Digital image enhancement using fuzzy interface system

Presented by Devendra SB Guided by Mr.Keerthi Prasad G

Asst. Prof., Dept of IS&E
B.E.,M,Tech

Coordinator Mr. Chandrashekar M V

B.E., M.Tech., M.I.S.T.E

Asst. Prof., Dept of IS&E

Contents

Introduction Existing system Proposed system Architecture Application area Advantages Conclusion Bibliography

Introduction

Image can be contaminated with different types of for different reasons.

noise,

For example, noise can occur because of the circumstances of recording with electronic cameras, dust in front of the lens, because of the circumstances of transmission (damages data) or storage, copying, scanning, etc.. Image enhancement is to improve the interpretability or perception of information in images for human viewers, or to provide `better' input for other automated image processing techniques.

Image Enhancement (IE) transforms images to provide better representation of the subtle details. It is an indispensable tool for researchers in a wide variety of fields including (but not limited to) medical imaging, art studies, forensics and atmospheric sciences.

. This paper targets on mobile banking domain and propose a new and intelligent authentication scheme that is implicit password. This scheme allows any image to be used and it doesnt need artificial predefined click regions. In IPAS, the server has a piece of information. This technique is particularly suited for mobile phones and portable computers, although it may be implemented for any computer.

The authentication scheme can be broadly classified as follows:

What you know:

The traditional username/password or PIN based authentication scheme is an example of the what you know type. What you have: Smartcards or electronic tokens are examples of what you have type of authentication.

 What you are:

Biometric based authentication schemes are examples of the what you are type of authentication. Traditional alphanumeric passwords are always vulnerable to guessing and dictionary attack,key logger attack. Key logger attacks can be overcome by graphical keyboard As an alternative, a token based authentication method may be used. But this technology is not pervasive.

Existing System
Graphical-based password In general, the graphical password techniques can be classified into two categories: recognition-based and recallbased graphical techniques. I. Recognition-Based Systems II. Recall-Based Systems Recognition-Based Systems In this system, a group of images are displayed and an accepted authentication requires a correct image to be clicked or touched in a particular order.

Examples are Awase-E system and Passfaces system. Awase-E system : It is a new system which enables users to use their favorite image instead of a text password for authentication purpose. It is difficult to implement due to the storage space needed for images and the system cannot tolerate replay attack. User may always tend to choose a well-known image which may be prone to guessing.

Passfaces : In this example, the commercial systems uses images of human faces.
Users password selection is affected by race and gender.

Thus making password somewhat predictable.

The recognition-based systems are not completely secure.

Recall-Based Systems In this system, the user is asked to reproduce something that he/she created or selected earlier during the registration phase. Recall based schemes can be broadly classified into two groups, viz: Pure recall-based technique and Cued recall-based technique.

Pure recall-based technique In this technique, users need to reproduce their passwords without any help by system. Some of the common examples are Draw-A-Secret technique and Passdoodle. Draw-A-Secret technique(DAS): In 1999, Jermyn proposed DAS (Draw-A- Secret) scheme, in which the password is a shape drawn on a twodimensional grid of size G * G.

Each cell in the grid is represented by distinct rectangular coordinates (x, y). Values stored in temporal order.

Drawback : A survey which concluded that most users forget their stroke order and they can remember text passwords easier than DAS. The password chosen by users are vulnerable to graphical dictionary attacks and replay attack. Passdoodle It is a graphical password of handwritten drawing or text, sketched with a stylus over a touch sensitive screen.

Users were able to recognize a complete doodle as accurately as text-based passwords. Drawback : This scheme is vulnerable to several attacks such as guessing, key-logger and shoulder surfing.

Cued recall-based technique In this technique, the system gives some hints which help users to reproduce their passwords with high accuracy. These hints represents hot spots(regions) within an image. Users chooses some of the regions to register as their password. Examples of this technique are, Blonder algorithm and PassPoint scheme.

Blonder algorithm In this method, users are shown a pre-determined image on display. Users should click on predefined positions on image in particular order to be authenticated.

This method was later modified and presented as Passpoint. Passpoint In Passpoint, the image can be an arbitrary photograph or paintings with many clickable regions. The password space and security level will be increased. No predefined click area like Blonder algorithm. Password could contain any chosen sequence of points,which increases usability level.

The Passpoint system has a large password space.

Disadvantages Alphanumeric passwords have problems such as being hard to remember, dictionary attack, key-logger, vulnerable to guessing, shoulder-surfing Biometric scheme is costly. Recognition based passwords are not completely secure.

Proposed system

The proposed system focuses only on what you know types of authentication. IPAS is similar to Passpoint with some finer differences. In this scheme, server requests user to reproduce the fact given at the time of registration.

Architecture

This paper specifically focuses on mobile banking , the architecture for this domain is given as,

Bank server provides some set of questions. User selects 10 to 20 questions during registration. For each question, system creates an authentication space. First, a user may request access to the system by presenting his user name and the level of access required. Depending on the level of access required, the system might choose one or more questions.

For each question, the server chooses a random scenario from the authentication space that represents the correct answer. The chosen scenario will have one or more clickable points that represent the answer to the questions. A session key S(Qi) is derived from the correct clickable area through a function f(I). The server chooses a random number p and encrypt p with the S(Qi).

In this way, the user is authenticated implicitly and no confidential information is exchanged over the network. Its up to the developer or organisation to decide what to do when user gives incorrect answer.

Working Model
There are three main modules Create the profile for user Generation of Random Question Compare login Profile / User Profile

Create the profile for user: A user profile is a collection of personal data associated to a specific user. A profile can be used to store the description of the characteristics of person. At the time of registration every user selects answer for security questions and provides their individual answer.

the system then either creates an authentication space. After the authentication space is created, the system is ready for authenticating a user. Generation of Random Question For each question, the server may show a random scenario from the authentication space that represents the correct answer. The chosen scenario have one or more clickable points that represent the answer to the question provided by the particular user.

Compare login Profile / User Profile The applications gather, and exploit, some information about individuals in order to provide password. User name and location points decide whether user is authenticated or not. The authentication information presented to user can be understood only by legitimate user.

Study Case of IPAS (Mobile Banking)

In our case study, we consider mobile banking as our domain. During registration, a user picks 10-20 questions from database and provides answer to selected question. For example, user may choose some questons: The maker of your first car? The city you love to visit or visited? Date of birth?

For each question, server creates an authentication space using images. During authentication , server picks questions randomly. Ex:

Since every time the server uses a different scenario and the answers are given implicitly, our proposed system is immune to screen capture attack.

Application Areas

Medical devices. Military personnel. Acts as a primary method of authentication to replace passwords entirely; Provides additional assurance for financial transactions.

Advantages

The strength of IPAS depends greatly on how effectively the authentication information is embedded implicitly in an image and it should be easy to decrypt for a legitimate user and highly fuzzy for a non-legitimate user. The authentication information is conveyed implicitly.

Conclusion

In this proposed system(IPAS), the authentication information is implicitely presented to user. No password information is exchanged between the client and the server in IPAS. IPAS can tolerate shoulder surfing and screen dump attacks.

Bibliography
Sabzevar, A.P. & Stavrou, A., 2008, Universal Multi-Factor Authentication Using Graphical Passwords, IEEE International Conference on Signal Image Technology and Internet Based Systems (SITIS). Xiaoyuan, S., Z. Ying, et al. (2005). Graphical passwords: a survey, Computer Security Applications Conference, 21st Annual. Masrom, M., F. Towhidi, et al. (2009). Pure and cued recall-based graphical user authentication, Application of Information and Communication Technologies, 2009.