efficient securing system using graphical captcha
TRANSCRIPT
Efficiently Securing System Using Graphical Captcha
SubmittedBy
S.AnushS.Sankar Anand
ABSTRACT
Many security primitives are based on hard mathematical problems. Using hard AI problems for security is emerging as an exciting new paradigm, but has been underexplored. In this project, we present a new security primitive based on hard AI problems, namely, a novel family of graphical password systems built on top of Captcha technology, which we call Captcha as graphical passwords (CaRP). CaRP is both a Captcha and a graphical password scheme. CaRP also offers a novel approach to address the well-known image hotspot problem in popular graphical password systems, such as Pass Points, that often leads to weak password choices.
Existing System
Captcha is a challenge –response system that is designed to test the human Intelligence and based on the challenge it differentiates humans from automated programs which is easy for most humans to perform but is more difficult and time-consuming for current bots to complete.
In existing system the CbPA-protocol is used which requires solving a Captcha after inputting a valid pair of User ID and password.
Drawbacks of Existing System
Vulnerable against Brute Force, Dictionary attacks.Difficult to understand and are complex for users with
disabilities.Due to Compatibility issues there Technical difficulties
with certain browsers.Time consuming to decipher.
Proposed System
In this project, we introduce a new security primitive based on hard AI problems, namely, a novel family of graphical password systems integrating Captcha technology, which we call CaRP (Captcha as gRaphical Passwords). CaRP is click-based graphical passwords, where a sequence of clicks on an image is used to derive a password.
The user undergoes Graphical image based Captcha challenge where he has to pass the test by clicking appropriate captch images
Advantages of the Proposed System
CaRP offers protection against online dictionary attacks on passwords, which have been for long time a major security threat for various online services.
CaRP also offers protection against relay attacks, an increasing threat to bypass Captchas protection.
CaRP is Highly secure and easy to adopt.Highly recommended for various domains like Banking,
Social-Networks and other web services due to its enhanced security.
SYSTEM REQUIREMENTS
SOFTWARE ENVIRONMENTOperating system: Windows 07/ XP
ProfessionalIDE : Visual Studio 2010Front End : ASP. NetDatabase : SQL Server 2005HARDWARE REQUIREMENTSPROCESSOR: PENTIUM IV 2.6 GHz, Intel
Core 2 Duo.RAM : 2 GB DD RAM
System Architecture
UsernameUsername PasswordPassword
BANKING INTRANET
BANKING INTRANET
ADMINISTRATOR STAFF VALID CUSTOMER
LOGIN LOGIN VIEW ALL TRANSACTIONS
VIEW TRANSACTIONS BETWEEN TWO DATES
A
BRANCH CREATION VIEW TRANSACTION BRANCHWISE
VIEW BRANCH INFO
ACCOUNT CREATION
View All Account Information
VIEW Transaction
A
DAY BOOK BETWEEN TWO DATES
ACCOUNT NUMBER WISE TRANSACTION
Module Description
The project contains Three modules:Administrator module.Staff module.Customer module.
Administrator module:
The administrator is head of all the branches he creates branches in the desired locations and can view all the transactions in all branches.
Module Description Cont……
Staff module:
The staff can login by entering the given username and password. Then, they may create accounts and view all accounts details..
Customer module:
He may login to the web site using the given account number and password which is provided during the account creation.He can do any transaction such as transfer amount from one account to another account.
Sample Screens
Admin login
Sample Screens Cont…..
STAFF LOGIN
Sample Screens Cont…..
Customer login
Sample Screens Cont…..
Upload Picture
Sample Screens Cont…..
5 Point click setup
Sample Screens Cont…..
Captcha setup
CONCLUSION
We present an integrated evaluation of the Persuasive Cued Click-Points graphical password scheme, including usability and security evaluations, and implementation considerations.
An important usability goal for knowledge-based authentication systems is to support users in selecting passwords of higher security, in the sense of being from an expanded effective security space.
We use persuasion to influence user choice in click-based graphical passwords, encouraging users to select more random, and hence more difficult to guess, click-points.
Scope for further Development
We present an integrated evaluation of the Persuasive Cued Click-Points graphical password scheme, including usability and security evaluations, and implementation considerations.
An important usability goal for knowledge-based authentication systems is to support users in selecting passwords of higher security, in the sense of being from an expanded effective security space
As a future work, user can upload the picture and selects the region from that and set the password to secure the access of the application.
References
BOOKS REFEREDR. Biddle, S. Chiasson, and P. C. van Oorschot, “Graphical
passwords:Learning from the first twelve years,” ACM Comput. Surveys, vol. 44,no. 4, 2012.
2.H. Tao and C. Adams, “Pass-Go: A proposal to improve the usability of graphical passwords,” Int. J. Netw. Security, vol. 7, no. 2, pp. 273–292, 2008.
3.P. C. van Oorschot and J. Thorpe, “Exploiting predictability in clickbased graphical passwords,” J. Comput. Security, vol. 19, no. 4, pp. 669–702, 2011.
Thank you