ILLUSION PIN BASED TRANSACTIONS

ABSTRACT

A Personal Identification Number (PIN) is a sequence of digits that confirms the

identity of a person when it is successfully presented. The maturity of PIN authentication is a

result of its continuous usage for years in a wide range of everyday life applications, like

mobile phones and banking systems. PIN authentication is susceptible to brute force or even

guessing attacks. IPIN uses the technique of hybrid images to blend two keypads with

different digit orderings in such a way, that the user who is close to the device is seeing one

keypad to enter her PIN, while the attacker who is looking at the device from a bigger

distance is seeing only the other keypad. To overcome shoulder-surfing attacks on

authentication schemes by proposing Illusion PIN (IPIN), a PIN-based authentication method

that operates on touch screen devices. The user’s keypad is shuffled in every authentication

attempt since the attacker may memorize the spatial arrangement of the pressed digits. The

visibility algorithm forms the core of our work and we would like to examine whether it can

be used to assess the visibility of images other than hybrid keypads. Visibility algorithm

could be used to assess the visibility of general images, but its parameters have to be

appropriately tuned for the particular task at hand.

 INTRODUCTION

Image processing is a method to convert an image into digital form and perform some
operations on it, in order to get an enhanced image or to extract some useful information from
it. It is a type of signal dispensation in which input is image, like video frame or photograph
and output may be image or characteristics associated with that image. Usually Image
Processing system includes treating images as two dimensional signals while applying
already set signal processing methods to them. It is among rapidly growing technologies
today, with its applications in various aspects of a business. Image Processing forms core
research area within engineering and computer science disciplines too.

Image processing basically includes the following three steps.

 Importing the image with optical scanner or by digital photography.

 Analyzing and manipulating the image which includes data compression and image
enhancement and spotting patterns that are not to human eyes like satellite photographs.
 Output is the last stage in which result can be altered image or report that is based on
image analysis.
Purpose of Image processing
The purpose of image processing is divided into 5 groups. They are:
 Visualization - Observe the objects that are not visible.
 Image sharpening and restoration - To create a better image.
 Image retrieval - Seek for the image of interest.
 Measurement of pattern – Measures various objects in an image.
 Image Recognition – Distinguish the objects in an image.
Types

The two types of methods used for Image Processing are Analog and Digital Image
Processing. Analog or visual techniques of image processing can be used for the hard copies
like printouts and photographs. Image analysts use various fundamentals of interpretation
while using these visual techniques. The image processing is not just confined to area that has
to be studied but on knowledge of analyst. Association is another important tool in image
processing through visual techniques. So analysts apply a combination of personal knowledge
and collateral data to image processing.
Digital Processing techniques help in manipulation of the digital images by using
computers. As raw data from imaging sensors from satellite platform contains deficiencies.
To get over such flaws and to get originality of information, it has to undergo various phases
of processing. The three general phases that all types of data have to undergo while using
digital technique are Pre- processing, enhancement and display, information extraction.
Objective
Authentication based on passwords is used largely in applications for computer security and
privacy. However, human actions such as choosing bad passwords and inputting passwords in
an insecure way are regarded as ”the weakest link” in the authentication chain. Rather than
arbitrary alphanumeric strings, users tend to choose passwords either short or meaningful for
easy memorization. With web applications and mobile apps piling up, people can access
these applications anytime and anywhere with various devices. This evolution brings great
convenience but also increases the probability of exposing passwords to shoulder surfing
attacks. Attackers can observe directly or use external recording devices to collect users’
credentials
Scope of the project
Authentication schemes which are not resilient to observation are vulnerable to
shoulder-surfing. Any kind of visual information may be observed, including the blink of a
button when it is pressed, or even the oily residue that the fingers leave on a touch screen.
Shoulder-surfing is a big threat for PIN authentication in particular, because it is relatively
easy for an observer to follow the PIN authentication process. PINs are short and require just
a small numeric keypad instead of the usual alphanumeric keyboard. In addition, PIN
authentication is often performed in crowded places, e.g., when someone is unlocking her
mobile phone on the street or in the subway. Shoulder-surfing is facilitated in such scenarios
since it is easier for an attacker to stand close to the user while escaping her attention. We
designed Illusion PIN (IPIN) for touch screen devices. The virtual keypad of IPIN is
composed of two keypads with different digit orderings, blended in a single hybrid image.
The user who is close to the screen is able to see and use one keypad, but a potential attacker
who is looking at the screen from a bigger distance, is able to see only the other keypad.
METHODOLOGY
In an information system, input is the raw data that is processed to produce
output. During the input design, the developers must consider the input devices such as
PC, MICR, OMR, etc.
Therefore, the quality of system input determines the quality of system output.
Well designed input forms and screens have following properties
 It should serve specific purpose effectively such as storing, recording, and
retrieving the information.
 It ensures proper completion with accuracy.
 It should be easy to fill and straightforward.
 It should focus on user’s attention, consistency, and simplicity.
 All these objectives are obtained using the knowledge of basic design principles
regarding −
o What are the inputs needed for the system?
o How end users respond to different elements of forms and screens.

Overview of the project

The proposed a novel authentication system PassMatrix, based on graphical
passwords to resist shoulder surfing attacks. With a one-time valid login indicator and
circulative horizontal and vertical bars covering the entire scope of pass-images, PassMatrix
offers no hint for attackers to figure out or narrow down the password even they conduct
multiple camera-based attacks. We also implemented a PassMatrix prototype on Android and
carried out real user experiments to evaluate its memorability and usability. From the
experimental result, the proposed system achieves better resistance to shoulder surfing attacks
while maintaining usability. Authentication based on passwords is used largely in
applications for computer security and privacy.
Overview of the report
The overview of the report human actions such as choosing bad passwords and
inputting passwords in an insecure way are regarded as ”the weakest link” in the
authentication chain. Rather than arbitrary alphanumeric strings, users tend to choose
passwords either short or meaningful for easy memorization. With web applications and
mobile apps piling up, people can access these applications anytime and anywhere with
various devices. This evolution brings great convenience but also increases the probability of
exposing passwords to shoulder surfing attacks. Attackers can observe directly or use
external recording devices to collect users’ credentials. To overcome this problem, we
proposed a novel authentication system PassMatrix, based on graphical passwords to resist
shoulder surfing attacks. With a one-time valid login indicator and circulative horizontal and
vertical bars covering the entire scope of pass-images, PassMatrix offers no hint for attackers
to figure out or narrow down the password even they conduct multiple camera-based attacks.
We also implemented a PassMatrix prototype on Android and carried out real user
experiments to evaluate its memorability and usability. From the experimental result, the
proposed system achieves better resistance to shoulder surfing attacks while maintaining
usability.
 Existing System

A Personal Identification Number (PIN) is a sequence of digits that confirms

the identity of a person when it is successfully presented. The maturity of PIN
authentication is a result of its continuous usage for years in a wide range of everyday
life applications, like mobile phones and banking systems.

Disadvantages:

• Authentication schemes which are not resilient to observation are vulnerable to shoulder-
surfing.

• Shoulder-surfing is a big threat for PIN authentication.

• Easy for an attacker to follow the PIN authentication process.

Proposed System
In proposed, Illusion PIN method is extended for both pins and alphabets. The
virtual keypad of IPIN is composed of two keypads with different digit orderings,
blended in a single hybrid image. Keypad shows in different values for user and
attacker based on visibility algorithm that consider distance as main factor for keypad

changing. We developed an algorithm to estimate whether or not the user’s keypad is

visible to an observer at a given viewing position.

Advantages:

• Resistant against shoulder surfing attacks.

• Provide high security to user login pattern.

• Visibility algorithm is to give better visual representation during keypad

authentication.
 • Keypad get shuffle after every authentication.

SOFTWARE SPECIFICATION:

• Front End : ASP. Net

• Back End : MSSQL Server

• Server : MSSQL Server

• Operating System : Windows OS

• System type : 32-bit or 64-bit Operating System

• IDE : Microsoft Visual Studio 2010

• DLL : Depends upon the title

HARDWARE REQUIREMENTS

• Processor : Intel processor 3.0 GHz

• RAM : 2GB

• Hard disk : 500 GB

• Compact Disk : 650 MB

• Keyboard : Standard keyboard

• Mouse : Logitech mouse

• Monitor : 15 inch color monitor

Modules
Admin

 Admin Login
 View User Transaction
 Logout

User

 Account Creation
 Illusion PIN Generation
 Deposit Amount
 Withdrawal Amount
 Logout