Professional Documents
Culture Documents
BACHELOR OF TECHNOLOGY
IN
INFORMATION TECHNOLOGY
By
K.UDAY KUMAR
09241A12B4
B.RAJASEKHAR
K.SAICHARAN
D.VENKATA REDDY
09241A1297
09241A12A4
09241A12B5
2013
CERTIFICATE
This is to certify that it is a bonafide record of Project work entitled SECURITY ANALYSIS
AND IMPLEMENTATION OF 3-LEVEL SECURITY USING IMAGE BASED
AUTHENTICATION
don
REDDY(09241A12B5)
K.SAICHARAN(09241A1A4)
by
K.UDAY
KUMAR
(09241A12B4),
D.VENKATA
B.RAJASEKHAR(09241A1297)
External Examiner
ACKNOWLEDGEMENT
We wish to express our deep gratitude to our guide V.Padma, Associate professor in the
Department of Information Technology, for all the advice, encouragement and constant support
he has given us throughout our project work. This work would not have been possible without
his support and valuable suggestions.
K.UDAY KUMAR
09241A12B4
B.RAJASEKHAR
K.SAICHARAN
D.VENKATA REDDY
09241A1297
09241A12A4
09241A12B5
ABSTRACT
Increasing security has always been an issue since Internet and Web Development came into
existence, text based passwords is not enough to counter such problems, which is also an
anachronistic approach now. Therefore, this demands the need for something more secure along
with being more user-friendly. Therefore, we have tried to increase the security by involving a 3level security approach, involving text based password at Level 1, Image Based Authentication
at Level 2, and automated generated one-time password (received through an automated email to
the authentic user) at Level 3.And an assiduous effort has been done for thwarting Shoulder
attack, Tempest attack, and Brute-force attack at client side , through the use of unique image set
in the IBA System Authentication plays a crucial role in protecting resources against
unauthorized and illegal use.
Authentication processes may vary from simple password based authentication system to
costly and computation intensified authentication systems. Passwords are more than just a key.
They serve several purposes. They ensure our privacy, keeping our sensitive information secure.
Passwords authenticate us to a machine to prove our identity-a secret key that only we should
know. They also enforce non repudiation, preventing us from later rejecting the validity of
transactions authenticated with our passwords. Our username identifies us and the password
validates us. But passwords have some weaknesses: more than one person can possess its
knowledge at one time. Moreover, there is a constant threat of losing your password to someone
else with venomous intent.
Password thefts can and do happen on a daily basis, so we need to defend them. Now
merely using some random alphabets grouped together with special characters does not assure
safety. We need something esoteric, something different along with being user-friendly as our
password, to make it secure.. This paper is a unique and an esoteric study of using images as
password and implementation of an extremely secured system, employing 3 levels of security(Text Password, Image Password, and One-Time automated generated password). This unique
user-friendly System named as 3 Level Security that can be employed in any organization for
storing crucial and confidential documents, and ensures the security through its three levels
Firstly-through Text Password, Secondly-through Image based Password, and Thirdly-through
One-Time Automated Password.
CONTENTS
S.NO.
CHAPTERS
CHAPTER 1: INTRODUCTION
PAGE NO.
1-3
1.5software used
4-12
CHAPTER 3: MODULES
13-18
3.1 Registration
13
13
13
14
3.5 Security
15
3.6 Authentication
16
CHAPTER 4: JSP
19-22
4.1 Introduction
19
20
4.3 Servlets
21
23-27
5.1 Introduction
23
23
CHAPTER 6: TESTING
24
28-32
29
30
30
30
30
31
31
32
32
32
33-36
37-47
48
REFERENCES
49
LIST OF FIGURES
FIG.NO
FIGURE NAME
P.NO
1.1
Architecture Diagram
2.1
DFD Level-0
2.2
DFD Level 1
2.3
DFD Level-2
2.4
UML Diagrams
2.5
Class Diagram
10
2.6
Sequence Diagram
11
2.7
Collaboration Diagram
12
2.8
Activity Diagram
12
8.1
Home Page
37
8.2
Registration Page1
38
8.3
Registration Page2
39
8.4
Registration Grid1
40
8.5
Registration Grid2
41
8.6
Registration Grid3
42
8.7
Success Page
43
8.8
Login page
44
8.9
45
8.10
46
8.11
47
CHAPTER-1
INTRODUCTION
1.1 Security Analysis and Implementation of 3-Level SecuritySystem Using
Image Based Authentication
Objective
The three level security systems approached on security purpose. 3-Level Security system is
definitely a time consuming approach, as the user has to traverse through the three levels of
security, and will need to refer to his email-id for the one-time automated generated password.
Disadvantages:
Any hacker if in the extreme case, suppose will cross through the above two mentioned
security levels.
Man in middle attacks and dictionary attacks possible
Advantages:
This system use only security purpose, it uses to all security place.
Hackers are not very easily to hack the security, Bcoz there levels are more useful this
concept.
Any hacker if in the extreme case, suppose (although difficult) will cross through the
above two mentioned security levels, will definitely not be able to cross the third security
level, unless he has access to the original users emailid.
The user will be authenticated as an authentic user, and will be awarded access to the
stored information, only after crossing the three security levels (Security level1-Text
password, Security level2-Image Based password, and Security level3- One-Time
Automated password).
: Above 2 GHz
Ram
: 512 MB
Hard Disk
: 80 GB
Platform
: Windows 8
: JAVA, Swing
Database
: MySQL
Architecture Diagram:
User
Text based
authentication
Login to
System
Image Based
authentication
Email
Authentication
CHAPTER-2
LITERATURE SURVEY
While todays data centers are multiplexed across many non-cooperating applications, they
lack effective means to share their network. Relying on TCPs congestion control, as we show
from experiments in production data centers, opens up the network to denial of service attacks
and performance interference. We present Seawall, a network bandwidth allocation scheme that
divides network capacity based on an administrator-specified policy. Seawall computes and
enforces allocations by tunneling traffic through congestion controlled, point to multipoint, edge
to edge tunnels.
process schedulers to VM schedulers would perform just as well. We use theopen source Xen
virtual machine monitor to perform a comparativeevaluation of three different CPU schedulers
for virtual machines.We analyze the impact of the choice of scheduler and its parameterson
application performance, and discuss challenges in estimating theapplication resource
requirements in virtualized environments.
2.5 Diagrams
2.5.1 Dataflow Diagrams
LEVEL 0:
User
Open
applicat
ion
Username
Text
password
Password
Authentication
FIG:2.1 LEVEL 0
LEVEL 1:
Password
Authentication
Click
Correct
Image
Image
authenticati
on
LEVEL 2:
Email pwd
Fetch password
Pwd
open application
username&text pwd
Image authendication
Server
user
email password
user.
request
response
open application()
fetch pwd()
Application
pwd
request
response
open application()
authendication()
user
application
authendication
1.request
2.application request
3.application response
5.pwd authendication
6.Image selection
7.Image authendication
9.pwd authendication
10.success
11.open application
server
1: 1.request
user
applicati
on
9: 9.pwd authendication
2: 2.application request
3: 3.application response
5: 5.pwd authendication
7: 7.Image authendication
8: 8.email pwd to user
10: 10.success
authendic
ation
server
user
open
application
username
& pwd
Image
authendication
email
password
fetch pwd in
application
success
CHAPTER-3
MODULES
The security of the system can be compromised if we do not select proper images for the
image set. Also we have to keep in mind that a user should be able to remember his image
password easily. Another important aspect relating to image set is how these images are arranged
when presented to a user.
We use a random display of images within an image set i.e. within an image set, images are
arranged randomly and their position is no where related to previous image set that was
generated at an earlier point of time, i.e. during the previous signup or login process. By doing
this, the system protects itself from many security attacks (to be discussed later on) especially
from an eavesdropper looking from behind. Keystroke Logging is one of the key attacks
attempted by a hacker in password authentication systems. Is most common when text based
passwords are use to authenticate users. The attacker observes the key strokes of a user and later
can have access to the system.
3.5 Security:
Security is the degree of protection to safeguard a nation, union of nations, persons or
person against danger, damage, loss, and crime. Security as a form of protection is structures and
processes that provide or improve security as a condition. The Institute for Security and Open
Methodologies (ISECOM) in the OSSTMM 3 defines security as "a form of protection where a
separation is created between the assets and the threat". This includes but is not limited to the
elimination of either the asset or the threat. Security as a national condition was defined in a
United Nations study (1986) so that countries can develop and progress safely.
Security has to be compared to related concepts: safety, continuity, reliability. The key
difference between security and reliability is that security must take into account the actions of
people attempting to cause destruction.
3.5.1 Different scenarios also give rise to the context in which security is maintained:
With respect to classified matter, the condition that prevents unauthorized persons from
having access to official information that is safeguarded in the interests of national
security.
Measures taken by a military unit, an activity or installation to protect itself against all
acts designed to, or which may, impair its effectiveness.
Assurance - assurance is the level of guarantee that a security system will behave as
expected
Exploit - a vulnerability that has been triggered by a threat - a risk of 1.0 (100%)
Inciting factors in the convergence of security disciplines include the development of digital
video surveillance technologies (see Professional video over IP) and the digitization and
networking of physical control systems (see SCADA). Greater interdisciplinary cooperation is
further evidenced by the February 2005 creation of the Alliance for Enterprise Security Risk
Management, a joint venture including leading associations in security (ASIS), information
security (ISSA, the Information Systems Security Association), and IT audit (ISACA, the
Information Systems Audit and Control Association).
In 2007 the International Organisation for Standardization (ISO) released ISO 28000 Security Management Systems for the supply chain. Although the title supply chain is included,
this Standard specifies the requirements for a security management system, including those
aspects critical to security assurance for any organisation or enterprise wishing to management
the security of the organisation and its activities. ISO 28000 is the foremost risk based security
system and is suitable for managing both public and private regulatory security, customs and
industry based security schemes and requirements.
3.6 Authentication:
Authentication is the act of confirming the truth of an attribute of a datum or entity. This
might involve confirming the identity of a person or software program, tracing the origins of an
artifact, or ensuring that a product is what its packaging and labeling claims to be.
3.6.1Authentication methods:
In art, antiques, and anthropology, a common problem is verifying that a person has the said
identity, or a given artifact was produced by a certain person or was produced in a certain place
or period of history.
The first type of authentication is accepting proof of identity given by a credible person who
has evidence on the said identity, or on the originator and the object under assessment as the
originator's artifact respectively.
The second type of authentication is comparing the attributes of the object itself to what is
known about objects of that origin. For example, an art expert might look for similarities in the
style of painting, check the location and form of a signature, or compare the object to an old
photograph. An archaeologist might use carbon dating to verify the age of an artifact, do a
chemical analysis of the materials used, or compare the style of construction or decoration to
other artifacts of similar origin. The physics of sound and light, and comparison with a known
physical environment, can be used to examine the authenticity of audio recordings, photographs,
or videos.
Attribute comparison may be vulnerable to forgery. In general, it relies on the facts that
creating a forgery indistinguishable from a genuine artifact requires expert knowledge, that
mistakes are easily made, and that the amount of effort required to do so is considerably greater
than the amount of profit that can be gained from the forgery.
In art and antiques, certificates are of great importance for authenticating an object of
interest and value. Certificates can, however, also be forged, and the authentication of these
poses a problem. For instance, the son of Han van Meegeren, the well-known art-forger, forged
the work of his father and provided a certificate for its provenance as well; see the article Jacques
van Meegeren. Criminal and civil penalties for fraud, forgery, and counterfeiting can reduce the
incentive for falsification, depending on the risk of getting caught.
The third type of authentication relies on documentation or other external affirmations. For
example, the rules of evidence in criminal courts often require establishing the chain of custody
of evidence presented. This can be accomplished through a written evidence log, or by testimony
from the police detectives and forensics staff that handled it. Some antiques are accompanied by
certificates attesting to their authenticity. External records have their own problems of forgery
and perjury, and are also vulnerable to being separated from the artifact and lost.
Currency and other financial instruments commonly use the first type of authentication
method. Bills, coins, and cheques incorporate hard-to-duplicate physical features, such as fine
printing or engraving, distinctive feel, watermarks, and holographic imagery, which are easy for
receivers to verify.
Consumer goods such as pharmaceuticals, perfume, fashion clothing can use either type of
authentication method to prevent counterfeit goods from taking advantage of a popular brand's
reputation (damaging the brand owner's sales and reputation). A trademark is a legally protected
marking or other identifying feature which aids consumers in the identification of genuine brandname goods.
CHAPTER-4
JSP
4.1 Introduction
Java Server Pages (JSP) is a Java technology that allows software developers to dynamically
generate HTML, XML or other types of documents in response to a Web client request. The
technology allows Java code and certain pre-defined actions to be embedded into static content.
The JSP syntax adds additional XML-like tags, called JSP actions, to be used to invoke
built-in functionality. Additionally, the technology allows for the creation of JSP tag libraries
that act as extensions to the standard HTML or XML tags. Tag libraries provide a platform
independent way of extending the capabilities of a Web server.
JSPs are compiled into Java Servlets by a JSP compiler. A JSP compiler may generate a
servlet in Java code that is then compiled by the Java compiler, or it may generate byte code for
the servlet directly. JSPs can also be interpreted on-the-fly reducing the time taken to reload
changes
Java Server Pages (JSP) technology provides a simplified, fast way to create dynamic web
content. JSP technology enables rapid development of web-based applications that are serverand platform-independent.
Active Server Pages (ASP). ASP is a similar technology from Microsoft. The advantages
of JSP are twofold. First, the dynamic part is written in Java, not Visual Basic or other
MS-specific language, so it is more powerful and easier to use. Second, it is portable to
other operating systems and non-Microsoft Web servers.
Pure Servlets. JSP doesn't give you anything that you couldn't in principle do with a
servlet. But it is more convenient to write (and to modify!) regular HTML than to have a
zillion println statements that generate the HTML. Plus, by separating the look from the
content you can put different people on different tasks: your Web page design experts can
build the HTML, leaving places for your servlet programmers to insert the dynamic
content.
JavaScript. JavaScript can generate HTML dynamically on the client. This is a useful
capability, but only handles situations where the dynamic information is based on the
client's environment. With the exception of cookies, HTTP and form submission data is
not available to JavaScript. And, since it runs on the client, JavaScript can't access serverside resources like databases, catalogs, pricing information, and the like.
Static HTML. Regular HTML, of course, cannot contain dynamic information. JSP is so
easy and convenient that it is quite feasible to augment HTML pages that only benefit
marginally by the insertion of small amounts of dynamic data. Previously, the cost of
using dynamic data would preclude its use in all but the most valuable instances.
4.3 Servlets
Java Servlet technology provides Web developers with a simple, consistent mechanism for
extending the functionality of a Web server and for accessing existing business systems. Servlets
are server-side Java EE components that generate responses (typically HTML pages) to requests
(typically HTTP requests) from clients. A servlet can almost be thought of as an applet that runs
on the server sidewithout a face.
// Hello.java
importjava.io.*;
importjavax.servlet.*;
publicclass Hello extends GenericServlet {
publicvoid service(ServletRequest request, ServletResponse response)
throws ServletException, IOException{
response.setContentType("text/html");
finalPrintWriter pw = response.getWriter();
pw.println("Hello, world!");
pw.close();
}
}
The import statements direct the Java compiler to include all of the public classes and interfaces
from the java.io and javax.servlet packages in the compilation.
The Hello class extends the GenericServlet class; the GenericServlet class provides the
interface for the server to forward requests to the servlet and control the servlet's lifecycle.
CHAPTER-5
JAVA BEANS
5.1 Introduction
JavaBeans are reusable software components for Java that can be manipulated visually in a
builder tool. Practically, they are classes written in the Java programming language conforming
to a particular convention. They are used to encapsulate many objects into a single object (the
bean), so that they can be passed around as a single bean object instead of as multiple individual
objects. A JavaBean is a Java Object that isserializable, has a nullary constructor, and allows
access to properties using getter and setter methods.
The class must have a public default constructor. This allows easy instantiation within editing
and activation frameworks.
The class properties must be accessible using get, set, and other methods (so-called accessor
methods and mutator methods), following a standard naming convention. This allows easy
automated inspection and updating of bean state within frameworks, many of which include
custom editors for various types of properties.
The class should be serializable. This allows applications and frameworks to reliably save,
store, and restore the bean's state in a fashion that is independent of the VM and platform.
Because these requirements are largely expressed as conventions rather than by
implementing interfaces, some developers view JavaBeans as Plain Old Java Objects that follow
specific naming conventions.
Passwords are now everywhere. The main form of passwords is based on characters you can
type on your keyboard, normally called textual passwords. One major security problem with
textual passwords is its vulnerability to dictionary attack, namely, brute-force attack based on a
dictionary which is much smaller than the whole password space. In this project, you will
develop an interactive program to visualize the security of a textual password w.r.t. one or more
given dictionaries, and to help the user to select a more secure textual password while he/she is
typing the password.
The second part of the system is called a proactive password checker (PPC). All existing
PPCs we can find on the Internet have very limited visualization effect, and cannot clearly show
the reason why a password is weak or strong, and give no clue how the user should react. The
goal of the project is to have the first fully visualized PPC.
million entries cracked 11% of control passwords. The user generated mnemonic passwords
were also slightly more resistant to brute force attacks than control passwords. These results
suggest that mnemonic passwords may be appropriate for some uses today. However, mnemonic
passwords could become ore vulnerable in the future and should not be treated as a panacea.
The underlying rationale is that image recall is an easy and natural way for users to
authenticate, removing a serious barrier to compliance with organizational policy. Features of
Picture Password include style dependent image selection, password reuse, and embedded
salting, which overcome a number of problems with knowledge-based authentication for
handheld devices. Though designed specifically for handheld devices, Picture Password is also
suitable for notebooks, workstations, and other computational devices.
Here a graphical password system with a supportive sound signature to increase the
remembrance of the password is discussed.
The original and reference implementation Java compilers, virtual machines, and class
libraries were developed by Sun from 1995. As of May 2007, in compliance with the
specifications of the Java Community Process, Sun relicensed most of their Java technologies
under the GNU General Public License. Others have also developed alternative implementations
of these Sun technologies, such as the GNU Compiler for Java and GNU Classpath
Additional JAR files containing dependent classes or other components required by the
application;
CHAPTER-6
TESTING
The various levels of testing are:
1. White Box Testing
2. Black Box Testing
3. Unit Testing
4. Functional Testing
5. Performance Testing
6. Integration Testing
7. Objective
8. Integration Testing
9. Validation Testing
10. System Testing
11. Structure Testing
12. Output Testing
13. User Acceptance Testing
Unit Testing
Unit testing, also known as Module Testing, focuses verification efforts on the
module. The module is tested separately and this is carried out at the programming stage
itself.
Unit test focuses on the smallest unit of software design- the software component
or module.
Using component level design, important control paths are tested to uncover
Unit test is white box oriented and the step can be conducted in parallel for
multiple components.
6.1.2 Objective:
The objective is to take unit-tested modules and build a program structure that has been
dictated by design.
Performance Testing:
Performance testing determines the amount of execution time spent in various parts of the
unit, program throughput, and response time and device utilization of the program unit. It
occurs throughout all steps in the testing process.
Integration Testing:
It is a systematic technique for constructing the program structure while at the same time
conducting tests to uncover errors associated with in the interface.
It takes the unit tested modules and builds a program structure.
All the modules are combined and tested as a whole.
Integration of all the components to form the entire system and a overall testing is
executed.
Validation test succeeds when the software functions in a manner that can be reasonably
expected by the client.
Software validation is achieved through a series of black box testing which confirms to
the requirements.
Black box testing is conducted at the software interface.
The test is designed to uncover interface errors, is also used to demonstrate that software
functions are operational, input is properly accepted, output are produced and that the
integrity of external information is maintained.
6.3 System Testing:
Tests to find the discrepancies between the system and its original objective, current
specifications and system documentation.
Feasibility study is the test of a system proposal according to its workability, impact on the
organization, ability to meet user needs, and effective use of recourses. It focuses on the
evaluation of existing system and procedures analysis of alternative candidate system cost
estimates. Feasibility analysis was done to determine whether the system would be feasible.
Technical feasibility on the existing system and to what extend it can support the proposed
addition.We can add new modules easily without affecting the Core Program. Most of parts are
running in the server using the concept of stored procedures.
CHAPTER-7
SOURCE CODE
//Employee login
import java.io.*;
import java.sql.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class emplogin extends HttpServlet {
String eid="";
String password="";
String email="";
String Limageset="";
Connection con=null;
Statement st=null;
ResultSet rs=null;
RequestDispatcher rd=null;
HttpSession sn=null;
PrintWriter out=null;
public void doPost(HttpServletRequest req, HttpServletResponse res) throws
IOException,ServletException {
eid = req.getParameter("eid");
password = req.getParameter("password");
Limageset=req.getParameter("Limageset");
email=req.getParameter("email");
res.setContentType("text/html");
out = res.getWriter();
HttpSession sn = req.getSession(true);
sn.setAttribute("eid",eid);
sn.setAttribute("password",password);
RequestDispatcher rd;
try {
Class.forName("com.mysql.jdbc.Driver");
con =
DriverManager.getConnection("jdbc:mysql://localhost:3306/captcha","root","password");
st = con.createStatement();
rs = st.executeQuery("select * from profile where username='"+eid+"' &&
password='"+password+"'");
if(rs.next())
{
email=rs.getString(11);
sn.setAttribute("email",email);
System.out.println(email);
if(Limageset.equals("set1"))
{
String destination ="/Multilevelsecurity/Loginset1.jsp";
res.sendRedirect(res.encodeRedirectURL(destination));
//rd=req.getRequestDispatcher("passGen");
}
else if(Limageset.equals("set2"))
{
String destination ="/Multilevelsecurity/Loginset4.jsp";
res.sendRedirect(res.encodeRedirectURL(destination));
}
//rd =
getServletConfig().getServletContext().getRequestDispatcher("/run.html");
// reqDispatcher.forward(req,res);
}
else {
String destination ="/Multilevelsecurity/failure.jsp";
res.sendRedirect(res.encodeRedirectURL(destination));
// out.println("welcome");
}
// rd.forward(req,res);
} catch(Exception e2) {
//System.out.println("Exception : "+e2.toString());
out.println(e2);
}
}
}
System.out.println(telephone+zipcode+state+city+address2+address1+lastname+firstname+pass
word+username);
RequestDispatcher rd;
try {
Class.forName("com.mysql.jdbc.Driver");
con =
DriverManager.getConnection("jdbc:mysql://localhost:3306/captcha","root","password");
st = con.createStatement();
// int add=st.executeUpdate("insert into
profile(username,password,firstname,lastname,address1,address2,city,state,zipcode,telephone)
values('"+username+"','"+password+"','"+firstname+"','"+lastname+"','"+address1+"','"+address2
+"','"+city+"','"+state+"','"+zipcode+"','"+telephone+"')");
//int i=st.executeUpdate("update log set username='"+username+"'");
// rd=req.getRequestDispatcher("adminlogin.jsp");
// rd.forward(req,res);
con.close();
if(imageset.equals("set1"))
{
String destination ="/Multilevelsecurity/set1.jsp";
res.sendRedirect(res.encodeRedirectURL(destination));
}
else if(imageset.equals("set2"))
{
String destination ="/Multilevelsecurity/set4.jsp";
res.sendRedirect(res.encodeRedirectURL(destination));
}
} catch(Exception e2) {
rd=req.getRequestDispatcher("failure.jsp");
}
}
}
//User login
import java.io.*;
import java.sql.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class userlogin extends HttpServlet {
String username="";
String email="";
String eid="";
Connection con=null;
Statement st=null;
ResultSet rs=null;
RequestDispatcher rd=null;
public void doPost(HttpServletRequest req, HttpServletResponse res) throws
IOException,ServletException {
username = req.getParameter("username");
email=req.getParameter("email");
System.out.println(email);
HttpSession sn = req.getSession(true);
sn.setAttribute("eid",username);
RequestDispatcher rd;
try {
Class.forName("com.mysql.jdbc.Driver");
con =
DriverManager.getConnection("jdbc:mysql://localhost:3306/captcha","root","password");
st = con.createStatement();
rs = st.executeQuery("select email from profile where username");
if(rs.next()) {
email=rs.getString(11);
rd=req.getRequestDispatcher("mailAPI.jsp");
//
sn.setAttribute("dpm",department);
} else {
rd=req.getRequestDispatcher("failure.jsp");
}
rd.forward(req,res);
}
catch(Exception e2)
{
System.out.println("Exception : "+e2.toString());
}
}
}
CHAPTER-8
RESULTS AND ANALYSIS
Home page:
FIG:8.1Home Page
This is a home page of the application which links to registration and login page.
Registration form:
Registration page
Registration Grid 1
FIG:8.4 Registration-Grid1
This is a image password registration page at level-2 and grid-1 stage. User need to select an
image as a password.
Registration Grid 2
This is a image password registration page at level-2 and grid-2 stage. User need to select an
image as a password.
Registration-Grid 3
Success page:
FIG:8.7.Success Page
Successful completion of registration links to this page
Login page:
CHAPTER-9
CONCLUSION AND FUTURE WORK
The three level security approach applied on the above system, makes it highly secure along
with being more user friendly. This system will definitely help thwarting Shoulder attack,
Tempest attack and brute-force attack at the client side.3-Level Security system is definitely a
time consuming approach, as the user has to traverse through the three levels of security, and will
need to refer to his email-id for the one-time automated generated password. Therefore, this
system cannot be a suitable solution for general security purposes, where time complexity will be
an issue. But will definitely be a boon in areas where high security is the main issue, and time
complexity is secondary, as an example we can take the case of a firm where this system will be
accessible only to some higher designation holding people, who need to store and maintain their
crucial and confidential data secure. In
our system customizable.
REFERENCES
[1] Nitin, Durg Singh Chauhan, Sohit Ahuja, Pallavi Singh, Ankit Mahanot,Vineet
Punjabi, Shivam Vinay, Manisha Rana, Utkarsh Shrivastava and Nakul Sharma, Security
Analysis and Implementation of JUIT-IBA System using Kerberos Protocol, Proceedings
of the 7th IEEE International Conference on Computer and Information Science, Oregon,
USA, pp. 575-580, 2008
[2] Nitin, Durg Singh Chauhan and Vivek Kumar Sehgal, On a Software Architecture of
JUIT-Image Based Authentication System, Advances in Electrical and Electronics
Engineering, IAENG Transactions on Electrical and Electronics Engineering Volume ISpecial Edition of the World Congress on Engineering and Computer Science, IEEE
Computer Society Press, ISBN: 978-0-7695-3555-5, pp. 35-46, 2009.
[3] http://en.wikipedia.org/wiki/Hue
[4] http://en.wikipedia.org/wiki/Color_vision
[5] http://en.wikipedia.org/wiki/Indigo
[6] http://www.ancientegyptonline.co.uk/hieroglyphs.html