Computer Science Education Project Topics

A Secured Graphical Authentication for Web Based Applications

A Secured Graphical Authentication for Web Based Applications

A Secured Graphical Authentication for Web Based Applications

CHAPTER ONE

Objective of the Study

The main objective of this study is to develop a secure graphical authentication for web based  applications. The specific objectives are to:

  1. present a comparativeanalysis of existing graphical authentication technique; 2. design a shoulder surfing resistant graphical technique for generating user‟s graphical  password;
  2. perform a One-Time password challenge response for every authentication and 4. evaluate the password space, entropy and resistance to shoulder surfing attack.

CHAPTER TWO

REVIEW OF LITERATURE

Introduction

Confidentiality, availability, authentication and data integrity are the four major characteristics of information security and this gives a variety of possibilities on how information can be attacked or defended. While thesecharacteristics are required in an  organization, the relevanceof each of these varies from organization to organization. In  financial institutions, data integrity is vital, if an institution loses the reliability of its  information, it will be shut down. For e-business, availability is paramount, loss of service  may lead to large loss of revenue. In many military applications, confidentiality is the most  important property; disclosure of military plans or operations to the enemy could be very fatal  (Shimeall & Spring, 2014). Authentication cuts across most organizations and it is the focus  of this project.

Types of Authentication

Identification is the process of providing a means of identifying a user, for example,  username and password. Authentication is a way of confirming the identity of a user and it is  closely related to authorization, the process of granting appropriate access rights to resources  of an authenticated user. In the environment of sensitive resources, authentication is  unavoidable. (Dijk, 2014).

Currently there are three main proceduresto an authentication method. These  proceduresdepend on the acquisition of a piece of information, object or  biometrics(Abdulkaderet al, 2015);

Knowledge Based Authentication

In Knowledge Based Authentication, users are verified after proving the ownership of certain  piece of information only known to the authorized user called factoids. Factoids can be  described as personal or non-personal, static or dynamic information (He, Luo & Choi,  2007). Text-based and graphical authentication are good examples of this authentication  approach.

 

CHAPTER THREE

METHODOLOGY

Introduction

This research work adopts the use of Cued recall graphical based and text-based technique. It  is designed using web-development tools. Below are the methods that wereused in achieving  the desired specific objectives of this research.

Interface Design

In this section, we explain the interface of the proposed scheme which is the most critical part  of the research. This schemeutilizesset of coloured rows and columnswhich may assist users  in identifying their chosen cell. The interface design elaborates on the cued recall graphical  technique being utilized. This scheme will involve the following;

Rows and Columns: As shown in Figure 3.1, the grid is made of 13 columns and  9 rows. From these rows and columns are 6 columns and 4 rowsthat are assigned  unique colours and values (these are all the even rows and columns; the odd rows  and column are not assigned any colour or value). The values are permanently  assigned to the rows and columns. The concept of these unique rows, columns and  their intersection is gotten from the earth‟s longitude and latitude whose  intersection is unique and are used to provide co-ordinates. (The Editors of  Encyclopedia Britannica, 2012). Every intersection of the coloured rows and  column is unique and its purpose is to assist in locating a particular cell in the  grid.Figure 3.1, shows the intersection between the white row (4) and red column (1); the format of this co-ordinate is written as (4,1). During registration and  authentication, these coloured rows and columns are randomly arranged on the  grid but still retain the values given to them.

CHAPTER FOUR

DATA ANALYSIS, RESULTS AND DISCUSSION OF FINDINGS

Introduction

This chapter describes the implementation of the graphical authentication system as well as  its underlying functionalities. A pictorial description is also given to explain the functionality  of the schemed which is categorized into registration, authentication and password recovery.  Significant tests were conducted to verify the effectiveness and efficiency of the system.  Finally, several findings and observations were made.

Implementation of the Scheme

In the system implementation stage, the newly developed system undergoes testing from the  beginning step of the system to the final step as this is an important phase in software development life cycle.

CHAPTER FIVE

SUMMARY, CONCLUSION AND RECOMMENDATIONS 5.0 Introduction

This chapter concludes this research work on a secure graphical authentication for web based  application by giving the summary, conclusion and also providing recommendations and suggestions for further studies.

Summary

This research work is focused on web based applications and cuts across all electronic device of screen size of about 650 by 450 pixels or above with a web browser that has internet access. The utilization of coloured rows and columns play a major part in the application as it provides a pictorial view which may assist the user to identify the chosen cell in other to input their chosen pair of value. This pictorial view also mitigates the need for uploading individual pictures for use during authentication, creating one single dynamic view (as the coloured rows and columns are randomly placed during authentication) which is utilized by all users.

The movement of the values across the grid and the random placement of the coloured rows  and column makes the application immune to shoulder surfing attacks. The use of one-time  challenge response password also increases the security of the application.

Conclusion

The concept of graphical authentication system is to tackle the human factor of using easy to  guess password and create a friendlier environment which increases the rate of generating  stronger password. However, the development of a robust graphical authentication has  always been at the cost of forgoing one or more features of an authentication system. These  features may be delay during registration and/or authentication, utilization of pictures which  can be a burden on the server, multiple icon/pictures for user to search through which can be  strenuous and users trying to understand the concept of the graphical authentication system.

The use of text-based authentication is still accustomed by many users. Changing or adding  graphical authentication to the mind-set of user will still require more time.

Recommendations

Irrespective of the fact that text-based authentication is still the norm in this present age, it  cannot be ignored that it has not increased memorability. This research is recommended for  web based applications aimed more at increasing memorability and also in a crowded  environment where the mitigation of shoulder surfing is unavoidable. Servers with little  storage capacity. This scheme can also be used as a Completely Automated Turing Test to  tell Computers and Humans Apart (CAPTCHA).

Contribution to Knowledge

This research work has been able to contribute to knowledge by providing set of rows,  columnwhose colours and intersections assists in locating the chosen cell without browsing  through the entire grid system. The random placement of the coloured rows and columns and  the simultaneous movement of the left and right values in each cell provides a level of  resistance to shoulder surfing attacks. In addition, the concept of the scheme requires no  upload of pictures reducing the storage capacity utilization of the server.

Limitation of the Study

This research focus primarily on mitigating shoulder surfing attacks and those not majorly  address other attacks such as brute force, dictionary and intersection attacks. In addition,  access to the Internet incurs some issues.

Suggestion for Further Studies

This research work can be extended further to be utilized in devices of smaller screens  basically for access into thedevices to view its content e.g. smart phone, pads etc. Given the  intersection of these coloured rows and columns, itcan create a more interestingand

interactive puzzle for users whenever they want to unlock their portable device.  Usability evaluation of this research can be conducted to determine the user convenience and  ease of use of the scheme and in addition, the pair of values in each cell can be replaced with  images/objects in other to determine the efficiency and effectiveness of the system. The utilization of scrolls wheel for inserting values into the cells can be implemented and  observed.

REFERENCES

  • Abdulkader, S. N., Ayman, A., & Mostafa, M.-S. M. (2015). Authentication Systems:  Principles and Threats. Computer and Information Science, 8(3).
  • Adams, A., & Sasse, M. A. (1999). Users are not the enemy. Communications of the ACM,  42(12), 41-46.
  • Adhatrao, K., Gaykar, A., Jha, R., & Honrao, V. (2013). A secure method for signing in using  quick response codes with mobile authentication. International Journal of Student  Research in Technology & Management, 1(1), 01-11.
  • AlAhmad, M. A., & Alshaikhli, F. I. (2013). Broad View of Cryptographic Hash Functions.  International Journal of Computer Science Issues, 10(4).
  • Almulhem, A. (2011). A Graphical Password Authentication System. Internet Security  (WorldCIS). IEEE.
  • Alsaiari, H., Papadaki, M., Dowland, P., & Furnell, S. (2016). Graphical One-Time Password  (GOTPass): A usability evaluation. Information Security Journal: A Global  Perspective. doi:10.1080/19393555.2016.1179374
  • Atkins, L. (2013, November 10). BlackBerry 10 Getting Picture Password Unlock Screen.  Retrieved October 25, 2016, from N4BB: http://n4bb.com/blackberry-10-getting picture-password-unlock-screen/
  • Bahrick, H. P., & Phelps, E. (1984). Semantic memory content in permastore: fifty years of  memory for Spanish learned in School. Journal of Verbal Learning and Verbal  Behavior, 14, 1–24.
  • Berners-Lee, T., Bray, T., Connolly, D., Cotton, P., Fielding, R., Jeckle, M., . . . Williams, S.  (2004, December 15). Architecture of the World Wide Web, Volume One. Retrieved  March 03, 2017, from World WIde Web Consortium:  https://www.w3.org/TR/2004/REC-webarch-20041215
  • Biddle, R., Chiasson, S., & Oorschot, P. (2011). Graphical password: Learning from the first  twelve years. Technical Report TR-11-01,.
  • Birget, J., Hong, D., & Memon, N. (2005). Robust discretization, with an application to  graphical password. Cryptology ePrint Archive, report 2003/168.
  • Blonder, G. (1996). United State Patent No. 5559961.
  • Carlson, N. R., & Heth, D. C. (2010). Psychology–the science of behaviour. Toronto: Person.
  • CESG. (2016, April 15). The problems with forcing regular password expiry. Retrieved  September 22, 2016, from CESG: https://www.cesg.gov.uk/articles/problems-forcing regular-password-expiry
WeCreativez WhatsApp Support
Our customer support team is here to answer your questions. Ask us anything!