You are on page 1of 5

International Journal of Computer Trends and Technology (IJCTT) – volume 4 Issue 8–August 2013

ISSN: 2231-2803 Page 2868
Graphical based Secure Authentication System for Online

G.Mani Mayuri,
Department of Computer Science &
Gudalavalleru Engineering College

S.Vineela Krishna, M.Tech
Assistant Professor,
Department of Computer Science &
Gudalavalleru Engineering College

Abstract – The Recent growth for graphical passwords
since last decade is likely due to the undeniable fact that
older methods complained of innumerable attacks.
Password authentication is failing since an authentication
given that increases the user burden to recollect the
passwords. Graphical authentication is proposed to be the
alternative for textual passwords since it could be simple for
users to remember. In this particular paper we propose a
new image region selection based graphical password
scheme. Now we will present a new technique for
authentication which is certainly driven by tracking of
mouse motions on an image called mouse gestures for
selecting regions in the reputation. User authentication is
critical to secure the comprehensive data and process on
Internet and in digital devices. Static text based
authentication are most popularly employed authentication
systems as inexpensive and highly scalable. Normally, a
gesture is basically a sequence of interactions using the
application, which represents perhaps one of the Specified
symbols. A mouse gesture is a continuous, directed sequence
of the mouse cursor movements when using the clearly
distinguished start and end. Significant usability goal for
authentication systems would be to support users in
selecting better passwords. Users often create memorable
passwords which get simple for attackers to guess, but
strong system-assigned passwords are difficult for users to
remember. So alternative methods wherein graphical
pictures are employed as passwords. Graphical passwords
essentially use images or representation of images as
passwords. Today, text passwords are easily cracked by
intruders using several simple means, viz- dictionary,
password surfing and social engineering attack. To lessen
the down sides with traditional methods, advanced methods
using graphical password authentication i.e. Improved
Persuasive Cued Click- Points (PCCP) is proposed. This
improved PCCP technique that provides greater security
than Pass Points and PCCP due to the reason that the wide
range of images boosts the workload for attackers.

Keywords – Pass points, Authentication, Click point, GUI
password Mechanism.

Mostly, users will select passwords that are predictable.
This will generally happen in case of graphical and text
based passwords. Users will usually choose memorable
password, unfortunately it indicates that this passwords
tend to follow predictable patterns that are easier for
attackers to guess. While the predictability problem can
be solved by disallowing user choice and assigning
passwords for people, this usually gets to usability issues
since users cannot easily remember such random
Multitude of graphical password systems happen to
developed, Study shows that text based passwords suffers
each of security and usability problems. According to a
recent news article, a security team with a company ran a
network password cracker and within 30 seconds and
these people identified about 80% of the passwords. It
can be know that the human brain is better at recognizing
and recalling images than text, graphical passwords
exploit this human characteristic.
Users employ passwords as a kind of authentication to
properly identify themselves on any computer or
communications network. Passwords provide security
fromoutside threats by only allowing a user recognizing
the password to get access to specific content. Passwords
are chosen within the type of devices, from computers
and cell phones, to websites and ATMs. Passwords can
be simple numeric sequences, or Pins; complex mixtures
of letters, numbers, and special characters; or graphical
images that your user can click or pull from. The
commonest type of password will be the alphanumeric
password which is liable to dictionary attacks where in
attacking user or programtries common words and word
combinations typically a dictionary contains. Using the
speed of contemporary computers, a very large number
possible password might be checked per second. One of
the main reasons that dictionary attacks work is the idea
that users are inclined to choose passwords which get
quite simple to remember, an example would be words
present in a dictionary. Many password schemes happen
to proposed to construct passwords which get quite
simple to remember, but secure fromdictionary attacks.
Graphical passwords provide one such substitute for
traditional passwords approaches. The essential premise
is pictures are much easier to remember or recognize than
text. Many different schemes could have been proposed
for users to utilize pictures or drawings instead of
entering text characters [2-7]. A good example of this
type scheme happens to be the user selects a sequence of
images as their password, and the moment authenticating
themselves, they're asked to select their images typically
variety of random pictures. Yet another approach that
attempts to defeat surfing will be the user is presented by
using a random collection of icons and needs to click

International Journal of Computer Trends and Technology (IJCTT) – volume 4 Issue 8–August 2013
ISSN: 2231-2803 Page 2869

somewhere in the convex hull of their total pre-selected
icons. A distinct method of graphical passwords is where
the person draws a good picture on a 2D grid. In the
event the drawing touches the same sequence of grid
points like the pre-selected sequence, the user is
authenticated. Identical approach is based on the person
entering their signature utilizing the mouse. A graphical
password scheme of particular interest involving this
project is the Cued Click Point approach [1]. The person
is presented using an image overlaid utilizing a 2D grid.
The user selects one of the many grid locations which
will also serve as a different image by using a grid. The
sequence of selected grid coordinates is the required
password. If a user mistakenly selects a grid location not
in their authentication sequence, these results in an image
would immediately be identified because of not being a
part of their normal image sequence. A sequence of 5
clicks is designed clearly as the password sequence. User
studies seen fromthe CCP method showed users found
the approach easy to operate also keep in mind.
The security and usefulness problems associated with
conventional passwords can be referred to as “the
password problem”. The problem arises because
passwords are expected to make it possible the two main
fundamentally conflicting requirements:1) The password
ought to be very easy to remember, and to discover the
user authentication process ought to be executed
efficiently and lastingly by humans.2) Passwords really
should be secure enough, i.e., they must appear random
and difficult to guess; they must be changed frequently,
and really should differ for various accounts of one's
same user; they should not really be stored in plain text
directly. It has been virtually impossible for users to
satisfy these requirements. Consequently, user’s
ignorance for the requirements gets to poor password
practices. The issue has led to innovations to further
improve passwords. Perhaps one of the innovations is
graphical passwords [9].

Graphical password systemutilizing a supportive sound
signature to extend the remembrance of a given password
is discussed. In proposed work a click-based graphical
password scheme called Cued Click Points (CCP) is
presented. With this system a password comprises
sequence of some images wherein user can select one
click-point per image. Additionally user is requested to
go with a sound signature corresponding to each click
point this sound signature will surely be utilized assist the
user in recalling the click point driving on an image.
System showed excellent Performance in terms of speed,
accuracy, and ease of use. Users preferred CCP to Pass
Points, telling you selecting and remembering just one
point per image was easier and sound signature helps
considerably in recalling the click points [1].

Users generally tend to choose memorable password,
unfortunately it means that the passwords tend to follow
predictable patterns that are easier for attackers to guess.
While the predictability problem can be solved by
disallowing user choice and assigning passwords to users,
this usually leads to usability issues since users cannot
easily remember such random passwords. Among the
existing graphical passwords, CCP closely bears
resemblance to the aspects of Passfaces [6] and Pass
Points [7, 8]. Therefore these graphical password
schemes are presented in more detail. Conceptually, CCP
is a combination of the three; in terms of implementation,
it is most akin to Pass Points. It also eludes the complex
user training prerequisites found in a number of graphical
password proposals, such as that of Weinshall [9].
Passfaces [6] is a graphical password scheme primarily
based on recognizing human faces or hot spots. During
password creation, users select a number of images from
a set of images. To successfully log in, users must
identify one of their pre-selected images fromamongst
several lures. Users must correctly respond to a number
of these challenges put forth before him/her for each
login. Results showed that users could accurately
remember their images but that user-chosen passwords
were predictable to the point of being insecure.

Fig 1: ClickPoint Overview
Davis et al. [5] proposed another scheme as an alternative
that used everyday images other than regular human
faces and required that users select their images in the
correct sequence. Users were encouraged to create a story
in their mind for selected sequence of the images as a
memory aid. It fared somewhat worse than Faces for
remembrance [5], but it was found that user choices were
much less predictable. Click-based graphical passwords:
Graphical password systems are a type of knowledge-
based authentication that attempt to leverage the human
memory for visual information.
A user navigates through images to form a CCP
password. Each click determines the next image. In
PassPoints, passwords consist of a sequence of five click-
points on a given image. Users may select any pixels in
the image as click-points for their password. To log in,
they repeat the sequence of clicks in the correct order,
within a system-defined tolerance square of the original
click-points. Security weaknesses make passwords easier
for attackers to predict.

International Journal of Computer Trends and Technology (IJCTT) – volume 4 Issue 8–August 2013
ISSN: 2231-2803 Page 2870

Cued Click Points (CCP)
CCP was created in its place click based graphical
password scheme where users select one point per image
for five images Figure: The interface displays only one
image at a time; the reputation is substituted with the
following image as soon as a person selects a click point.
The operating system determines the next image to
display according to the user’s click-point on the current
image. The following image exhibited to users is based
upon a deterministic component of the actual point and
that is currently selected. It now offers a one to-one cued
recall scenario where each image triggers the user’s
memory of this very one click-point regarding that
image. Secondly, should a user enters an incorrect click-
point during login, a further image displayed also are
incorrect. Legitimate users who see an unrecognized
image know that they created a mistake with their
previous click-point. Conversely, this implicit feedback is
not really helpful to an attacker who fails to know about
the expected sequence of images[5].

Persuasive Cued Click- Points (PCCP)
To address the subject of hotspots, PCCP was proposed.
Just like CCP, a password is comprised of five
clickpoints, one for each of 5 images. During password
creation, the majority of the image is dimmed aside from
a tiny view port area that is undoubtedly randomly
positioned on the reputation as shown in Figure. Users
must go with a click-point throughout the view port. If
they are unable or unwilling to decide on some extent in
the current view port, some may Shuffle to randomly
reposition the view port. The view port guides users to
select more random passwords that are not as likely to
include hotspots[2].

Existing system drawbacks:
 Immune to replay, dictionary attacks and simple
key logger attacks.
 Doesn’t defense against brute-force and blind
 One-time password for every login.

This project proposes a click-based graphical password
system. During password creation, there is a grid based
variety of images that's randomly positioned on the
reputation. Users must decide on a click-point inside the
view port. If they happen to be unable or unwilling select
some extent in the current view port, they might look to
Shuffle to randomly reposition the view port. The view
port guides users to select more randompasswords that
may less likely to include hotspots. Therefore this
concept works out encouraging users to select more
randomand difficult passwords to guess. Brute force and
dictionary attacks on password-only remote login
services are presently widespread and growing. Enabling
convenient login for legitimate users while preventing
such attacks serves as a difficult problem. Automated
Turing Tests (ATTs) continue to be an effective, easy-to-
deploy strategy to identify automated malicious login
attempts with reasonable cost of inconvenience to

Registration algorithm
registration (user_id)
While sequence_number is less than 4 do
Generate an Image;
Retrieve the image show it to the user;
Draw a virtual grid over the image;
Wait for the user to select the region;
Calculate the parameters , , ,
Store the parameters with sequence_number
image_number and user_id in the database;

In this paper a new Password Guessing Resistant
Protocol (PGRP), derived upon revisiting prior proposals
invented to restrict such attacks. While PGRP limits the
complete range of login attempts from unknown remote
hosts, legitimate users generally (e.g., when attempts are
created fromknown, frequently-used machines) are able
to make several failed login attempts before being
challenged using an ATT.

This proposed system also provides protection against
key logger spy ware. Since, computer mouse is used as
opposed to the keyboard to input our graphical password;
this protects the password fromkey loggers.

The password is then, similar to DAS, encoded as a
sequence of intersections, represented by two-
dimensional coordinate pairs, with penup events,
represented by (0,0) here, inserted into the place where
breaks occur. For example, the password in Figure 19 can
be encoded as: (4,8), (4,7), (4,6), (4,5), (0,0), (4,6), (5,6),
(5,5), (6,6), (0,0), (7,7), (0,0), (7,6), (7,5),(0,0)
We have the definitions similar to DAS, as follows:
- The length of a password is the total number of
coordinate pairs, excluding penups, in the encoding of a
- The stroke-count of a password is the total number of
penups in the encoding of a password;
- The dot-count of a password is the total number of
strokes of length 1;
- Lmax, represents the maximum length, beyond which a
password is considered with zero possibility of being
- Neighbors, N(x, y) of a cell (x,y) are the subset of the set
of cells { (x-1, y-1), (x-1, y), (x-1, y+1), (x, y-1), (x, y+1),
(x+1, y-1), (x+1, y), (x+1, y+1)} whose elements exist in
the grid. The number of neighbors varies from3 to 8,
depending on where the cell (x, y) is.

Algorithm Steps:
Rectangular edge detection algorithm
login (user_id)
set sequence_number:=1;

International Journal of Computer Trends and Technology (IJCTT) – volume 4 Issue 8–August 2013
ISSN: 2231-2803 Page 2871

set login_stat:=1;
While sequence_number is less than 4 do
If login_stat=1 then do
Fetch the parameters from the database with current
sequence_number and user_id;
Retrieve the image from the database with fetched
image_number and show it to the user;
Draw a virtual grid over the image.
Wait for the user to select the region;
Calculate the new parameters
Calculate the difference ;
If the calculated differences are within CT
a. sequence_number:=sequence_number+1;
b. login_status:=1;
a. sequence_number:=sequence_number+1;
b. login_stat:=0;
else do
Generate a random Generator for PwdGen
Retrieve the image show it to the user;
Draw a virtual grid on top of the image;
Wait for the user to select the region;
If login_stat=1 then do
successful login;
login fail;


Existing System Result:

Fig 2: Existing system login form

Proposed Results:

Fig 3: password using icons

Fig 4: password using pictures

International Journal of Computer Trends and Technology (IJCTT) – volume 4 Issue 8–August 2013
ISSN: 2231-2803 Page 2872

Fig 5: password using text

Comparative Result:
Region1 4 2.5 3 0
Region2 4 2 2 0
Region3 4 2.7 4 1
Above graph represents region based password failure
detection rate in existing and proposed approach.


With this paper, we presented and analyzed Proposed
Graphical Password system, a good, highly scalable and
high authentication system, and that is simple sufficient
for users to use and high enough to keep malicious users
away. A systemwith low security level allow users to
login to their systemwith maximum error in the login
attempt hence it makes easy for the user to login but it
also decreases the search space of the attacker per image.
Where a system with high security level allow users to
login to their systemwith near accurate data in login
attempt hence it makes more difficult for the user to login
but also increases the security to maximumlevel. Its
strength is in its simplicity and unique perception of each
individual. This work contributes design and exploration
of a new graphical password authentication systemthat
extends the challenge-response paradigm to withstand
various active and passive attacks.


[1] Biddle, R., Chiasson, S., Van Oorschot, P. C.,
Graphical password authentication using cued click
points, 12th European Symposium on Research in
Computer Security (ESORICS), Dresden Germany,
[2] Birget, J., Brodskiy, A., Memon, N., Waters, J.,
Wiedenbeck, S., Authentication using graphical
passwords: basic results”, ACM International
Conference Proceeding Series, Vol. 93, 2005.
[3] Nelson, D.L., U.S. Reed, and J.R. Walling. Picture
Superiority Effect. J ournal of Experimental
Psychology: Human Learning and Memory 3, 485-
497, 1977
[4] Pawe l HOFMAN1Maciej PIASECKI1 “Efficient
Recognition of Mouse-based Gestures “
[5] Blonder, G.E. “Graphical Passwords”. United States
Patent 5,559,961, 1996.
[6] Chiasson, S., R. Biddle, R., and P.C. van Oorschot.”
A Second Look at the Usability of Click-based
Graphical Passwords”. ACM SOUPS, 2007.
[7] Cranor, L.F., S. Garfinkel. “Security and Usability”.
O’Reilly Media, 2005.
[8] P. C. van Oorschot, A. Salehi-Abari, and J. Thorpe,
“Purely automated attacks on PassPoints-Style
graphical passwords,” IEEE Trans. Info. Forensics
and Security, vol. 5, no. 3, pp. 393– 405, 2010.
[9] B. Fogg, Persuasive Technologies: Using Computers
to Change What We Think and Do. Morgan
Kaufmann Publishers, San Francisco, CA, 2003.