Report Purely Automated Graphical Paswd

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD
1.
INTRODUCTION
User authentication is a fundamental component in most computer security contexts. It provides the basis for access control and user accountability. While there are various types of user authentication systems, alphanumerical username/passwords are the most common type of user authentication. They are versatile and easy to implement and use. Alphanumerical passwords are required to satisfy two contradictory requirements. They have to be easily remembered by a user, while they have to be hard to guess by impostor . Users are known to choose easily guessable and/or short text passwords, which are an easy target of dictionary and brute-forced attacks. Enforcing a strong password policy sometimes leads to an opposite effect, as a user may resort to write his or her difficult-to-remember passwords on sticky notes exposing them to direct theft. In the literature, several techniques have been proposed to reduce the limitations of alphanumerical password. One proposed solution is to use an easy to remember long phrases (passphrase) rather than a single word. Another proposed solution is to use graphical passwords, in which graphics (images) are used instead of alphanumerical passwords. This can be achieved by asking the user to select regions from an image rather than typing characters as in alphanumeric password approaches. In this extended abstract, we propose a graphical password authentication system. The system combines graphical and text-based passwords trying to achieve the best of both worlds. The proposed system is described Graphical Passwords: Graphical passwords refer to using pictures (also drawings) as passwords. In theory, graphical passwords are easier to remember, since humans remember pictures better than words. Also, they should be more resistant to brute-force attacks, since the search space is practically infinite. In general, graphical passwords techniques are classified into two main categories: recognition-based and recall based graphical techniques . In recognition-based techniques, a user is authenticated by challenging him/her to identify one or more images he or she chooses during the registration stage. In recallbased techniques, a user is asked to reproduce something that he or she created or
JCET, LAKKIDI
selected earlier during the registration stage. Passfaces is a recognition-based technique, where a user is authenticated by challenging him/her into recognizing human faces . In this approach, a user create a password by clicking on several locations on an image. During authentication, the user must click on those locations. PassPoints builds on Blonders idea, and overcomes some of the limitations of his scheme. Several other approaches have been surveyed. Various graphical password schemes have been proposed as alternatives to text-based passwords. Research and experience have shown that text-based pass-words are fraught with both usability and security problems that make them less than desirable solutions. Psychology studies have revealed that the human brain is better at recognizing and recalling images than text graphical pass-words are intended to capitalize on this human characteristic in hopes that by reducing the memory burden on users, coupled with a larger full password space offered by images, more secure passwords can be produced and users will not resort to unsafe practices in order to cope speakers of any language. It propose and examine the usability and security of CuedClick Points (CCP), a cuedrecall graphical password technique. Users click on one point per image for a sequence of images. The next image is based on the previous click-point. We present the results of an initial user study which revealed positive results. Performance was very good in terms of speed, accuracy, and number of errors. Users preferred CCP to PassPoints , saying that selecting and remembering only one point per image was easier, and that seeing each image triggered their memory of where the corresponding point was located. t also suggest that CCP provides greater security than PassPoints because the number of images increases the workload for attackers. or a sequence of images. The next image displayed is based on the previous click-point so users receive immediate implicit feedback as to whether they are on the correct path when logging in. CCP offers both improved usability and security. We conducted an in-lab user study with 24 participants and a total of 257 trials. Users had high success rates, could quickly create and re-enter their passwords, and were very accurate when entering their clickpoints. Participants rated the system positively and indicated that they preferred CCP to a PassPoints-style system. They also said that they appreciated the immediate
JCET, LAKKIDI
implicit feedback telling them whether their latest click-point was correctly entered. A preliminary security analysis of this new scheme is also presented. Hotspots (i.e., areas of the image that users are more likely to select) are a concern in click-based passwords, so CCP uses a large set of images that will be difficult for attackers to obtain. For our proposed system, hotspot analysis requires proportionally more effort by attackers, as each image must be collected and analyzed individually. CCP appears to allow greater security than PassPoints , the workload for attackers of CCP can be arbitrarily increased by augmenting the number of images in the system. As with most graphical passwords, CCP is not intended for environments where shoulder-surfing is a serious threat. Graphical Password Strategy: Cued Click Points (CCP) is a proposed alternative to PassPoints. In CCP, users click one point on each of c = 5 images rather than on five points on one image. It offers cued-recall and introduces visual cues that instantly alert valid users if they have made a mistake when entering their latest click-point (at which point they can cancel their attempt and retry from the beginning). It also makes attacks based on hotspot analysis more challenging, as we discuss later. As shown in Figure 1, each click results in showing a next-image, in effect leading users down a path as they click on their sequence of points. A wrong click leads down an incorrect path, with an explicit indication of authentication failure only after the final click. Users can choose their images only to the extent that their click-point indicates the next image. If they dislike the resulting images, they could create a new password involving different click-points to get different images. A trial consisted of the following steps. (i) Create phase: Create a password by clicking on one point in each of five systemselected images presented in sequence. (ii) Confirm phase: Confirm this password by re-entering it correctly. Users in correctly confirming their password could retry the confirmation or return Step1:A new password started with the same initial image, but generally included different images thereafter, depending on the click-points. Two questions: Answer two 10-point Likert scale questions on the computer about their current passwords ease
JCET, LAKKIDI
to
of creation and predicted memorability. Likert scale questions ask respondents to indicate their level of agreement strongly agree to strongly disagree. (iii) Login phase: Log in with their current password. If users noticed an error during login, they could cancel their login attempt and try again. Alternatively, if they did not know their password, they could create a new password, effectively returning to Step1: of the trial with the same initial image as a starting point. If users felt too frustrated with the particular images to try again, they could skip this trial and move on to the next trial. with the given statement on a scale ranging from
2.
LITERATURE SURVEY
Access to computer systems is most often based on the use of alphanumeric passwords. However, users have difficulty remembering a password that is long and
JCET, LAKKIDI
random-appearing. Instead, they create short, simple, and insecure passwords. Graphical passwords have been designed to try to make passwords more memorable and easier for people to use and, therefore, more secure. Using a graphical password, users click on images rather than type alphanumeric characters. We have designed a new and more secure graphical password system, called PassPoints. In this paper we describe the PassPoints system, its security characteristics, and the empirical study we carried out comparing PassPoints to alphanumeric passwords. In the empirical study participants learned either an alphanumeric or graphical password and subsequently carried out three longitudinal trials to input their passwords over a period of five weeks. The results show that the graphical group took longer and made more errors in learning the password, but that the difference was largely a consequence of just a few graphical participants who had difficulty learning to use graphical passwords. In the longitudinal trials the two groups performed similarly on memory of their password, but the graphical group took more time to input a password. Backgrounds on passwords: Identification and authentication can be considered as the basic method for providing system security. These two methods commonly assure access control at the first boundary of the system. Before accessing resources of the system user needs to provide his identifier by giving some secret information or something that only he own or only he has as the part of his personality. One of the instances of secret information is a password. It is commonly used technology for authentication in different kinds of computer systems. Typically passwords are (i) It should be easy to remember, and the user authentication protocol should be executable quickly and easily by humans. (ii) Passwords should be secure, that is they should look random and should be hard to guess; they should be changed frequently, and should be different on different accounts of the same user; they should not be written down or stored in plain text Mainly two types of passwords are used- text password(alphanumeric passwords) and graphical password. Text password is presented as a sequence of digits and letters; however graphical password is concerned with images. Alpha numeric passwords:
JCET, LAKKIDI
Alpha-numeric passwords were first introduced in the 1960s as a solution to security issues that became evident as the first multi-user operating systems were being developed. As the name indicates, an alpha-numeric password is simply a string of letters and digits. Although almost any string can serve as a password, these passwords only offer good security as long as they are complicated enough so that they cannot be deduced or guessed. Usually guidelines for text passwords are: (i) Length of the password should be at least 8 characters. (ii) Password should not consist of any relative information to user otherwise it would be easy to guess such password. (iii) Moreover it is a good practice not to use popular combinations or words (such as: 123456789, QAZwsx11, password) because in this case it becomes possible to use dictionary attack on it. (iv) Better to combine upper and lower case in the password. So it will be critical to create strong and random password not related to the user and using combinations of alphabetic, numeric and other symbols in it. However in this case user can face with the problem of too complicated password which can be hard to remember Also usage of such strong passwords can lead to the different side effects. In order to decrease the amount of passwords to remember user can begin to use one everywhere, what may increase the possibility of stealing or cracking it. If policy of the system force user to change passwords periodically he can simplify this changes by substituting one letter or use few passwords in a loop. The main thing to remember is that users almost always go by way of the least resistance and it does not matter how strict the policy is. As we can see using the text password means to find a balance between easytoremember and easytobreak passwords from one side and strong but hard to remember from the other side. The major drawback of alpha-numeric password is the dictionary attack. Because of the difficulty in remembering random strings of characters, most users tend to choose a common word, or a name. Unfortunately, there are several tools that allow an individual to crack passwords by automatically testing all the words that occur in
JCET, LAKKIDI
dictionaries or public directories. This attack will usually not uncover the password of a predetermined user; but studies have shown that this attack is usually successful in finding valid passwords of some users of given system. For example Regular word: Michael Alphanumeric password:**M1ch@3L Graphical passwords: Graphical passwords can be used like alternative to the text ones. This technology is free from text password limitations. It is based on the humans peculiarity to remember visual images better than the text ones. Graphical passwords were originally described by Blonder (1996). In his description of the concept an image would appear on the screen, and the user would click on a few chosen regions of it. If the correct regions were clicked in, the user would be authenticated. Memory of passwords and efficiency of their input are two key human factors criteria. Memorability has two aspects: how the user chooses and encodes the password and what task the user does when later retrieving the password. In a graphical password system, a user needs to choose memorable locations in an image. Choosing memorable locations depends on the nature of the image itself and the specific sequence of click locations. To support memorability, images should have semantically meaningful content because meaning for arbitrary things is poor. This suggests that jumbled or abstract images will be less memorable than concrete, real-world scenes. A graphical password is an authentication system that works by having the user select from images, in a specific order, presented in a graphical user interface (GUI). For this reason, the graphicalpassword approach is sometimes called graphical user authentication (GUA).A graphical password is easier than a text-based password for most people to remember. Suppose an 8-character password is necessary to gain entry into a particular computer network. Instead of w8KiJ72c,for example, a user might select images of the earth (from among a screen full of real and fictitious planets), the country of France (from a map of the world), the city of Nice (from a map of France), a white stucco house with arched doorways and red tiles on the roof, a green plastic cooler with a white lid, a package of Gouda cheese, a bottle of grape juice, and a pink paper cup with little green
JCET, LAKKIDI
stars around its upper edge and three red bands around the middle.
Fig.1.Graphical password Graphical passwords may offer better security than text-based passwords because many people, in an attempt to memorize text-based passwords, use plain words (rather than the recommended jumble of characters). A dictionary search can often hit on a password and allow a hacker to gain entry into a system in seconds. But if a series of selectable images is used on successive screen pages, and if there are many images on each page, a hacker must try every possible combination at random. If there are 100 images on each of the 8 pages in an 8-image password, there are 1008, or 10 quadrillion (10,000,000,000,000,000), possible combinations that could form the graphical password! If the system has a built-in delay of only 0.1 second following the selection of each image until the presentation of the next page, it would take (on average) millions of years to break into the system by hitting it with random image sequences. Advantages: The advantages of graphical password are : Usability: As it was mentioned before one of the most convincing reasons for using graphical password scheme is the fact that humans seem to have an amazing ability for recalling pictures, whether they are line drawings or real objects. Humans brain tends to remember visual images much more easily. So from this point of view Graphical password is more preferable for users because combination of images is easier to remember and reproduce than the combination of letters and digest. Another benefit
JCET, LAKKIDI
for using graphical password is alphabetic independency. It does not matter what language user operates, humans ability to draw, memorize and recognize visual images is nationality independent. Security: Second advantage of graphical scheme is infeasibility to dictionary attacks, because of the large password space, but mainly because there are no preexisting searchable dictionaries for graphical information. In some methods of graphical passwords it is hard to produce automatic attacks (for instance image recognition and determination based on content). This scheme is free of some commonly used techniques of logging. Disadvantages: Security: First disadvantage originates from usability advantage. Because for human it is easy to remember visual images, possibilities of shouldersurfing attack increasing. This usability has double effect: from one side it becomes easily for average user to remember the password, from the other side criminal can easily remember the whole combination of images or areas on the image by standing behind the user. There are some techniques which can prevent such kind of attacks. Second disadvantage is not critical nowadays but still it exists. Graphical passwords require corresponding hardware and software availability on a users machine. (For instance mouse or touch screen for cursor gesture recognition based passwords). The main disadvantage of the graphical password is similar to main disadvantage of text one. It is human. It does not matter how complex, secure and powerful your security system is. If user chose a weak password it can be easily hacked. For example in DAS method if user instead of using random long graphical password draws a circle, there is a high probability that such easy password will be remembered by attacker and reproduced easier that stronger one. In this case the only thing that can be made is to force users to choose strong password and periodically change it. Moreover it is better to implement a service which will control a similarity of users new password with the previous one. Usability:
JCET, LAKKIDI
10
Apart of all advantages all graphical passwords have the same problem they take much longer time for log in than textual passwords. Especially for PickOlock scheme where user needs to remember all strings for all variation of passwords icon. For example if we have 4 passwords icon user needs to remember 16 strings, for 5 25 strings and so on. Passpoint Graphical Password: Now days, to access a computer resource, the most common authentication method we are using is traditional username and Password, in which the password is secret alphanumeric word known to the computer and the user. But users have many problems with the alphanumeric passwords. If a password is not used frequently then there is a chance of forgetting and if the password is hard to guess, it is hard to remember. For these reasons the researchers have developed various graphical password schemes. The PassPoints scheme was first developed by Wiedenbeck,and it is based on the idea of Blonder. Even in Blonders approach the password is represented by multiple clicks on a single image. But Wiedenbecks PassPoints system overcomes the limitation of Blonders scheme, i.e. there are no predefined boundaries around areas of the image where the user can click. One of the advantages with PassPoints scheme is that a user can click on anyplace on the image. It allows the use of arbitrary images. After clicking on several areas, the sequence is stored. A tolerance region around the chosen click points is calculated. When logging in, the user has to click on points within the tolerance. Generally, users cannot click on the same points that are selected during registration. So, a tolerance is given. This tolerance allows a user to click on nearby locations. For example, if the tolerance is 20X20, users can click on any location within the 20 pixels around (top, bottom, left, right) a click point.
JCET, LAKKIDI
11
Fig .2. The PassPoint interface . There is another method in which a single click on multiple images is allowed. It is called as Cued Click Points. These schemes are called as cued recall based schemes since the background image can be regarded as a cue to recall the location of clicks chosen as a password. Along with PassPoints technique, there are other techniques existing. One such technique is Passfaces, in which user chooses four faces from a pool of faces. When logging in , the user sees a 3X3 grid of nine faces, consisting of one face previously chosen by the user and eight decoy faces, the user has to recognize and click anywhere on the chosen face. This procedure is repeated.
Shoulder Surfing Attack: Main drawbacks for the current graphical password schemes are the shoulder-surfing problem and usability problem. Even though graphical passwords are difficult to guess and break, if someone directly observes during the password entering session, he/she probably figure out the password by guessing it randomly. Nevertheless, the issue of how to design the authentication systems which have both the security and usability elements is yet another example of what making the challenge of Human Computer Interaction (HCI) and security communities. In computers security jargon, shouldersurfing refers to the direct observation techniques, such as looking over someones shoulder, to get information like passwords, PINs and other sensitive personal information. As well as when a user enters information using a keyboard, mouse,
JCET, LAKKIDI
12
touch screen or any traditional input device. Like text based passwords graphical passwords are also vulnerable to Shoulder-Surfing. Cued Click Point: The usability and security of CuedClick Points (CCP), a cued-recall graphical password technique. Users click on one point per image for a sequence of images. The next image is based on the previous click-point. Performance was very good in terms of speed, accuracy, and number of errors. Users preferred CCP to PassPoints (Wiedenbeck ), saying that selecting and remembering only one point per image was easier, and that seeing each image triggered their memory of where the corresponding point was located. We also suggest that CCP provides greater security than PassPoints because the number of images increases the workload for attackers. or a sequence of images. The next image displayed is based on the previous click-point so users receive immediate implicit feedback as to whether they are on the correct path when logging in. CCP offers both improved usability and security. We conducted an inlab user study with 24 participants and a total of 257 trials. Users had high success rates, could quickly create and re-enter their passwords, and were very accurate when entering their click-points. Participants rated the system positively and indicated that they preferred CCP to a PassPoints-style system. They also said that they appreciated the immediate implicit feedback telling them whether their latest click-point was correctly entered. A preliminary security analysis of this new scheme is also presented. Hotspots (i.e., areas of the image that users are more likely to select) are a concern in click-based passwords , so CCP uses a large set of images that will be difficult for attackers to obtain. For our proposed system, hotspot analysis requires proportionally more effort by attackers, as each image must be collected and analyzed individually. CCP appears to allow greater security than PassPoints; the workload for attackers of CCP can be arbitrarily increased by augmenting the number of images in the system. As with most graphical passwords, CCP is not intended for environments where shoulder-surfing is a serious threat.
JCET, LAKKIDI
13
3.SYSTEM ANALYSIS AND DESIGN Existing System: The existing system does not allow the companies to centralize the document management. Document encryption and decryption is not performed. It does not provide security for confidential material from accidental misuse, employee theft, unauthorized distribution etc. Drawbacks Of Existing Systems: (i)Lack of security (ii)Prone to unauthorized distribution (iii)Lack of desired accuracy (iv)No encryption and decryption
JCET, LAKKIDI
14
Proposed System: The proposed Cued Click Points scheme shows promise as a usable and memorable authentication mechanism. By taking advantage of users ability to recognize images and the memory trigger associated with seeing a new image, CCP has advantages over PassPoints in terms of usability. Being cued as each image is shown and having to remember only one click-point per image appears easier than having to remember an ordered series of clicks on one image. In our small comparison group, users strongly preferred CCP. We believe that CCP offers a more secure alternative to PassPoints. CCP increases the workload for attackers by forcing them to first acquire image sets for each user, and then conduct hotspot analysis on each of these images. Fur16 Cued Click Points theremore, the systems flexibility to increase the overall number of images in the system allows us to arbitrarily increase this workload. Feasibility Study: Feasibility study is a procedure that identifies, describes and evaluates candidate system and selects the best system for the job. An estimate is made of whether the identified user needs may be satisfied using current software and hardware technologies. The study will decide if the proposed system will be cost effective from a business point of view and if it can be developed given existing budgetary constraints. The key considerations involved in the feasibility analysis are economic, technical, behavioral and operational. Economic Feasibility: The economic analysis is to determine the benefits and savings that are expected from a candidate system and compare them with costs. The system is economically feasible, as the organization possesses the hardware and software resources required for the functioning of the system. Any additional resources, if required, can also be easily acquired. Technical Feasibility: It centers on the existing computer system and to what extent it can support the proposed addition. Since the minimum requirements of the system like IIS o the
JCET, LAKKIDI
15
server and a browser on the client, are met by any average user. Operational Feasibility: The system operation is the longest phase in the development life cycle of a system. So, operational feasibility should be given much importance. The users of the system dont need thorough training on the system. All they are expected to know to operate the system is the basic net surfing knowledge. It has a user-friendly interface. Behavioral Feasibility: In todays world, where computer is an inevitable entity, the systems like auction site, which requires no special efforts than surfing the net are enjoying wide acceptance. Thus the organization is convinced that the system is feasible. Modules Of The Proposed System are:1.Functional management 2. Image manipulation 3.Security 4.User management 5.Network management User management: The user management is the place where the administrator manages the GUI that helps the users to easily use the system without difficulty. Here we implement the side that is directly in contact with the users. Image manipulation: The image manipulation deals with manipulation of the images. Here the adding removing images to the pool is happening. This pool is used for future password tracing stages. Functional Operation: The implementation of the function by means of which the manipulation of the image takes is implemented here. It is by means of this function that the jumbling of the image from one to another , so that each character is traced carefully. Security: Here security of the system is implemented in this module. Order of images is correctly evaluated. And ensures authentication standard.
JCET, LAKKIDI
16
Data Flow Diagram
Figure.3.Context level
JCET, LAKKIDI
17
Figure.4.Level 1 The level 1 of proposed system consists various levels of operations : user management,image manipulation,security and functional operation.The user can login through login section .
Figure.5.user Management The user management is the place where the administrator manages the GUI that helps the users to easily use the system without difficulty. Here we implement the side that is directly in contact with the users.
JCET, LAKKIDI
18
Figure.6.Security Here security of the system is implemented in this module. Order of images is correctly evaluated. And it ensures authentication standard.
JCET, LAKKIDI
19
Figure.7.Image Manipulation The image manipulation deals with manipulation of the images. Here the adding removing images to the pool is happening. This pool is used for future password tracing stages.
JCET, LAKKIDI
20
Figure.8.Functional Operation The implementation of the function by means of which the manipulation of the image takes is implemented here. It is by means of this function that the jumbling of the image from one to another , so that each character is traced carefully.
4. SYSTEM SPECIFICATION AND DESIGN

JCET, LAKKIDI
21
The purpose of system requirements analysis is to obtain a thorough and detailed understanding of the business need as defined in project origination and captured in the business case, and to break it down into discrete requirements, which are then clearly defined, reviewed and agreed upon with the customer decision makers. During system requirements analysis, the framework for the application is developed, providing the foundation for all future design and development efforts. Table.1. Hardware Requirements System Processor Speed Memory Hard Disk Drive IBM-Compatible PC Intel Pentium IV or above 2.8 GHz. 512 MB RAM 80 GB
Table.2. Software Requirements Development Platform Front-End Tool Back-End Tool IDE Windows XP/Linux JAVA My SQL/SQL Server Net Beans/Visual Studio
Java: Java is a programming language originally developed by James Gosling at Sun Microsystems (which is now a subsidiary of Oracle Corporation) and released in 1995 as a core component of Sun Microsystems' Java platform. In the Java programming
JCET, LAKKIDI
22
language, all source code is first written in plain text files ending with the .java extension. Those source files are then compiled into .class files by the javac compiler. A class file does not contain code that is native to your processor; it instead contains bytecodes the machine language of the Java Virtual Machine (Java VM). The java launcher tool then runs your application with an instance of the Java V Because the Java VM is available on many different operating systems, the same .class files are capable of running on Microsoft Windows, the Solaris Operating System (Solaris OS), Linux, or Mac OS. This include various tasks such as finding performance bottlenecks and recompiling (to native code) frequently used sections of code. Through the Java VM, the same application is capable of running on multiple platforms. The Java Platform: A platform is the hardware or software environment in which a program runs.We've already mentioned some of the most popular platforms like Microsoft Windows, Linux, Solaris OS, and Mac OS. Most platforms can be described as a combination of the operating system and underlying hardware. The Java platform differs from most other platforms in that it's a software-only platform that runs on top of other hardwarebased platforms. The Java platform has two components: the java virtual machine and the java Application Programming Interface (API). The Java Virtual Machine; it's the base for the Java platform and is ported onto various hardware-based platforms. The API is a large collection of ready-made software components that provide many useful capabilities. It is grouped into libraries of related classes and interfaces; these libraries are known as packages. The API and Java Virtual Machine insulate the program from the underlying hardware. As a platform-independent environment, the Java platform can be a bit slower than native code. However, advances in compiler and virtual machine technologies are bringing performance close to that of native code without threatening portability. Java platform gives you the following features: Development Tools: The development tools provide everything you'll need for compiling, running, monitoring, debugging, and documenting your applications. As a
JCET, LAKKIDI
23
new developer, the main tools you'll be using are the javac compiler, the java launcher, and the javadoc documentation tool. Application Programming Interface (API): The API provides the core functionality of the Java programming language. It offers a wide array of useful classes ready for use in your own applications. It spans everything from basic objects, to networking and security, to XML generation and database access, and more. The core API is very large. Deployment Technologies: The JDK software provides standard mechanisms such as the Java Web Start software and Java Plug-In software for deploying your applications to end users. User Interface Toolkits: The Swing and Java 2D toolkits make it possible to create sophisticated Graphical User Interfaces (GUIs). Integration Libraries: Integration libraries such as the Java IDL API, JDBCTM API, Java Naming and Directory InterfaceTM ("J.N.D.I.") API, Java RMI, and Java Remote Method Invocation over Internet Inter-ORB Protocol Technology (Java RMI-IIOP Technology) enable database access and manipulation of remote objects. Java technology will help to do the following: Get started quickly: Although the Java programming language is a powerful objectoriented language, it's easy to learn, especially for programmers already familiar with C or C++. Write less code: Comparisons of program metrics (class counts, method counts, and so on) suggest that a program written in the Java programming language can be four times smaller than the same program written in C++. Write better code: The Java programming language encourages good coding practices, and automatic garbage collection helps you avoid memory leaks. Its object orientation, its JavaBeansTM component architecture, and its wide-ranging, easily extendible API let you reuse existing, tested code and introduce fewer bugs. Develop programs more quickly: The Java programming language is simpler than C++, and as such, your development time could be up to twice as fast when writing in it. Your programs will also require fewer lines of code.
JCET, LAKKIDI
24
Avoid platform dependencies: You can keep your program portable by avoiding the use of libraries written in other languages. Write once, run anywhere: Because applications written in the Java programming language are compiled into machine-independent bytecodes, they run consistently on any Java platform. Distribute software more easily: With Java Web Start software, users will be able to launch your applications with a single click of the mouse. An automatic version check at startup ensures that users are always up to date with the latest version of your software. If an update is available, the Java Web Start software will automatically update their installation.
JavaServerPages(JSP):
JSP is a java based technology that simplifies the process of developing dynamic web sites. With JSP, web designers and developers can quickly incorporate dynamic elements into web pages using embedded java and simple mark-up tags. These tags provide the HTML designer with a way to access data and business logic stored inside java objects. Java Server Pages are text files with the extension .jsp, which take the place of traditional HTML pages. JSP files contain traditional HTML along with embedded code that allows the developer to access data from the java code running on the server. JSP offers several benefits for dynamic content generation. As a Java-based technology, it enjoys all of the advantages that the Java language provides with respect to development and deployment. As an object-oriented language with strong typing, encapsulation, exception handling, and automatic memory management, use of Java leads to increased programmer productivity and more robust code. Because compiled Java bytecode is portable across all platforms that support a JVM, use of JSP does not lock us into using a specific hardware platform, operating system, or server software. If a switch in any of these components becomes necessary, all JSP pages and associated Java classes can be migrated over as is. Because JSP is vendor-neutral, developers and system architects can select best of breed solutions at all stages of JSP deployment .JSP technology is the Java platform technology for building applications containing dynamic web content such as HTML, DHTML, XHTML, and XML. The Java Server Pages technology enables the authoring of web
JCET, LAKKIDI
25
pages that create dynamic content easily but with maximum power and flexibility. The Java Server Pages technology offers a number of advantages: Write Once, Run Anywhere properties: The Java Server Pages technology is platform independent, both in its dynamic Web pages, its Web servers, and its underlying server components. We can author JSP pages on any platform, run them on any Web server or Web enabled application server, and access them from any web browser. We can also build the server components on any platform and run them on any server. High quality tool support: The Write Once, Run Anywhere properties of JSP allows the user to choose best-of-breed tools. Additionally, an explicit goal of the Java Server Pages design is to enable the creation of high portable tools. Reuse of components and tag libraries: The Java Server Pages technology emphasizes the use of reusable components such as Java Bean components, Enterprise Java Beans components and tag libraries. These components can be used in interactive tools for component development and page composition. This saves considerable development time while giving the cross-platform power and flexibility of the Java programming language and other scripting languages. Separation of dynamic and static content: The Java Server Pages technology enables the separation of static content from dynamic content that is inserted into the static template. This greatly simplifies the creation of content. This separation is supported by beans specifically designed for the interaction with server-side objects, and, specifically, by the tag extension mechanism. Support for scripting and actions: The Java Server Pages technology supports scripting elements as well as actions. Actions permit the encapsulation of useful functionality in a convenient form that can also be manipulated by tools. Scripts provide mechanism to glue together this functionality in a per-page manner. Web access layer for N-tier enterprise application architecture: The Java Server pages technology is an integral part of the Java 2Platform Enterprise Edition (J2EE), which brings Java technology to enterprise computing. We can now
JCET, LAKKIDI
26
develop powerful middle-tier server applications, using a web site that uses Java Server Pages technology as a front end to Enterprise Java Beans components in a J2EE complaint. My SQL: MySQL database has become the world's most popular Open source database because of its consistency, fast performance, high reliability and ease of use. It has also become the database of choice for a new generation of applications built on the LAMP stack (Linux, Apache, MySQL, PHP / Perl / Python). MySQL runs on more than 20 platforms including Linux, Windows, OS/X, HP-UX, AIX, Netware, giving you the kind of flexibility that puts you in control. MySQL offers a comprehensive range of certified software, support, training and consulting. MySQL is a multithreaded, multi-user SQL Database Management System. My SQL's implementation of a relational database is an abstraction on top of a computers file system. The relational database abstraction allows collection of data items to be organized as a set of formally described tables. Data can be accessed or reassembled from these tables in many different ways, which do not require any reorganization of the database tables themselves. Relational database speak SQL (Structured Query Language). SQL is a standard interactive programming language for getting information from and updating a relational database. Although SQL itself is both an ANSI and an ISO standard, many database products support SQL with proprietary extensions to the standard language. MySQL's extensions to SQL are not proprietary, since MySQL's code is kept free (as in the user's library to use hte code) by the GPL. SQL queries take the form of a command language that lets you select, insert, update, find out the location of data, and so forth. My SQL Features: Very fast and much reliable for any type of application. Very lightweight application. Command line tool is very powerful and can be used to run SQL Supports indexing and binary objects.
JCET, LAKKIDI
queries against database.
27
Allows changing the structure of table while server is running. It has a wide user base.
It is a very fast thread-based memory allocation system.
5. PROJECT DESCRIPTION AND IMPLEMENTATION Cued Click Points (CCP) is a proposed alternative to PassPoints. In CCP, users click one point on each of c = 5 images rather than on five points on one image. It offers cued-recall and introduces visual cues that instantly alert valid users if they have made a mistake when entering their latest click-point (at which point they can cancel their attempt and retry from the beginning). It also makes attacks based on hotspot analysis more challenging, as we discuss later. As shown in Figure each click results
JCET, LAKKIDI
28
in showing a next-image, in effect leading users down a path as they click on their sequence of points. A wrong click leads down an incorrect path, with an explicit indication of authentication failure only after the final click. Users can choose their images only to the extent that their click-point indicates the next image. If they dislike the resulting images, they could create a new password involving different clickpoints to get different images. A trial consisted of the following steps. 1. Create phase: Create a password by clicking on one point in each of five systemselected images presented in sequence. 2. Confirm phase: Confirm this password by re-entering it correctly. Users incorrectly confirming their password could retry the confirmation or return to Step 1. A new password started with the same initial image, but generally included different images thereafter, depending on the click-points. 3. Two questions: Answer two 10-point Likert-scale questions on the computer about their current passwords ease of creation and predicted memorability. statement on a scale ranging from strongly agree to strongly disagree. 4. MRT: Complete a Mental Rotations Test (MRT) puzzle . This was based on task that is used to distract users for a minimum of 30 seconds by giving task to complete in order to clear their working memory. 5. Login phase: Log in with their current password. If users noticed an error during login, they could cancel their login attempt and try again. Alternatively, if they did not know their password, they could create a new password, effectively returning to Step 1 of the trial with the same initial image as a starting point. If users felt too frustrated with the particular images to try again, they could skip this trial and move on to the next trial. them a visual Likertscale questions ask respondents to indicate their level of agreement with the given
JCET, LAKKIDI
29
Figure.9.Implementation Client : (i) Username and Password. (ii) Matters. (iii)New Registration. User: (i) View Advertisements. (ii) Registration.
Figure.10.Images in image pool Ad-Manager consist of mainly 3 modules: (i)The Administration module. (ii)Transaction module. (iii)Client module
JCET, LAKKIDI
30
Administrator Module: This module provides an interface to store informations of client ,user and applications. The basic details along with the rights and permissions provides the scope of this module. This modules provides service like client registration alter/drop, user registration alter/drop and application registration alter/drop. (i)Client Registration And Alter/drop. (ii)The User Registration And Alter/Drop. (iii)Application Registration Alter/Drop. Transaction Module: Transaction module includes Tariff management, various reports, different member activations etc .Advertisement management is also a part of this module.Tariff management includes different rates,which based on the number of images and videos.In the member activation different members are activated or deactivated based on their payments. Management of various advertisements are also under the control of administrator. (i)Tariff Management. (ii)Payments. (iii)Reports. (iv)Member Activation. (v)Advertisement Management Client Module: This module provides details of clients. Client can upload/delete the images and videos in the space which is allocated by the administrator. Client can renew their account by paying an extra amount. (i)Uploading (ii)New Registration. (iii)Client Renewal. (iv)Change Password. Home page:
JCET, LAKKIDI
31
Home page contains login section for user and administrator or manager. Existing both user and administrator / manager can login through login section for entering bank transaction . Using the signup function the new user can register by selecting graphical password and login to the bank transaction process .
Figure.11.Home page
New User Registration: New user can account button. register through signup function that he /she can enter into the registration form. By entering the correct details in all fields he/she must click create
JCET, LAKKIDI
32
Figure.12.New user registration
Figure.13.Image pool After successful registration user can enter into an image pool.Imagepool is a
window that contains lot of images added by administrator. From there user can select first image, and second image and so on. After selecting images user can click DONE button.
JCET, LAKKIDI
33
Figure.14.Cued click page After selecting images from the image pool user can directly enter a new window that contain the previous selected images. User can choose any specific point on the images. This specific points choosen as passwords and must be remember .That points stored in the database. After these steps , registration process is completed. Login Page: After successful registration , the user can first enter user name and text password to enter to bank transaction.Valid user can enter into next section.
JCET, LAKKIDI
34
Figure.15.Login Page1
Figure.16.Login page 2 After that user enter into the another window it contain the image pool. From there user can select first image that user selected during registration time.And then user click the valid specific point on the image.If clicked point is correct then the user can enter to the second picture previously selected by the user.
JCET, LAKKIDI
35
Figure.17.Login Page 3 By selecting the valid point in first image, the user can enter to the second image.If the user can click the point that can clicked during the registration time.If the point is valid, then login is successfully done.
Figure.18.User home page After successful login, user can enter to the user home page.Though the user can perform various actions like viewing profile,fund transfer,feedbacks,requests etc. Administrator Home page:
JCET, LAKKIDI
36
The administrator can login with his/her password and id.The figure shows The administrator home page.Administrator has the authority to perform various Actions.The actions like changing password, bug viewing,adding manager, editing imaging settings etc.
Figure.19.Administrator home page Manager Home Page: Administrator has the authority to add manager .The figure shows manager home page. Manager performs various actions like updating balance,user management,changing
JCET, LAKKIDI
37
password, updating balance etc.
Figure.20.Manager Home page
APPENDIX Code Of Application:
DATABASE CONNECTIVITY ..dbconnect.java

package DBAccess; import java.sql.*; public class DBConnect { Connection cn; JCET, LAKKIDI
PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD Statement st; ResultSet rs; public static int k=1; public static int l=1; public boolean connection_status = false; public DBConnect() { try { Class.forName("com.mysql.jdbc.Driver"); cn = DriverManager.getConnection("jdbc:mysql://localhost/gps","root",""); st = cn.createStatement(); cn.setAutoCommit(false); connection_status = true; } catch (Exception e) { System.out.println(e); } } public boolean isConnected() { return connection_status; } public ResultSet GET(String Query) { try { rs = st.executeQuery(Query); cn.commit(); } catch (Exception e) { System.out.println(e); } return rs; } public int POST(String Query) { int i = 0; int status = 0; try { i = st.executeUpdate(Query); cn.commit(); if(i>0){status = 1;} } catch (Exception e) { System.out.println(e); } return status;}} package DBAccess; import java.sql.ResultSet; import java.util.Random;
38
DATABASE PROCESSINGdbprocess.java
public class DBProcess { public static int count_of_existance = 0; public static boolean isEntryExists(String username) { boolean status = false; JCET, LAKKIDI
PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD try { String Query = "select * from clickpoints where username='"+username+"'"; DBConnect db = new DBConnect(); ResultSet rs = db.GET(Query); while(rs.next()) { System.out.println(count_of_existance); status = true; count_of_existance++; } } catch (Exception e) { System.out.println(e); } return status; } public int getCountOfExistance() { return count_of_existance; } public static boolean UpdatePreviousClickPointImage(String username,String image_name) { boolean status = false; try { String Query = "select * from clickpoints where username='"+username+"'"; DBConnect db = new DBConnect(); ResultSet rs = db.GET(Query); while(rs.next()) { String imageB = rs.getString("imageB"); if(imageB.equalsIgnoreCase("null")) { System.out.println("Updating...."); String click_id = rs.getString("click_id"); String UpdateQuery = "update clickpoints set imageB='"+image_name+"' where click_id='"+click_id+"'"; db.POST(UpdateQuery); break; } } } catch (Exception e) { System.out.println(e); } return status; }
39
public static boolean InsertClickPoint(String username,String imageA,String imageB,int point_x,int point_y) JCET, LAKKIDI
PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD { boolean status = false; try { String Query = "insert into clickpoints (username,imageA,imageB,point_x,point_y) values('"+username+"','"+imageA+"','"+imageB+"','"+point_x+"','"+point_y+"')"; DBConnect db = new DBConnect(); db.POST(Query); } catch (Exception e) { System.out.println(e); } return status; } public boolean isFileExists(String filename) { boolean status = false; try { String Query = "select * from imagedata where image_name='"+filename+"'"; DBConnect db = new DBConnect(); ResultSet rs = db.GET(Query); if(rs.next()) { status = true; } } catch (Exception e) { System.out.println(e); } return status; } public int getTotalUsageCount(String imageName) { int total_count = 0; try { String Query1 = "select * from clickpoints where imageA='"+imageName+"'"; String Query2 = "select * from clickpoints where imageB='"+imageName+"'"; DBConnect db1 = new DBConnect(); DBConnect db2 = new DBConnect(); ResultSet rs1 = db1.GET(Query1); while(rs1.next()) { total_count++; } ResultSet rs2 = db2.GET(Query2); while(rs2.next()) { total_count++;
40
JCET, LAKKIDI
PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD } } catch (Exception e) { System.out.println(e); } return total_count; } public int getTotalUsageCount1(String imageName) { int total_count = 0; try { String Query1 = "select * from imagebk where image_name='"+imageName+"'"; DBConnect db1 = new DBConnect(); ResultSet rs1 = db1.GET(Query1); while(rs1.next()) { total_count++; } } catch (Exception e) { System.out.println(e); } return total_count; } public int getTotalUsageCount2(String imageName) { int total_count = 0; try { String Query1 = "select * from imagesb where image_name='"+imageName+"'"; DBConnect db1 = new DBConnect(); ResultSet rs1 = db1.GET(Query1); while(rs1.next()) { total_count++; } } catch (Exception e) { System.out.println(e); } return total_count; } public boolean checkOldPassword(String username,String password) { boolean status = false;
41
JCET, LAKKIDI
PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD DBConnect db = new DBConnect(); try { String Query = "select * from login where username='"+username+"' and password='"+password+"'"; ResultSet rs = db.GET(Query); if(rs.next()) { status = true; } } catch (Exception e) { System.out.println(e); } return status; } public void ChangePassword(String username,String password) { DBConnect db = new DBConnect(); try { String Query = "update login set password='"+password+"' where username='"+username+"'"; db.POST(Query); } catch (Exception e) { System.out.println(e); } } public int getUserBalance(String username) { int balance = 0; DBConnect db = new DBConnect(); try { String Query = "select * from summary where username='"+username+"'"; ResultSet rs = db.GET(Query); if(rs.next()) { balance = rs.getInt("balance"); } } catch (Exception e) { System.out.println(e); } return balance; } public void updateUserBalance(String username,int balance,String dateTime) { DBConnect db = new DBConnect();
42
JCET, LAKKIDI
PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD try { String Query = "update summary set balance='"+balance+"',date='"+dateTime+"' where username='"+username+"'"; db.POST(Query); } catch (Exception e) { System.out.println(e); } } public void addTransaction(String username,String dateTime,String memo,String type,String amount) { DBConnect db = new DBConnect(); try { String Query = "insert into transactions values('"+username+"','"+dateTime+"','"+memo+"','"+type+"','"+amount+"')"; db.POST(Query); } catch (Exception e) { System.out.println(e); } } public void addTransfer(String username,String dateTime,String memo,String to_username,String amount) { DBConnect db = new DBConnect(); try { String Query = "insert into transfers values('"+username+"','"+dateTime+"','"+memo+"','"+to_username+"','"+amount+"')"; db.POST(Query); } catch (Exception e) { System.out.println(e); } } public static String redirect() { DBConnect db = new DBConnect(); int i=0; try { String Query = "select * from imagedata"; ResultSet rs=db.GET(Query); while(rs.next()){ i++; }
43
JCET, LAKKIDI
PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD int s=new Random().nextInt(i); System.out.println("s>>>.:"+s); String Query1 = "select * from imagedata where image_id='"+s+"'"; ResultSet rs1=db.GET(Query1); if(rs1.next()){ String image = rs1.getString("image_name"); System.out.println("image : "+image); return image; } else{ System.out.println("nullllllll"); return null; } } catch (Exception e) { System.out.println(e); return null;}}}
44
VALIDATING CUED CLICK POINTS.validator.jsp <%@page import="java.sql.*" %> <jsp:useBean id="db" scope="page" class="DBAccess.DBConnect"/> <% int point_x = Integer.parseInt(request.getParameter("point_x")); int point_y = Integer.parseInt(request.getParameter("point_y")); System.out.println("point_x"+point_x); System.out.println("point_y"+point_y); String username = session.getAttribute("Name")+""; String image = request.getParameter("image"); String image1 = request.getParameter("imagebk"); //System.out.println("image"+image); System.out.println("image"+image1); String Q1 = "select * from imagebk where username='"+username+"'"; ResultSet rs4 = db.GET(Q1); if(!rs4.next()){ int i=DBAccess.DBConnect.k; String Q = "insert into imagebk(username,image_name,image_path,count) values('"+username+"','"+image1+"','image/"+image1+"','"+i+"')"; db.POST(Q); } String Query = "select * from imagesb where username='"+username+"'and image_name='"+image+"'"; ResultSet rs = db.GET(Query); if(rs.next()) { String Query1 = "update imagesb set posx='"+point_x+"',posy='"+point_y+"' where
JCET, LAKKIDI
45
username='"+username+"' and image_name='"+image+"'"; db.POST(Query1); response.sendRedirect("ImageAction.jsp"); }else { int p=DBAccess.DBConnect.k++; String Query2 = "insert into imagesb(username,image_name,image_path,posx,posy) values('"+username+"','"+image+"','image/"+image+"','"+point_x+"','"+point_y+"')"; db.POST(Query2); String Query3 = "update imagebk set count='"+p+"' where username='"+username+"'"; db.POST(Query3); response.sendRedirect("ImageAction.jsp"); } %> CLICK POINT SELECTOR..clickpointselector.jsp <%@page import="java.util.*" %> <%@page contentType="text/html" pageEncoding="UTF-8"%> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Click Point Selection</title> </head> <script type="text/javaScript"> function point_it(event,source,count) { pos_x = event.offsetX?(event.offsetX):event.pageXdocument.getElementById("good"+count).offsetLeft; pos_y = event.offsetY?(event.offsetY):event.pageYdocument.getElementById("good"+count).offsetTop; var image = source document.frmclick.form_x.value = pos_x; document.frmclick.form_y.value = pos_y; var xmlhttp; if(window.XMLHttpRequest) { xmlhttp = new XMLHttpRequest(); } else { xmlhttp = new ActiveXObject("Microsoft.XMLHTTP"); } xmlhttp.open("GET","AjaxUpdater.jsp? point_x="+pos_x+"&point_y="+pos_y+"&image="+image,true);
JCET, LAKKIDI
46
xmlhttp.send(); } </script> <body> <form name="frmclick" action="" method="POST"> <% ArrayList selected_images = (ArrayList)session.getAttribute("images_selected"); for (int idx = 0; idx < selected_images.size(); idx++) { String get = selected_images.get(idx).toString(); String name = get.substring(get.indexOf("/")+1,get.length()); %> <div id="good<%=idx%>"> <p><img src="<%=get%>" alt="Unable to Load" id="clicked_image" onclick="point_it(event,'<%=name%>','<%=idx%>')"/></p> </div> <hr/> <% } %> <p> You pointed on x = <input type="text" name="form_x" size="4" /> - y = <input type="text" name="form_y" size="4" /> </p> </form> <form name="frm" action="index1.jsp" method="POST"> <p><input type="submit" name="submit" value=" DONE "/></p> </form> </body> </html>
JCET, LAKKIDI
47
CONCLUSION Graphical passwords are an alternative to existing alphanumeric passwords. In Graphical passwords users click on images than type a long, complex password. Passpoints scheme is one of the Graphical user authentication techniques. In this method the password is represented by multiple clicks on a single image. One of the advantages with Passpoints scheme is that, a user can click on any place in the image as a click point. Graphical authentication suffers a major drawback of Shouldersurfing. Shoulder-surfing refers to someone observing the users action as the user enters a password. Due to this, the users action can be monitored by the attacker or it can be captured using recording devices such as camera. The graphical password system has some important issues. The first issue is that the people are better at memorizing graphical passwords than text-based passwords. And also graphical passwords have a large password space over alphanumeric passwords. Second issue is efficiency; users use the mouse to enter a password, it may be slower than the keyboard. People should spend more time learning and practice the graphical password but by users thinking and feeling this kind of graphical passwords will be
JCET, LAKKIDI
48
much easier than alphanumeric passwords. Although graphical passwords are vulnerable to shoulder surfing attacks, our method provides security over this attack.
BIBILOGRAPHY 1. James Gosling,Bill Joy,Guy Steela The Java Language Specification,2ndEdition,Sun Microsystem 2000 2. E, M, Balagurusamy Programming With Java, 2nd Edition, TataMcGrawHill, Reprint 2000 3. The Java Tutorial, 2nd Edition, volumes Mary Compione and Kathywalrath, Addison Wesley Longmans, 1998. 4. Ramez Elmasri, Shamkanth. B. Navathe, Fundamentals of Database Systems, The Benjamin/Cummings Publishing Company Inc,1989. 5. Silberschats, Henry.F.Korth, S.Sudarshan; Database System Concepts 5th edition McGraw-Hill;2005 6.http://searchsecurity.techtarget.com/definition/graphical-password (Ref.date:2/12/2011) 7. http://www.scs.carleton.ca/~paulv/papers/esorics07-c.pdf(Ref.date:3/03/2012) 8.http://www.cups.cs.cmu.edu/soups/2005/2005proceedings/p1-wiedenbeck.pdf (Ref.date:30/3/2012)
JCET, LAKKIDI
49
JCET, LAKKIDI

Report Purely Automated Graphical Paswd

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Report Purely Automated Graphical Paswd

Caricato da

Copyright:

Formati disponibili

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

Data Flow Diagram

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

4. SYSTEM SPECIFICATION AND DESIGN

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

queries against database.

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

It is a very fast thread-based memory allocation system.

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

Figure.12.New user registration

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

password, updating balance etc.

Figure.20.Manager Home page

APPENDIX Code Of Application:

DATABASE CONNECTIVITY ..dbconnect.java

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

PURELY AUTOMATED ATTACKS ON PASSPOINT-STYLE GRAPHICALPASSWORD

Potrebbero piacerti anche