpenSSH to DPAC and implement two
example countermeasures

Link: Link:https://www.ijert.org/web-based-graphical-password-authentication-system

2.1.4 Password Authentication Code (PAC) :

Author: Salah Refish

Description: Password authentication code (PAC) is a very important issue in many applications such as
web-sites and database systems etc. Salah Refish proposes a PAC-RMPN scheme. In this paper, PAC
between two clients to affirm verification between them has been introduced. This research presents a
novel solution to the era-long problem of password authentication at the incoming level. They should
6
discover a strategy to secure this a secret word from anticipated attackers. A legitimate user types his
password only and presses enterto propagate it to another user which he wants to be authenticated

Link:Link:https://www.ijert.org/web-based-graphical-password-authentication-system

2.1.5 A Secure Password Authentication Scheme :

Author: Shen pingping

Description : A secure password authentication scheme is proposed which gives more security. This
method es a combination of patten, key, and dummy digits. For this, the client needs to perceive and enlist
design as area numbers from the network, register key qualities that guide esteem to secret password, and
attach faker qualities to misguide the attacker. From that point forward to log in, the client needs to review
the example and guides the secret key from design with enrolled key qualities, making a secret word by
including sham digits. It minimizes shoulder surfing, brute force attacks, cross site scripting etc. due to the
high complexity of guessing passwords in multi-levels: first from the pattern, then from key, and then
from dummy values.

Link: https://www.jjert.org/web-based-graphical-password-authentication-system

2.1.6 Chaffing with Password Model :

Author: Umar, M.S.; Rafiq M.Q.AnsariJ.A

Description: The secret key is the fundamental key to get approval however programmers area lot of
fruitful in secret phrase breaking because of the frail secret key chose by the client. Honeywords are false
passwords which are put away with unique secret word to draw the aggressor. The basic idea behind
Honeyword is the insertion of false passwords. These are to lure the attack. To generate the Honeyword
of original password different techniques like Chaffing-with-tweaking, Chaffing-with 0password model,
etc. are available, but in the existing approach.

Link: https://www.ijert.org/web-based-graphical-password-authentication-system

7
 CHAPTER 3
SYSTEM ANALYSIS

8
 3. SYSTEM ANALYSIS

3.1 EXISTING SYSTEM

The traditional way to set a password is by using characters. Some users makes them complex
by using numbers, lowercase letters, uppercase letters and special characters for high security. However,
this isn’t gives high security as well as hard to remember.

These types of passwords are vulnerable to attacks such as Token based(card based),Digital Signature,
pattern based etc..

3.1.1 Disadvantages of existing system

• Difficult to remember.
• Difficult to always carry cards.
• Difficult to write the exact signature.
• Users tend to choose passwords that can be easily guessed and will be hacked easily.
• Low security.

3.2 PROPOSED SYSTEM

We have proposed another shoulder-surfing resistant technique. In this technique, a user

selects a number of pictures as pass-objects. Each pass-object has several variants and each variant is
assigned a unique code. During authentication, the user is challenged with several scenes. Each scene
contains several pass-objects (each in the form of a randomly chosen variant) and many decoy-objects.
The user has to type in a string with the unique codes corresponding to the pass object variants present in
the scene as well as a code indicating the relative location of the pass-objects in reference to a pair of eyes.
The argument is that it is very hard to crack this kind of password even if the whole authentication process
is recorded on video because where is no mouse click to give away the pass-object information. However,
this method still requires users to memorize the alphanumeric code for each pass-object variant. Later
extended this approach to allow the user to assign their own codes to pass-object variants. However, this

9
method still forces the user to memorize many text strings and therefore suffer from the many drawbacks
of text-based passwords.

3.2.1 Advantages of Proposed System :

• Higher Accuracy.
• Graphical passwords schemes provide a way of making more human friendly passwords.
• Here the security system is very high.
• Dictionary attacks and brute force search are infeasible.

3.3 MODULES

The Study implements the graphical password based authentication system by using the following
methods:

• Image Submission Module.

• Image Fragmentation & Storage Module.
• Image Jumbling Module.
• Authentication Module.

Image Submission Module: This module collects data from the user along with an image to be
used as a password and store it in the database.

Image Fragmentation & Storage Module: This module selects a suitable algorithm for image
fragmentation, applies the algorithm on it and prepares them for storage and checks for contiguous
spaces in the memory and store the fragments in it.

Images Jumbling Module: This module jumbles the images row-wise and displays them on the
users screen so that he/she can arrange the images in correct order.

Authentication Module: This module matches the arranged image with the original image and
authenticates the user if they matches otherwise asks the user to try again.

10
 CHAPTER 4

SYSETM REQUIREMENT SPECIFICATION

11
 4.SYSTEM REQUIREMENT SPECIFICATION

4.1 HARDWARE REQUIREMENTS

• i3 Processor Based Computer.

• 1GB-Ram.
• GB Hard Disk
• Monitor

4.2 SOFTWARE REQUIREMENTS

• Visual studio 2010.

• SQL Server 2008.
• Visual Studio is an integrated development environment (IDE) from Microsoft. It is used to
develop computer programs including websites, web apps, web services and mobile apps. Visual
Studio uses Microsoft software development platforms such as Windows API, Windows Forms,
Windows Presentation Foundation, Windows Store and Microsoft Silverlight. It can produce both
native code and managed code.
• Visual Studio includes a code editor supporting IntelliSense (the code completion component) as
well as code refactoring. The integrated debugger works both as a source-level debugger and a
machine-level debugger. Other built-in tools include a code profiler, designer for building GUI
applications, web designer, class designer, and database schema designer. It accepts plug-ins that
expand the functionality at almost every level—including adding support for source control
systems (like Subversion and Git) and adding new toolsets like editors and visual designers for
domain-specific languages or toolsets for other aspects of the software development lifecycle (like
the Azure DevOps client: Team Explorer).
• Visual Studio supports 36 different programming languages and allows the code editor and
debugger to support (to varying degrees) nearly any programming language, provided a language-
specific service exists. Built-in languages include C,C++, C++/CLI, Visual Basic .NET, C#, F#,
JavaScript, TypeScript, XML, XSLT, HTML, and CSS. Support for other languages such as
Python, Ruby, Node.js, and M among others is available via plug-ins. Java (and J#) were supported
in the past.

12
• The most basic edition of Visual Studio, the Community edition, is available free of charge. The
slogan for Visual Studio Community edition is "Free, fully-featured IDE for students, open-source
and individual developers".

• As of November 8, 2021, Visual Studio 2022 is a current production-ready version, and older
versions such as 2013 and 2015 are on Extended Support, and 2017 and 2019 on Mainstream
Support. The most basic edition of Visual Studio, the Community edition, is available free of
charge. The slogan for Visual Studio Community edition is "Free, fully-featured IDE for students,
open-source and individual developers".

• As of November 8, 2021, Visual Studio 2022 is a current production-ready version, and older
versions such as 2013 and 2015 are on Extended Support, and 2017 and 2019 on Mainstream
Support.

• SQL Server is Microsoft's relational database management system (RDBMS). It is a full-featured

database primarily designed to compete against competitors Oracle Database (DB) and MySQL.
• Like all major RBDMS, SQL Server supports ANSI SQL, the standard SQL language. However,
SQL Server also contains T-SQL, its own SQL implementation. SQL Server Management Studio
(SSMS) (previously known as Enterprise Manager) is SQL Server's main interface tool, and it
supports 32-bit and 64-bit environments.
• SQL Server is sometimes referred to as MSSQL and Microsoft SQL Server. It is a software,
developed by Microsoft, which is implemented from the specification of RDBMS.
• It is also an ORDBMS.
• It is platform dependent.
• It is both GUI and command based software.
• It supports SQL (SEQUEL) language which is an IBM product, non-procedural, common database
and case insensitive language.

13
4.3 FUNCTIONAL REQUIREMENTS

.NET Framework Class Library:

The .NET Framework class library is a collection of reusable types that tightly integrate with the common
language runtime. The class library is object oriented, providing types from which your own managed
code can derive functionality. This not only makes the .NET Framework types easy to use, but also reduces
the time associated with learning new features of the .NET Framework. In addition, third-party
components can integrate seamlessly with classes in the .NET Framework.

For example, the .NET Framework collection classes implement a set of interfaces that you can use to
develop your own collection classes. Your collection classes will blend seamlessly with the classes in the
.NET Framework.

As you would expect from an object-oriented class library, the .NET Framework types enable you to
accomplish a range of common programming tasks, including tasks such as string management, data
collection, database connectivity, and file access.

In addition to these common tasks, the class library includes types that support a variety of specialized
development scenarios. For example, you can use the .NET Framework to develop the following types of
applications and services:

• Console applications.
• Scripted or hosted applications.
• Windows GUI applications (Windows Forms).
• ASP.NET applications.
• XML Web services.
• Windows services.

For example, the Windows Forms classes are a comprehensive set of reusable types that vastly simplify
Windows GUI development. If you write an ASP.NET Web Form application, you can use the Web Forms
classes.

14
BACK END TECHNOLOGY:

About Microsoft SQL Server:

Microsoft SQL Server is a Structured Query Language (SQL) based, client/server relational database.
Each of these terms describes a fundamental part of the architecture of SQL Server.

Database:

A database is similar to a data file in that it is a storage place for data. Like a data file, a database
does not present information directly to a user; the user runs an application that accesses data from the
database and presents it to the user in an understandable format. A database typically has two components:
the files holding the physical database and the database management system (DBMS) software that
applications use to access data. The DBMS is responsible for enforcing the database structure, including:

• Maintaining the relationships between data in the database.

• Ensuring that data is stored correctly and that the rules defining data relationships are not violated.
• Recovering all data to a point of known consistency in case of system failures.

Relational Database:

There are different ways to organize data in a database but relational databases are one of the most
effective. Relational database systems are an application of mathematical set theory to the problem of
effectively organizing data. In a relational database, data is collected into tables (called relations in
relational theory).

When organizing data into tables, you can usually find many different ways to define tables.
Relational database theory defines a process, normalization, which ensures that the set of tables you define
will organize your data effectively.

Client/Server:

In a client/server system, the server is a relatively large computer in a central location that manages
a resource used by many people. When individuals need to use the resource, they connect over the network
from their computers, or clients, to the server.

15
Examples of servers are: In a client/server database architecture, the database files and DBMS software
reside on a server. A communications component is provided so applications can run on separate clients
and communicate to the database server over a network. The SQL Server communication component also
allows communication between an application running on the server and SQL Server.

Server applications are usually capable of working with several clients at the same time. SQL Server can
work with thousands of client applications simultaneously. The server has features to prevent the logical
problems that occur if a user tries to read or modify data currently being used by others.

While SQL Server is designed to work as a server in a client/server network, it is also capable of
working as a stand-alone database directly on the client. The scalability and ease-of-use features of SQL
Server allow it to work efficiently on a client without consuming too many resources.

Structured Query Language (SQL) :

To work with data in a database, you must use a set of commands and statements (language) defined
by the DBMS software. There are several different languages that can be used with relational databases;
the most common is SQL.

Both the American National Standards Institute (ANSI) and the International Standards
Organization (ISO) have defined standards for SQL. Most modern DBMS products support the Entry
Level of SQL-92, the latest SQL standard (published in 1992).

SQL Server Features:

Microsoft SQL Server supports a set of features that result in the following benefits:
Ease of installation, deployment, and use
SQL Server includes a set of administrative and development tools that improve your ability to install,
deploy, manage, and use SQL Server across several sites.
Data warehousing :
SQL Server includes tools for extracting and analyzing summary data for online analytical
processing (OLAP). SQL Server also includes tools for visually designing databases and analyzing data
using English-based questions.
System integration with other server software :
SQL Server integrates with e-mail, the Internet, and Windows.

16
Normalization Theory :
Relations are to be normalized to avoid anomalies. In insert, update and delete operations.
Normalization theory is built around the concept of normal forms. A relation is said to be in a particular
form if it satisfies a certain specified set if constraints. To decide a suitable logical structure for given
database design the concept of normalization, which are briefly described below.
• 1st Normal Form (1 N.F) : A relation is said to be in 1 NF is and only if all unaligned domains
contain values only. That is the fields of an n-set should have no group items and no repeating
groups.
• 2nd Normal Form (2 N.F) : A relation is said to be in 2 NF is and only if it is in 1 NF and every
non key attribute is fully dependent on primary key. This normal takes care of functional
dependencies on non-key attributes.
• 3rd Normal Form (3 N.F) : A relation is said to be in 3 NF is and only if it is in 2 NF and every
non key attribute is non transitively dependent on the primary key. This normal form avoids the
transitive dependencies on the primary key.

• Boyce code Normal Form (BCNF) : This is a stronger definition than that of NF. A relation is
said to be in BCNF if and only if every determinant is a Candidate key.
• 4th Normal Form (4 NF) : A relation is said to be in 4 NF if and only if whenever there exists a
multi valued dependency in a relation say A->->B then all of the relation are also functionally
dependent on A(i.e. A->X for all attributes x of the relation.).

• 5th Normal Form (5 NF) OR Projection Join Normal Form (PJNF) : A relation R is in 5 NF
.if and only if every join dependency in R is implied by the candidate key on R. A relation can’t
be non-loss split into two tables but can be split into three tables. This is called Join Dependency.

Middleware Technology :
Active Data Objects.Net Overview :

ADO.NET is an evolution of the ADO data access model that directly addresses user requirements
for developing scalable applications. It was designed specifically for the web with scalability,
statelessness, and XML in mind.

ADO.NET uses some ADO objects, such as the Connection and Command objects, and also introduces
new objects. Key new ADO.NET objects include the Dataset, Data Reader, and Data Adapter.

17
 The important distinction between this evolved stage of ADO.NET and previous data architectures
is that there exists an object -- the Dataset -- that is separate and distinct from any data stores. Because of
that, the Dataset functions as a standalone entity. You can think of the Dataset as an always disconnected
record set that knows nothing about the source or destination of the data it contains. Inside a Dataset, much
like in a database, there are tables, columns, relationships, constraints, views, and so forth.

A Data Adapter is the object that connects to the database to fill the Dataset. Then, it connects back
to the database to update the data there, based on operations performed while the Dataset held the data. In
the past, data processing has been primarily connection-based. Now, in an effort to make multi-tiered apps
more efficient, data processing is turning to a message-based approach that revolves around chunks of
information. At the center of this approach is the Data Adapter, which provides a bridge to retrieve and
save data between a Dataset and its source data store. It accomplishes this by means of requests to the
appropriate SQL commands made against the data store.

The XML-based Dataset object provides a consistent programming model that works with all
models of data storage: flat, relational, and hierarchical. It does this by having no 'knowledge' of the source
of its data, and by representing the data that it holds as collections and data types. No matter what the
source of the data within the Dataset is, it is manipulated through the same set of standard APIs exposed
through the Dataset and its subordinate objects.

While the Dataset has no knowledge of the source of its data, the managed provider has detailed
and specific information. The role of the managed provider is to connect, fill, and persist the Dataset to
and from data stores. The OLE DB and SQL Server .NET Data Providers (System.Data.OleDb and
System.Data.SqlClient) that are part of the .Net Framework provide four basic objects: the Command,
Connection, Data Reader and Data Adapter. In the remaining sections of this document, we'll walk through
each part of the Dataset and the OLE DB/SQL Server .NET Data Providers explaining what they are, and
how to program against them. The following sections will introduce you to some objects that have evolved,
and some that are new. These objects are:

• Connections : For connection to and managing transactions against a database.

• Commands : For issuing SQL commands against a database.
• Data Readers : For reading a forward-only stream of data records from a SQL Server data source.
• Datasets : For storing, removing and programming against flat data, XML data and relational data.
• Data Adapters : For pushing data into a Dataset, and reconciling data against a database.

18
 When dealing with connections to a database, there are two different options: SQL Server .NET Data
Provider (System.Data.SqlClient) and OLE DB .NET Data Provider (System.Data.OleDb). In these
samples we will use the SQL Server .NET Data Provider. These are written to talk directly to Microsoft
SQL Server. The OLE DB .NET Data Provider is used to talk to any OLE DB provider (as it uses OLE
DB underneath).

• ADO.NET is the next evolution of ADO for the .Net Framework.

• ADO.NET was created with n-Tier, statelessness and XML in the forefront.
• Two new objects, the Dataset and Data Adapter, are provided for these scenarios.
• ADO.NET can be used to get data from a stream, or to store data in a cache for updates.
There is a lot more information about ADO.NET in the documentation. Remember, you can execute a
command directly against the database in order to do inserts, updates, and deletes. You don't need to first
put data into a Dataset in order to insert, update, or delete it. Also, you can use a Dataset to bind to the
data, move through the data, and navigate data relationships.

4.4 NON FUNCTIONAL REQUIREMENTS

Enhanced Performance : ASP.NET is compiled common language runtime code running on the
server. Unlike its interpreted predecessors, ASP.NET can take advantage of early binding, just-in-time
compilation, native optimization, and caching services right out of the box. This amounts to dramatically
better performance before you ever write a line of code.

Power and Flexibility : Because ASP.NET is based on the common language runtime, the power and
flexibility of that entire platform is available to Web application developers. The .NET Framework class
library, Messaging, and Data Access solutions are all seamlessly accessible from the Web.

ASP.NET is also language-independent, so you can choose the language that best applies to your
application or partition your application across many languages.

Simplicity : ASP.NET makes it easy to perform common tasks, from simple form submission and client
authentication to deployment and site configuration. For example, the ASP.NET page framework allows
you to build user interfaces that cleanly separate application logic from presentation code and to handle
events in a simple, Visual Basic - like forms processing model. Additionally, the common language
runtime simplifies development, with managed code services such as automatic reference counting and
garbage collection.

19
Manageability : ASP.NET employs a text-based, hierarchical configuration system, which simplifies
applying settings to your server environment and Web applications. Because configuration information is
stored as plain text, new settings may be applied without the aid of local administration tools.

This "zero local administration" philosophy extends to deploying ASP.NET Framework applications as
well. An ASP.NET Framework application is deployed to a server simply by copying the necessary files
to the server. No server restart is required, even to deploy or replace running compiled code.

Scalability and Availability : ASP.NET has been designed with scalability in mind, with features
specifically tailored to improve performance in clustered and multiprocessor environments. Further,
processes are closely monitored and managed by the ASP.NET runtime, so that if one misbehaves (leaks,
deadlocks), a new process can be created in its place, which helps keep your application constantly
available to handle requests.

Customizability and Extensibility : ASP.NET delivers a well-factored architecture that allows

developers to "plug-in" their code at the appropriate level. In fact, it is possible to extend or replace any
subcomponent of the ASP.NET runtime with your own custom-written component. Implementing custom
authentication or state services has never been easier.

Security : With built in Windows authentication and per-application configuration, you can be assured
that your applications are secure.

Language Support:
The Microsoft .NET Platform currently offers built-in support for three languages: C#, Visual
Basic, and JScript.

20
 CHAPTER 5
SYSTEM DESIGN

21
 5. SYSTEM DESIGN

5.1 SYSTEM ARCHITECTURE

Fig 1 : System Architecture

22
5.2 DATA FLOW DIAGRAM

A data flow diagram is graphical tool used to describe and analyse movement of data through a
system. These are the central tool and the basis from which the other components are developed. The
transformation of data from input to output, through processed, may be described logically and
independently of physical components associated with the system. These are known as the logical data
flow diagrams. The physical data flow diagrams show the actual implements and movement of data
between people, departments and workstations. A full description of a system actually consists of a set of
data flow diagrams. Using two familiar notations Yourdon, Gane and Sarson notation develops the data
flow diagrams. Each component in a DFD is labelled with a descriptive name. Process is further identified
with a number that will be used for identification purpose. The development of DFD’s is done in several
levels. Each process in lower level diagrams can be broken down into a more detailed DFD in the next
level. The lop-level diagram is often called context diagram. It consists a single process bit, which plays
vital role in studying the current system. The process in the context level diagram is exploded into other
process at the first level DFD.

The idea behind the explosion of a process into more process is that understanding at one level of
detail is exploded into greater detail at the next level. This is done until further explosion is necessary and
an adequate amount of detail is described for analyst to understand the process.Larry Constantine first
developed the DFD as a way of expressing system requirements in a graphical from, this lead to the
modular design.

A DFD is also known as a “bubble Chart” has the purpose of clarifying system requirements and
identifying major transformations that will become programs in system design. So it is the starting point
of the design to the lowest level of detail. A DFD consists of a series of bubbles joined by data flows in
the system.

23
DFD LEVEL-0

INFORMATION REQUEST

USER GRAPHICAL
PASSWORD GPIS
AUTHENTICATION

Fig 2: DFD Level-0

DFD LEVEL – 1

Retrieve
Registration
picture
Information REGISTRATION
PROCESS PICTURE

Password
USER information
Login
information
Request LOG
information
Login result
LOGIN PROCESS Retrieve
information

Fig 3 : DFD Level-1

24
5.3 UML DIAGRAMS

5.3.1 USE CASE DIAGRAM

• Use-case diagrams model the behavior of a system and help to capture the requirements of the
system.
• Use-case diagrams describe the high-level functions and scope of a system.
• These diagrams also identify the interactions between the system and its actors.
• Use-case diagrams illustrate and define the context and requirements of either an entire system or
the important parts of the system.

Fig 4 : Use Case Diagram

25
5.3.2 Sequence Diagram

• The sequence diagram represents the flow of messages in the system and is also termed as an event
diagram. It helps in envisioning several dynamic scenarios.
• It portrays the communication between any two lifelines as a time-ordered sequence of events,
such that these lifelines took part at the run time.
• In UML, the lifeline is represented by a vertical bar, whereas the message flow is represented by a
vertical dotted line that extends across the bottom of the page.

Fig 5 : Sequence Diagram

26
5.3.3 Activity Diagram

• In UML, the activity diagram is used to demonstrate the flow of control within the system rather
than the implementation. It models the concurrent and sequential activities.
• The activity diagram helps in envisioning the workflow from one activity to another. It put
emphasis on the condition of flow and the order in which it occurs.
• The flow can be sequential, branched, or concurrent, and to deal with such kinds of flows, the
activity diagram has come up with a fork, join, etc.

Fig 6: Activity Diagram

27
5.3.4 Class Diagram

• The class diagram depicts a static view of an application. It represents the types of objects
residing in the system and the relationships between them.
• A class consists of its objects, and also it may inherit from other classes. A class diagram is
used to visualize, describe, document various different aspects of the system, and also construct
executable software code.
• It shows the attributes, classes, functions, and relationships to give an overview of the software
system

Fig 7 : Class Diagram

28
5.4 DATABASE DESIGN

A database design is a collection of stored data organized in such a way that the data requirements
are satisfied by the database. The general objective is to make information access easy, quick, inexpensive
and flexible for the user. There are also some specific objectives like controlled redundancy from failure,
privacy, security and performance. A collection of relative records make up a table. To design and store
data to the needed forms database tables are prepared. Two essential settings for a database are:
• Primary key : - The field that is unique for all the record occurrences.
• Foreign key : - The field used to set relation between tables. Normalization is a technique to avoid
redundancy in the tables.

DATABASE:

There are two tables in the database GPIS. They are login and picture.

Tables_in_GPIS

Login picture

Table Design

Serial No. Column name Data Type Size Key Default

1 Name VARCHAR 350 Primary

Table 1: picture table in Database

29
Serial Column Data Size Key Default
Type
No. Name

1 User VARCHAR 10 Primary

2 Level INT 200

3 Position VARCHAR 200

4 Name VARCHAR 200

5 First VARCHAR 10 foreign

Table 2: log table in Database

30
5.5 E-R DIAGRAM

ER Diagram : stands for Entity Relationship Diagram, also known as ERD is a diagram that displays the
relationship of entity sets stored in a database. In other words, ER diagrams help to explain the logical
structure of databases. ER diagrams are created based on three basic concepts: entities, attributes and
relationships.ER Diagrams contain different symbols that use rectangles to represent entities, ovals to
define attributes and diamond shapes to represent relationships.

Fig 8 : E-R Diagram

31
 CHAPTER 6
IMPLEMENTATION

32
 6. IMPLEMENTATION

6.1 SAMPLE SOURCE CODE

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Diagnostics;
using System.Data.SqlClient;

namespace WindowsFormsApplication1
{
public partial class Test : Form
{
string s;
public Test(string s1)
{
s = s1;

InitializeComponent();
}

private void Button13_Click(object sender, EventArgs e)

{
random();
Button1.Enabled = true;

33
 Button2.Enabled = true;
Button3.Enabled = true;
Button4.Enabled = true;
Button5.Enabled = true;
Button6.Enabled = true;
Button7.Enabled = true;
Button8.Enabled = true;
Button9.Enabled = true;
}

public void random()

{
textBox1.Text = "";

ListBox.ObjectCollection list = ListBox1.Items;

Random rng = new Random();
int n = list.Count;
//begin updating
ListBox1.BeginUpdate();
while (n > 1)
{
n -= 1;
int k = rng.Next(n + 1);
object value = list[k];
list[k] = list[n];
list[n] = value;
}
ListBox1.EndUpdate();
ListBox1.Invalidate();

34
{
string values = ListBox1.Items[0].ToString();
string[] tokens = values.Split(',');

int[] convertedItems = Array.ConvertAll<string, int>(tokens, int.Parse);

Button1.Location = new Point(convertedItems[0], convertedItems[1]);
}

{
string values = ListBox1.Items[1].ToString();
string[] tokens = values.Split(',');

int[] convertedItems = Array.ConvertAll<string, int>(tokens, int.Parse);

Button2.Location = new Point(convertedItems[0], convertedItems[1]);
}

{
string values = ListBox1.Items[2].ToString();
string[] tokens = values.Split(',');

int[] convertedItems = Array.ConvertAll<string, int>(tokens, int.Parse);

Button3.Location = new Point(convertedItems[0], convertedItems[1]);
}

{
string values = ListBox1.Items[3].ToString();
string[] tokens = values.Split(',');

int[] convertedItems = Array.ConvertAll<string, int>(tokens, int.Parse);

Button4.Location = new Point(convertedItems[0], convertedItems[1]);
}

35
{
string values = ListBox1.Items[4].ToString();
string[] tokens = values.Split(',');

int[] convertedItems = Array.ConvertAll<string, int>(tokens, int.Parse);

Button5.Location = new Point(convertedItems[0], convertedItems[1]);
}

{
string values = ListBox1.Items[5].ToString();
string[] tokens = values.Split(',');

int[] convertedItems = Array.ConvertAll<string, int>(tokens, int.Parse);

Button8.Location = new Point(convertedItems[0], convertedItems[1]);
}

{
string values = ListBox1.Items[6].ToString();
string[] tokens = values.Split(',');

int[] convertedItems = Array.ConvertAll<string, int>(tokens, int.Parse);

Button7.Location = new Point(convertedItems[0], convertedItems[1]);
}

{
string values = ListBox1.Items[7].ToString();
string[] tokens = values.Split(',');

int[] convertedItems = Array.ConvertAll<string, int>(tokens, int.Parse);

Button6.Location = new Point(convertedItems[0], convertedItems[1]);

36
 }

{
string values = ListBox1.Items[8].ToString();
string[] tokens = values.Split(',');

int[] convertedItems = Array.ConvertAll<string, int>(tokens, int.Parse);

Button9.Location = new Point(convertedItems[0], convertedItems[1]);
}
}

private void button10_Click(object sender, EventArgs e)

{
SqlConnection con = new SqlConnection(@"Data Source=LAPTOP-
M34OPHBP\SQLEXPRESS;Initial Catalog=ThreeLevelDB;Integrated Security=True");
if (con.State == ConnectionState.Closed)
{
con.Open();
}
SqlCommand cmd = new SqlCommand("select pattern from Img where userid='" + s + "'", con);
SqlDataReader dr = cmd.ExecuteReader();
if (dr.HasRows)
{
dr.Read();
if (textBox1.Text == Convert.ToString(dr[0]))
{
DialogResult d = MessageBox.Show("Login Successfull", "Successful",
MessageBoxButtons.OK, MessageBoxIcon.Information);
if (d == DialogResult.OK)
{

Process.Start("calc.exe");
37
 this.Close();
}
}
else
{
MessageBox.Show("Invalid Password", "ERROR !!!", MessageBoxButtons.OK,
MessageBoxIcon.Error);
}
}
else
{
MessageBox.Show("Invalid Password", "ERROR !!!", MessageBoxButtons.OK,
MessageBoxIcon.Error);
}
}

private void Button1_Click(object sender, EventArgs e)

{
textBox1.AppendText("1");
Button1.Enabled = false;
}

private void Button2_Click(object sender, EventArgs e)

{
textBox1.AppendText("2");
Button2.Enabled = false;
}

private void Button3_Click(object sender, EventArgs e)

{
textBox1.AppendText("3");
Button3.Enabled = false;
38
}

private void Button4_Click(object sender, EventArgs e)

{
textBox1.AppendText("4");
Button4.Enabled = false;
}

private void Button5_Click(object sender, EventArgs e)

{
textBox1.AppendText("5");
Button5.Enabled = false;
}

private void Button6_Click(object sender, EventArgs e)

{
textBox1.AppendText("6");
Button6.Enabled = false;
}

private void Button7_Click(object sender, EventArgs e)

{
textBox1.AppendText("7");
Button7.Enabled = false;
}

private void Button8_Click(object sender, EventArgs e)

{
textBox1.AppendText("8");
Button8.Enabled = false;
}

39
 private void Button9_Click(object sender, EventArgs e)
{
textBox1.AppendText("9");
Button9.Enabled = false;
}

private void Test_Load(object sender, EventArgs e)

{
Button1.BackgroundImage = Image.FromFile(@"Image\" + s + @"\1.jpg");
Button2.BackgroundImage = Image.FromFile(@"Image\" + s + @"\2.jpg");
Button3.BackgroundImage = Image.FromFile(@"Image\" + s + @"\3.jpg");
Button4.BackgroundImage = Image.FromFile(@"Image\" + s + @"\4.jpg");
Button5.BackgroundImage = Image.FromFile(@"Image\" + s + @"\5.jpg");
Button6.BackgroundImage = Image.FromFile(@"Image\" + s + @"\6.jpg");
Button7.BackgroundImage = Image.FromFile(@"Image\" + s + @"\7.jpg");
Button8.BackgroundImage = Image.FromFile(@"Image\" + s + @"\8.jpg");
Button9.BackgroundImage = Image.FromFile(@"Image\" + s + @"\9.jpg");

random();
}
}
}

40
CHAPTER 7

TESTING

41
 7.TESTING

7.1 SOFTWARE TESTING

Software testing is the process of checking whether the developed system is working according to
the original objectives and requirements. Software testing process commences once the program is created
and the documentation and related data structures are designed. Software testing is essential for correcting
errors. Otherwise the project is not said to be complete.

The system should be tested experimentally with test data so as to ensure that the system works
according to the required specification. When the system is found working, test it with actual data and
check performance. Software testing is a critical element of software quality assurance and represents the
ultimate review of specification, design and coding.

Need for Testing

Testing was essential for the following reasons:-

• Existence of program defects of inadequacies

• The software behaviour as intended by its designer
• Conformance with requirement specification/user needs.
• Assess the operational reliability of the system.
• Reflect the frequency of actual user inputs.
• Find the fault, which caused the output anomaly.
• Checks for detect flaws and deficiencies in the requirements.
• Check whether the software is operationally useful.
• Exercise the program using data like the real data processed by the program.

Testing Strategies

The philosophy behind testing is to find errors. Test cases are devised with this purpose in mind.
Test case is a set of data that the system will process as normal input.

42
Characteristics of a Good Test:

• Tests are likely to catch bugs

• No redundancy
• Not too simple or too complex

7.1.1 Unit Testing

The primary goal of unit testing is to take the smallest piece of testable software in the application,
isolate it from the remainder of the code, and determine whether it behaves exactly as you expect. Each
unit is tested separately before integrating them into modules to test the interfaces between modules. Unit
testing has proven its value in that a large percentage of defects are identified during its use. Unit testing
is a software verification and validation method where the programmer gains confidence that individual
units of source code are fit for use. A unit is the smallest testable part of an application. In procedural
programming a unit may be an individual program, function, procedure, etc., while in object-oriented
Programming, the smallest unit is a class, which may belong to a base/super class, abstract class or
derived/child class. Ideally, each test case is independent from the others: substitutes like method stubs,
mock objects, fakes and test harnesses can be used to assist testing a module in isolation. Unit tests are
typically written and run by software developers to ensure that code meets its design and behaves as
intended. Its implementation can vary from being very manual (pencil and paper) to being formalized as
part of build automation.

7.1.2 Integration Testing

Integration testing, also known as integration and testing (I&T), is a software development
process which program units are combined and tested as groups in multiple ways. In this context, a unit is
defined as the smallest testable part of an application. Integration testing can expose problems with the
interfaces among program components before trouble occurs in real-world program execution. Integration
testing is a component of Extreme Programming (XP), a pragmatic method of software development that
takes a meticulous approach to building a product by means of continual testing and revision.

There are two major ways of carrying out an integration test, called the bottom-up method and the top-
down method. Bottom-up integration testing begins with unit testing, followed by tests of progressively
43
higher-level combinations of units called modules or builds. In top-down integration testing, the highest-
level modules are tested first and progressively lower-level modules are tested after that. In a
comprehensive software development environment, bottom-up testing is usually done first, followed by
top-down testing.

7.1.3 Validation testing :

At the validation level, testing focuses on user visible actions and user recognizable output
from the system. Validations testing is said to be successful when software functions in a manner that can
be reasonably expected by the customer.

Two types of validation testing:

Alpha testing is simulated or actual operational testing by potential users/customers or an independent
test team at the developers' site. Alpha testing is often employed for off-the-shelf software as a form of
internal acceptance testing, before the software goes to beta testing

Beta testing comes after alpha testing. Versions of the software, known as beta version, are released to a
limited audience outside of the programming team. The software is released to groups of people so that
further testing can ensure the product has few faults or bugs. Sometimes, beta versions are made available
to the open public to increase the feedback field to a maximal number of future users.

44
 CHAPTER 8

OUTPUT SCREENS

45
 Fig 9: Registration Page

Fig 10: Selection of Image for Registration

46
Fig 11: Successful Registration

Fig 12 : Login Page

47
 Fig 13 : Jumbled Image

Fig 14 : Successful Login

48
CHAPTER 9

CONCLUSION

49
 9.CONCLUSION

The proposed Cued Click Points scheme shows promise as a usable and memorable authentication
mechanism. By taking advantage of users’ ability to recognize images and the memory trigger associated
with seeing a new image, GPIS has advantages over Pass Points in terms of usability. Being cued as each
images shown and having to remember only one click-point per image appears easier than having to
remember an ordered series of clicks on one image.
GPIS offers a more secure alternative to Pass Points. GPIS increases the workload for attackers by
forcing them to first acquire image sets for each user, and then conduct hotspot analysis on each of these
images.

50
CHAPTER 10

REFERENCE

51
 10. REFERENCE
► Websites

✓ http://searchsecurity.techtarget.com/definition/graphical-password

✓ http://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=8&ved=0CEs
QFjAH&url=http%3A%2F%2Fclam.rutgers.edu%2F~birget%2FgrPssw%2Fsusan3.p
df&ei=_HPdUsH5CI7xrQe87IEo&usg=AFQjCNGUZJ80lCOHxp2_W_KeAq2a-
pGF3w&bvm=bv.59568121,d.bmk.

► Books

✓ Blonder, G. 1996. Graphical Passwords. United States Patent 5559961.

✓ Wiedenbeck, S., Waters, J., Birget, J. C., Brodskiy, A., and Memon, N. 2005.
Authentication using graphical passwords: Effects of tolerance and image choice. In
Proc. Symp. On Usable Privacy and Security (SOUPS’05).

✓ Chiasson, S., van Oorschot, P. C., and Biddle, R. 2007. A second look at the usability
of click-based graphical passwords. In Proc. Symp. on Usable Privacy and Security
(SOUPS’07).

✓ Dirik, A., Menon, N., and Birget, J. 2007. Modeling user choice in the PassPoints
graphical password scheme. In Proc. Symp. on Usable Privacy and Security
(SOUPS’07).

52
Journal of Engineering Sciences Vol 14 Issue 03,2023

A Secure Graphical Password By Image Segmentation System

Dr.P.Ratna Babu M.Tech,Ph.D,Profressor,Department of CSE,KHIT,Guntur
email-id:ratnajoyal@gmail.com
Y. Eswari Sai Tejaswi1, Y. Varun Kumar2, U. Chandra Kiran Reddy3, Y. Sai Rohith4
1,2,3,4
UG Student, 1,2,3,4Department of Computer Science and Engineering
1,2,3,4
Kallam Haranadha Reddy Institute of Technology, Chowdavaram, Guntur, Andhra Pradesh,
India

ABSRACT

In click-based graphical passwords, discretization is a common technique for accommodating input

variance so that roughly correct passwords are accepted by the system. In this study, we demonstrate
for the first time that the security of such graphical passwords is compromised by the considerable
password information leakage caused by two sample discretization algorithms. We use this data leak to
launch successful dictionary attacks on Persuasive Cued Click Points (PGPIS), the most secure click-
based graphical password scheme to date and one that was thought to be immune to such assaults. In
our trials, when Centred Discretization was used to implement PGPIS, our completely automated
assault successfully guessed 69.2% of the passwords, and when Robust Discretization was utilised,
39.4% of the passwords. The number of entries in each attack dictionary we employed was about
equivalent to the number of entries in the entire password space. When the dictionary size was
decreased to about entries, our approach still succeeded in guessing 50% of the passwords for Centred
Discretization. Other click-based graphical password systems like Pass Points and Cued Click Points,
both of which have received a great deal of research attention, are similarly susceptible to our attack.

Keywords : image processing, pattern recognition,Graphical Password, Image Segmentation and

storage,Image recognization, Part jumbling, Image submission, Authentication.

1. INTRODUCTION

In Web and other applications, passwords are frequently used to authenticate users to remote services.
Text- based passwords have been around for a while. Blonder introduced graphical passwords as an
alternative to text passwords in 1996. A user enters or creates a password using a graphical password by
interacting with one or more images. In order to take advantage of the promise of higher memorability
and increased security against guessing attempts, graphic passwords are used. For keyboard-less devices
like iPads and iPhones where entering a text password is difficult, graphical passwords are especially
useful. As an illustration, Microsoft's recently released Windows 8 offers graphical password logon.We
anticipate seeing a larger adoption of graphical passwords in Web apps as smart phones and slate PCs
become in popularity.

The project allows users to enter an image as their password, and only they are aware of the full
appearance of the image. The system divides the image upon receipt into an array of images and saves
them accordingly. The segmented image is received by the system in a disorganised order the following
time a user registers on. Now, if the user selects the image's component pieces in a manner that creates the
original image he sent, thenthe user is taken to be real. Otherwise, access is denied to the user.

ISSN:0377-9254 jespublication.com Page 664

Journal of Engineering Sciences Vol 14 Issue 03,2023

2. LITERATURE SURVEY
In the article titled "Combined PWD: This Scheme Proposes An Online Secret Phrase Verification
Component," Wantong Zheng and Chun fu Jia suggested that the present secret word validation
framework be strengthened by adding separators (such as spaces) into the passwords. The client's
feedback is utilised in this strategy. When registering a record on this test site, users can insert spaces
into their secret words to indicate where they should stop, and the site's back end keeps track of how
many spaces are placed in each hole in the paper.

In his proposal "Time based Unique Password: The client will set an underlying secret word to describe
how the secret key will change over a defined period of time, and we found that the framework. This was
done to avoid issues focused on a third party, such as one-time password emails, tests, and token devices.
The system's usability in terms of availability was then discovered to be improved while maintaining the
strength of the dynamic password. Yang Jing yang suggested a secure password authentication system.
Weak password authentication methods and strong password authentication schemes are the two
categories into which one-time password authentication schemes fall. [2].

Refish Salah Proposed In many applications, including websites and database systems, the password
authentication code (PAC) is a crucial issue. PAC-RMPN is the solution Salah Refish suggests. This
paper introduces PAC between two clients to confirm verification between them. This study offers a fresh
approach to the age-old issue of incoming password authentication. They should devise a plan to protect
this secret word from any potential assailants. A legitimate user just enters his password and clicks Enter
to send it to another user for authentication. [3]

Shen pingpingping "A secure password authentication technique" was proposed, providing
greater security.This approach combines patterns, keys, and fictitious digits. In order to accomplish this,
the client must recognise and use network area numbers as design, register key qualities that direct respect
towards a secret password, and attach faker qualities to deceive the attacker. From that point on, the client
must review the example and follow the secret key from design with enrolled key qualities, creating a
secret word by incorporating fictitious digits, in order to log in. Because to the high complexity of
guessing passwords in multi-levels: first from the pattern, then from key, and lastly from dummy values,
it minimises shoulder surfing, brute force attacks, cross site scripting, etc. [4]

Rafiq M.Q. Ansari and Umar, S. proposed Password chafing model: The secret key is the essential key to
getting approval, however because the customer chose a weak secret key, programmers have had much
success in secret phrase breaking. The suggested framework combines Honey encryption with the
Honeyword procedure to strengthen the secret key stockpiling. Honeywords are fictitious passwords that
are hidden with a special secret word to entice the attacker. The fundamental concept underlying
Honeyword is the use of fictitious passwords. They will entice the attacker. Other methods, such as
chaffing-with-tweaking, chaffing-with password models, etc. are available to produce the Honeyword of
the original password, but thecurrent method is used. [5]

ISSN:0377-9254 jespublication.com Page 665

Journal of Engineering Sciences Vol 14 Issue 03,2023

3. PROPOSED SYSTEM

Another shoulder-surfing-resistant method has been put out by us. In this method, the user chooses a
number of images to serve as pass-objects. Every pass-object contains a number of versions, and each
variant has its own code. The user is presented with a number of scenes to complete during authentication.
Many pass-objects (each in the form of a randomly selected version) and numerous decoy-objects are
present in every scenario. The user must enter a string containing the distinct codes for each of the pass-
object versions visible in the scene, as well as a code denoting the pass-objects' placement in relation to a
set of eyes. The claim is that even if the entire authentication procedure was videotaped, it would be
exceedingly difficult to crack this kind of password because there was no mouse click to provide the pass-
object information. The alphanumeric code for each pass-object version must still be memorised by users
of this technique. Later, this method was expanded to let users give their own codes to pass-object
variants. Unfortunately, this approach still necessitates that the user memorise numerous text strings,
resulting in all of the problems associated with text-based passwords.

3.1 MODULES
There are 5 modules in the system:
1. Image Submission
2.Image Fragmentation and Storage of Image
Parts3.Part Jumbling
4.Authentication

Fig 1 : System Architecture

ISSN:0377-9254 jespublication.com Page 666

Journal of Engineering Sciences Vol 14 Issue 03,2023

Description :-

1. Image Submission : User-submitted images are accepted.

2. Image Fragmentation and Image Part Storage: Next, the image is divided into an 9x9 grid by the
system.The image components are divided and stored separately.
3. Part Jumbling: The user is then given the parts in an unnatural order.
4. Authentication: After choosing the components in the original image's order, the authentication is
eithersuccessful or unsuccessful..

4. RESULTS AND DISCUSSION

Visual Studio 2010 has the Project loaded. For the project's design and coding, we used Visual Studio.
webuilt and maintained all databases on SQL Server 2008, writing queries to store data or keep track of
projects.

Fig 3 : Visual Studio

4.1 Front End Technology :

4.1.1 Microsoft .Net Framework:

A new computer platform called the.NET Framework makes it easier to construct applications
in the highly distributed Internet environment. Unmanaged components that host the.NET Framework can
start managed code execution by loading the common language runtime into their processes. This creates
a software environment that can take advantage of both managed and unmanaged features. In addition to
offering a number of runtime hosts, the.NET Framework also encourages the creation of runtime
hostsby third parties.

ISSN:0377-9254 jespublication.com Page 667

Journal of Engineering Sciences Vol 14 Issue 03,2023

4.2 Backend Technology :

4.2.1 About Microsoft SQL Server :

Microsoft SQL Server is a client/server relational database that uses Structured Query Language
(SQL). Each of these phrases describes a crucial element of SQL Server's design. You must employ a
set of commands and statements (a language) established by the DBMS programme in order to interact
with the data in a database. Relational databases support a variety of languages, the most popular of
which is SQL.

4.3 Results

The Project will produce the following results

Fig 4 : Registration Page

ISSN:0377-9254 jespublication.com Page 668

Journal of Engineering Sciences Vol 14 Issue 03,2023

Fig 5 : Registration Process

Fig 6 : Successful Registration

ISSN:0377-9254 jespublication.com Page 669

Journal of Engineering Sciences Vol 14 Issue 03,2023

Fig 7 : Login Page

Fig 8 : Part
Jumbling

ISSN:0377-9254 jespublication.com Page 670

Journal of Engineering Sciences Vol 14 Issue 03,2023

Fig 9 : Successful Login

6. CONCLUSION

As a practical and memorable authentication technique, the suggested Cued Click Points scheme has
promise. GPIS is more usable than PassPoints because it makes use of users' capacity to recognise images
and the memory trigger connected to seeing a new image. It seems simpler to be cued when each image is
displayed and to only have to remember one click point per image as opposed to having to remember an
ordered succession of clicks on a single image.
A safer substitute for PassPoints is GPIS. By requiring attackers to first obtain image sets for each
user and then perform hotspot analysis on each of these photos, GPIS increases the effort for attackers.
We can also include challenge response interactivity in future developments. In challenge-response
interactions, the server will pose a challenge, and the client will then need to respond in line with the
requirements. Access is allowed if the response is accurate. We can also restrict the number of
incorrect password entriesa user can make.

REFERENCES

Websites :

• http://searchsecurity.techtarget.com/definition/graphical-password.

ISSN:0377-9254 jespublication.com Page 671

Journal of Engineering Sciences Vol 14 Issue 03,2023

• http://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=8&ved=0CEsQFjAH&url
=ht
tp%3A%2F%2Fclam.rutgers.edu%2F~birget%2FgrPssw%2Fsusan3.pdf&ei=_HPdUsH5CI7xrQe
87IEo&usg=AFQjCNGUZJ80lCOHxp2_W_KeAq2a-pGF3w&bvm=bv.59568121,d.bmk

ISSN:0377-9254 jespublication.com Page 672

Journal of Engineering Sciences Vol 14 Issue 03,2023

Books :

• G. Blonder, "Graphical Passwords," 1996. US Patent 5559961.

• Wiedenbeck, S., Waters, J., Birget, J. C., Brodskiy, A., and Memon, N. 2005. Authentication
using graphical passwords: Effects of tolerance and image choice. In Proc. Symp. On Usable
Privacy and Security (SOUPS’05).

• S. Chiasson, P. C. van Oorschot, and R. Biddle 2007. a second look at the click-based graphical
passwords' usability. On Usable Privacy and Security (SOUPS'07) in Proc.

• A. Dirik, N. Menon, and J. Birget 2007. using the PassPoints graphical password to model user
choice scheme. In Proceedings of the 2007 Symposium on Usable Privacy and Security.

Journal of E ngineering S ciences

ISSN:0377-9254 jespublication.com Page 673