Security Analysis using Text, Image, and Opass

Based authentication
Nandini C
1
, Netravati k
2
, Ambika S
3
, Sowjanya.H J
4
Department of Computer Science, RYMEC Bellary
Nandini2905@gmail.com
Netravati.kpl@gmail.com
Sajjan.ambika18@gmail.com
Sowjanya.jutoor@gmail.com
Under the guidance: Asst-prof:Anuradha S.G
anuradha_gaddagin@rediffmail.com
Abstract - In todays generation people are doing many online
activity such as online banking, online exam, checking mails.
Along with that the people are more addicted towards social
network where the personal information and of user is stored
and shared across network. This results in moment of large data
from system to the world and there are more chances of attack
on this data. Security is a major issue in all such applications
and is also a challenging task.In the recent years Text based
password, Image based password, and Audio based password
are the various techniques used in the security analysis targeting
for biometric systems, token based systems , ATM, captcha etc.
Each of these has their own pros and cons. The proposed paper
aims at developing three-level of security viz: text based
password at level one, image based authentication at level two
and one time password which is valid for one log in session at
the third level. The third level password is generated to our
email-id and mobile phones and is called OTP.Thus the
developed model enhances the security of cyber applications
and provides user-friendly approach for maintaining the
passwords.
KEYWORDS-Text based password, Image based authentication,
One time password, Brute force attack, Key loggers attack, Hidden
cameraattack, Spyware attack.

I INTRODUCTION
Authentication is a function where a user presents some
credentials to the system. If credentials match a given set to
be authenticated otherwise user is not authenticated. Now- a-
days, to secure our sensitive data like bank account details,
login details of the account is not a simple task. Because
cyber attacks has been increased in a tremendous rate. It is
important to provide security for websites. A password is aun
spaced sequence of characters used to determine that a
computer is requesting access to a computer system is really
that particular a user and it is more widely used
authentication method. Users often create memorable
password that are easy for attackers to guess. It is also
predictedthat, with the increase in the value of information
protected by passwords there is also an increase in the
number of hack attempts. The main problems with the
passwords are stealing of password, forgetting the password
and providing a weak password.Generally text based
authentication is used to authorize a user.Text based
password is a combination of letters, numbers and symbols
example: abcde, 1234567, @abcd$ etc. users create there
passwords which are easy to remember and this leads to
hackers to guess the password easily [1, 2].
Number of other types of system such as biometric system
using fingerprint, retina, captcha based system, token based
system, as in ATM [3, 4, 5]. And image based techniques
where images set as passwords [6, 7] it helps in thwarting
brute force attack, key loggers attack, spyware attack etc[8].
Each technique has demerits.
The proposed model is integration of three techniques text
based password, image based authentication and one time
password. Part I of this paper is about introduction, part II of
this paper is about background, part III of this paper is related
work of our proposed model, part IV of this paper is the
Results, part V is about conclusion and future work.
II BACKGROUND
SINGLE-LEVEL AUTHENTICATION (SECURITY SYSTEM)
1. Text based passwords
2. Biometric security system



1. Text based passwords:
A Text based password is a string of characters or a
word used for user authentication in order to gain
access to any accounts or profiles and it should kept
select from those who are not allowed to access the
account or profile

Attacks





















Table1: The possible attacks of text based password

Advantages
Here we have to use Alphanumeric uppercase,
lowercase to set a strong password which is difficult
for user to remember.
Because of this it is difficult to guess password for
hackers.
Disadvantages:
The Password which is typed using keyboard or
mouse can easily identified using keyboard or
mouse can easily identified using key stroke, mouse
movement and shoulder movements.
Sometimes it leads to brute force attack.

2. BIOMETRIC SECURITY SYSTEM:
It works based on information based on a person to
identify that person like face recognition, fingerprint
technology.

Advantages:

Increase security-provides a convenient and low-
cost security.
Eliminates problems caused by cost IDs or forgotten
password.
Make it possible, automatically, to know WHO did
WHAT, WHERE and WHEN!
Disadvantages:
Iris recognition and retinal scan needs scanner and
these techniques are futile for dirtiness, injury and
roughness.
In facial recognition the accuracy is low and it needs
camera as a additional device.
In case of voice recognition it needs additional
device.
In case of signature recognition it needs optical pen
and touch panel.

Types of attacks

Spoofing attack- It is used fingerprint technology. It
makes use of forensic techniques. The latent
fingerprint was highlighted and a photograph taken.

Brute force attack

It is a trial and error
method. In a brute force
attack automated software
is used to generate large
no of consecutive
guesses.


Hidden camera

It is still or video
camera used to observe
people without their
knowledge.



Key loggers attack

Key logger is a program
that records the key
strokes on a computer it
does this by monitoring a
users input and keeping a
log of all keys that are
pressed. The log may save
to a file or even sent to
another machine through
internet.


Shoulder surfing

It can be done using
binoculars, vision
enhancing devices, closed
circuit television cameras
which can be fixed in
walls or celling which is
used to observe data
entry.


That picture was later used to leave false latent
fingerprints on objects.

Face recognition attack- In this technique they
make use of photographs, basic drawing of human
face, videos recorded in laptops in order to hack.

Signature based system attacks- In this attack they
make use of forgeries produced with an increasing
level of skill.
TWO LEVEL AUTHENTICATIONS (SECURITY SYSTEM)
It is an approach to confirm the identity of the user through
two mean of identification.The best example for two level
authentication ATM.The first level is inserting the card and
the second level is entering the password.
There are 3 factors in authentication
1) What you know.
2) What you have.
3) What you are.
What you know would be a traditional user id,
password. This is something that the user knows
&carries around in their head.
What you have is a device the user process.
Example: smart cards, tokens, & any other devices.
What you are would be the physical characteristics
of user that ideally it cant be modified.
Example: finger prints, Face recognition, retinal
weans or voice. Authentication what you are would
obviously be biometric system. Combining any of
these two factor is two authentication.
Advantages:
Enhanced security: We cant provide security for
text password becauseitcant be easily hacked by the
hacker. So no longer can a hacker hide behind on
anonymous password. They must also provide
physical proof to verify, identity or they are denied
access.

Reducedrisk: In single factor authenticating uses
only one form of id, with brute force attack where
passwords are guessed. To overcome this we are
using two factor authentication .this translates into
reduced risk of loss.

Minimize training and help desk time: By using text
password only as we need high security use
complex password. This may find difficult to
remember password so in two factor authentication.

-First authentication-> swipe cards can be
used.
-Second authentication -> thumb print.
The help desk is freed to do more than reset
passwords.

Resistant to password compromise: Passwords have
a number of problems of associated with them. If
you choose a secure password, it can be difficult to
remember. By adding second layer of security, even
if someone has your password, they are unable to do
any damage without your key.
Example: finger print technology, one time
password etc.
Disadvantages:
. This recognition and retinal scan needs addition
hardware support
Finger print and geometry needs scanner and the
techniques are a futile for dirtiness, injury and
roughness.
In facial recognition accessory is low and it needs
camera as additional device.
In case of voice recognition it needs additional
device.
In case of signature recognition it needs optical pen
and touch panel.

III RELATED WORK
The main objective of 3 level security systems
is to provide security for websites. 3 level security
systems is an user friendly and an esoteric study of
images as password and implementation of an
extreme secured system.

Block diagram
The block diagram of the three level security system
is shown below.

Fig.1 Block diagram of three level security system
Level 1
Security at level 1 is provided by the simple text based
password. The below image shows the simple text based
password

Fig.2 simple Text based password
Level 2
Security at level 2 is provided by image based authentication.
Which helps to eliminate shoulder attack, tempest attack, and
brute force attack, it consists of three image grids. User has to
select a single image from each grid as a password.

Images of level 2
Fig.3 image grid 1


Fig.4 Image grid 2


Fig.5 Image grid 3
Level 3
Aftersuccessfully completing 2 levels a onetime
password which is valid for just one login session is
generated to an email id. The below diagram shows
generation of one time password.


Fig.6 Generation of one time password

IV SCREENSHOTS
1. Registration stage

Fig.6 Registration page











1. Login stage
In login stage the user has to enter username and
password and select set1 or set2 grids that were selected
during registration stage. Then user is presented with
level 2 after successfully completing level 2 one time
password is generated to e-mail id.



Fig.7 Enter the one time password

CONCLUSION
The Proposed security analysis ensures for providing high
security for online activities, online bankings and checking
mails.in addition to that it provides security for many social
network websites. The implementation is done at three levels
Text, Image and Otp.
References
[1] C.Thenmozhi, S.Sathvi, B.Thamotharan Two level image
basedauthentication system School of Computing, SASTRA University,
Thanjavur. Vol no 3 Jun-July 2013.
[2]Vikash Kumar Agarwal1, Bhaskra Nand2, Lalitendu khandagiri3
Authentication of System using Text, Image andAudio International
Journal Of Engineering And Computer Science ISSN:2319-7242
Volume 3 Issue 2, February 2014.
[3] Ratha, N.K., Thomas J., Bolle, R.M Enhancing securityand privacy in
biometrics-based authentication systems, IBM Systems Journal, 2001.
[4] Chao L., Yi-xian Y., Xin-xin N.,Biometric-based personal identity-
authentication system and security analysis , TheJournal of China
Universities of Posts an Telecommunications Volume 13, Issue 4, December
2006.
[5] Mudassar Raza, Muhammad Iqbal, Muhammad Sharif and Waqas Haider
A Survey of Password Attacks and Comparative Analysis onMethods for
Secure AuthenticationComsats Institute of Information Technology, Wah
Cantt., 47040, Pakistan 2012.
[6]Student: Pranav Patki1, Swapnil Patil2,Nagesh Jadhav3,Gaurang
Nimbalkar4 , Prof.N.J.Kulkarni5 Security Analysis and Implementation of 3
level security using Grids,OTP and GSM .
[7]M.Manjunath, Mr. K. Ishthaq Ahamed and Ms. Suchithra Security
Implementation of 3-Level Security System Using Image Based
Authentication Volume 2, Issue 2, March April 2013.
[8]sarika khaladkar1, sarita malunjkar2 & pooja shingote3
three way security using image based
authentication systemInternational Journal of Computer & Communication
Technology ISSN (PRINT): 0975 - 7449, Volume-4, Issue-2, 2013.