National Conference on “Advanced Technologies in Computing and Networking"-ATCON-2015Special Issue of International Journal of Electronics, Communication & Soft Computing Science and Engineering, ISSN: 2277-9477

227

Graphical Password Authentication Technique using Clickbased feature Integrated with Sound Signature for Enhanced

Online SecurityDharmesh H. Samra Dr. Mrs. S. S. Sherekar Dr. V. M. Thakare

Abstract -Graphical passwords are most preferableauthentication system where users click on images to authenticatethemselves because most of the existing authentication system hascertain drawbacks. To support users for selecting the betterpassword is an important usability goal of an authenticationsystem. User creates memorable password which is easy to guessby an attacker and strong system assigned passwords are difficultto memorize. According to the researchers of modern days theyconcluded that graphical passwords are most preferableauthentication system as they have gone through differentalternative methods. The proposed approach combines thepersuasive cued click point technique and click based graphicalpassword scheme (C-GPS) with the purpose of improving theimage-based authentication in terms of both security andusability. Also it encourages user to select more random clickpoint which is difficult to guess. Specifically, the scheme mainlycontains two operational steps: image selection and soundsignature. That is, users first choose an ordered sequence ofimages and then select sound.

Key Words – Graphical password, Authentication, NetworkSecurity, Usability.

I. INTRODUCTION

Prompting the user to key in their username and password is atraditional way of user authentication. Many authenticationsystems widely use this method. However, passwords caneasily be guessed, vulnerable to key-logger and spyware aresome of the drawbacks to the approach [1]. Moreover, userstend to choose easy password, in other words, passwords thatare easy to remember. Graphical password technique isproposed as an alternative solution to text based. In this papergraphical password is focused which is mainly depends onimages rather than alphanumerical. The main argument is thatusers are better at recognizing and memorizing pictures [2].Besides this, it is very difficult for attackers to steal pictures. Inaddition, if the number of images in the challenge set issufficiently large then the password space will be higher thanthe text based. Edge detection is a very important task foridentifying objects because humans can easily recognizeobjects based on the edges [3]. From this point of view there’sa motivation to implement a graphical password authenticationbased on the knowledge of the edges and some othersimportant factors.Authentication is the act of confirming theidentity of aperson to whom he claims to be. Nowadays, secureuserauthentication system that works well is concernedbyresearchers and manyprofit-making enterprises. Themostcomprehensive authentication method being usedisalphanumeric password. However, it is well known thatlong,

complicated passwords are hard for users toremember, whileshorter ones are susceptible to attack.It has been confirmed thatbiometrics, such asfingerprint, face and retina, can be used as amean touniquely identify a user. This approach canproviderelatively high security in comparison with text-basedsystem. On the other hand, such system may be expensiveforadditional devices. Furthermore, biometric technologywillmake the authentication process complex andtimeconsuming.In recent years, Graphical password schemeshavebeen proposed as alternatives to alphanumericpasswordsby using images as passwords rather thanalphanumericnumbers and biological characteristics.Psychologistshave shown that images are more memorablethan words, thus, graphical passwords can effectivelyovercomethe disadvantages of alphanumeric passwords interms ofmemorability [4]. The existing graphical passwordtechniques can be divided into three general categories:recall-based, recognition-based and cued-recall.

II. BACKGROUND

Today, knowledge-based authentication is the mostwidelyused authentication technique, usually in the formof password.A password is used to prove identity andgain access to aresource. There are two kinds ofpasswords: alphanumericpasswords and graphicalpasswords [1].Traditionally,alphanumeric passwords are widely usedin computer andnetwork authentication to protect user’sprivacy. One of thebiggest security challenges is usingcomplex passwords toimprove system security withoutcreating usability problems.The trouble with complexpasswords is that users either forgetthem or must writethem down to remember them, bothresulting in a bigsecurity problem. The challenge is wellknown in thesecurity community. As a result, users tend tochoose andhandle alphanumeric passwords veryinsecurely.Graphical passwords are an alternative to textpasswords, whereby a user is asked to remember an image (orparts of an image) instead of a word [2]. They are motivated inpart by the well-known fact that people have superiormemorability for images. It is the best purely automated attackagainst Pass Points-style graphical passwords, an evaluation ofhow the model relates to user-selected click-based graphicalpasswords, an efficient heuristic dictionary generationalgorithm, and a new spatial clustering algorithm for groupingnearby click-points. The following figure below shows therepresentation of currentauthentication methods. The problemwith text basedpassword is that user creates memorablepassword which canbe break easily and also the text password

National Conference on “Advanced Technologies in Computing and Networking"-ATCON-2015Special Issue of International Journal of Electronics, Communication & Soft Computing Science and Engineering, ISSN: 2277-9477

227

Graphical Password Authentication Technique using Clickbased feature Integrated with Sound Signature for Enhanced

Online SecurityDharmesh H. Samra Dr. Mrs. S. S. Sherekar Dr. V. M. Thakare

Abstract -Graphical passwords are most preferableauthentication system where users click on images to authenticatethemselves because most of the existing authentication system hascertain drawbacks. To support users for selecting the betterpassword is an important usability goal of an authenticationsystem. User creates memorable password which is easy to guessby an attacker and strong system assigned passwords are difficultto memorize. According to the researchers of modern days theyconcluded that graphical passwords are most preferableauthentication system as they have gone through differentalternative methods. The proposed approach combines thepersuasive cued click point technique and click based graphicalpassword scheme (C-GPS) with the purpose of improving theimage-based authentication in terms of both security andusability. Also it encourages user to select more random clickpoint which is difficult to guess. Specifically, the scheme mainlycontains two operational steps: image selection and soundsignature. That is, users first choose an ordered sequence ofimages and then select sound.

Key Words – Graphical password, Authentication, NetworkSecurity, Usability.

I. INTRODUCTION

Prompting the user to key in their username and password is atraditional way of user authentication. Many authenticationsystems widely use this method. However, passwords caneasily be guessed, vulnerable to key-logger and spyware aresome of the drawbacks to the approach [1]. Moreover, userstend to choose easy password, in other words, passwords thatare easy to remember. Graphical password technique isproposed as an alternative solution to text based. In this papergraphical password is focused which is mainly depends onimages rather than alphanumerical. The main argument is thatusers are better at recognizing and memorizing pictures [2].Besides this, it is very difficult for attackers to steal pictures. Inaddition, if the number of images in the challenge set issufficiently large then the password space will be higher thanthe text based. Edge detection is a very important task foridentifying objects because humans can easily recognizeobjects based on the edges [3]. From this point of view there’sa motivation to implement a graphical password authenticationbased on the knowledge of the edges and some othersimportant factors.Authentication is the act of confirming theidentity of aperson to whom he claims to be. Nowadays, secureuserauthentication system that works well is concernedbyresearchers and manyprofit-making enterprises. Themostcomprehensive authentication method being usedisalphanumeric password. However, it is well known thatlong,

complicated passwords are hard for users toremember, whileshorter ones are susceptible to attack.It has been confirmed thatbiometrics, such asfingerprint, face and retina, can be used as amean touniquely identify a user. This approach canproviderelatively high security in comparison with text-basedsystem. On the other hand, such system may be expensiveforadditional devices. Furthermore, biometric technologywillmake the authentication process complex andtimeconsuming.In recent years, Graphical password schemeshavebeen proposed as alternatives to alphanumericpasswordsby using images as passwords rather thanalphanumericnumbers and biological characteristics.Psychologistshave shown that images are more memorablethan words, thus, graphical passwords can effectivelyovercomethe disadvantages of alphanumeric passwords interms ofmemorability [4]. The existing graphical passwordtechniques can be divided into three general categories:recall-based, recognition-based and cued-recall.

II. BACKGROUND

Today, knowledge-based authentication is the mostwidelyused authentication technique, usually in the formof password.A password is used to prove identity andgain access to aresource. There are two kinds ofpasswords: alphanumericpasswords and graphicalpasswords [1].Traditionally,alphanumeric passwords are widely usedin computer andnetwork authentication to protect user’sprivacy. One of thebiggest security challenges is usingcomplex passwords toimprove system security withoutcreating usability problems.The trouble with complexpasswords is that users either forgetthem or must writethem down to remember them, bothresulting in a bigsecurity problem. The challenge is wellknown in thesecurity community. As a result, users tend tochoose andhandle alphanumeric passwords veryinsecurely.Graphical passwords are an alternative to textpasswords, whereby a user is asked to remember an image (orparts of an image) instead of a word [2]. They are motivated inpart by the well-known fact that people have superiormemorability for images. It is the best purely automated attackagainst Pass Points-style graphical passwords, an evaluation ofhow the model relates to user-selected click-based graphicalpasswords, an efficient heuristic dictionary generationalgorithm, and a new spatial clustering algorithm for groupingnearby click-points. The following figure below shows therepresentation of currentauthentication methods. The problemwith text basedpassword is that user creates memorablepassword which canbe break easily and also the text password

National Conference on “Advanced Technologies in Computing and Networking"-ATCON-2015Special Issue of International Journal of Electronics, Communication & Soft Computing Science and Engineering, ISSN: 2277-9477

227

Graphical Password Authentication Technique using Clickbased feature Integrated with Sound Signature for Enhanced

Online SecurityDharmesh H. Samra Dr. Mrs. S. S. Sherekar Dr. V. M. Thakare

Abstract -Graphical passwords are most preferableauthentication system where users click on images to authenticatethemselves because most of the existing authentication system hascertain drawbacks. To support users for selecting the betterpassword is an important usability goal of an authenticationsystem. User creates memorable password which is easy to guessby an attacker and strong system assigned passwords are difficultto memorize. According to the researchers of modern days theyconcluded that graphical passwords are most preferableauthentication system as they have gone through differentalternative methods. The proposed approach combines thepersuasive cued click point technique and click based graphicalpassword scheme (C-GPS) with the purpose of improving theimage-based authentication in terms of both security andusability. Also it encourages user to select more random clickpoint which is difficult to guess. Specifically, the scheme mainlycontains two operational steps: image selection and soundsignature. That is, users first choose an ordered sequence ofimages and then select sound.

Key Words – Graphical password, Authentication, NetworkSecurity, Usability.

I. INTRODUCTION

Prompting the user to key in their username and password is atraditional way of user authentication. Many authenticationsystems widely use this method. However, passwords caneasily be guessed, vulnerable to key-logger and spyware aresome of the drawbacks to the approach [1]. Moreover, userstend to choose easy password, in other words, passwords thatare easy to remember. Graphical password technique isproposed as an alternative solution to text based. In this papergraphical password is focused which is mainly depends onimages rather than alphanumerical. The main argument is thatusers are better at recognizing and memorizing pictures [2].Besides this, it is very difficult for attackers to steal pictures. Inaddition, if the number of images in the challenge set issufficiently large then the password space will be higher thanthe text based. Edge detection is a very important task foridentifying objects because humans can easily recognizeobjects based on the edges [3]. From this point of view there’sa motivation to implement a graphical password authenticationbased on the knowledge of the edges and some othersimportant factors.Authentication is the act of confirming theidentity of aperson to whom he claims to be. Nowadays, secureuserauthentication system that works well is concernedbyresearchers and manyprofit-making enterprises. Themostcomprehensive authentication method being usedisalphanumeric password. However, it is well known thatlong,

complicated passwords are hard for users toremember, whileshorter ones are susceptible to attack.It has been confirmed thatbiometrics, such asfingerprint, face and retina, can be used as amean touniquely identify a user. This approach canproviderelatively high security in comparison with text-basedsystem. On the other hand, such system may be expensiveforadditional devices. Furthermore, biometric technologywillmake the authentication process complex andtimeconsuming.In recent years, Graphical password schemeshavebeen proposed as alternatives to alphanumericpasswordsby using images as passwords rather thanalphanumericnumbers and biological characteristics.Psychologistshave shown that images are more memorablethan words, thus, graphical passwords can effectivelyovercomethe disadvantages of alphanumeric passwords interms ofmemorability [4]. The existing graphical passwordtechniques can be divided into three general categories:recall-based, recognition-based and cued-recall.

II. BACKGROUND

Today, knowledge-based authentication is the mostwidelyused authentication technique, usually in the formof password.A password is used to prove identity andgain access to aresource. There are two kinds ofpasswords: alphanumericpasswords and graphicalpasswords [1].Traditionally,alphanumeric passwords are widely usedin computer andnetwork authentication to protect user’sprivacy. One of thebiggest security challenges is usingcomplex passwords toimprove system security withoutcreating usability problems.The trouble with complexpasswords is that users either forgetthem or must writethem down to remember them, bothresulting in a bigsecurity problem. The challenge is wellknown in thesecurity community. As a result, users tend tochoose andhandle alphanumeric passwords veryinsecurely.Graphical passwords are an alternative to textpasswords, whereby a user is asked to remember an image (orparts of an image) instead of a word [2]. They are motivated inpart by the well-known fact that people have superiormemorability for images. It is the best purely automated attackagainst Pass Points-style graphical passwords, an evaluation ofhow the model relates to user-selected click-based graphicalpasswords, an efficient heuristic dictionary generationalgorithm, and a new spatial clustering algorithm for groupingnearby click-points. The following figure below shows therepresentation of currentauthentication methods. The problemwith text basedpassword is that user creates memorablepassword which canbe break easily and also the text password

National Conference on “Advanced Technologies in Computing and Networking"-ATCON-2015Special Issue of International Journal of Electronics, Communication & Soft Computing Science and Engineering, ISSN: 2277-9477

228

has limited lengthpassword which means that password spaceis small.Biometric based authentication techniques aresomewhatexpensive, slow and unreliable and thus not preferredby many [4]. Token based authentication system has highsecurity andusability and accessibility then the others. Also thesystemuses theknowledge based techniques to enhance thesecurityof token based system. But the problem with tokenbasedsystem is that if token get lost, the security get alsolost.Therefore the Knowledge based authenticationtechniquesare most preferable technique to improve the realhighsecurity. Graphical Password is one of the knowledgebasedtechnique and it is categorized into Recognition basedand Recall based [5]. In Recognition based techniques user hastorecognize or reproduce the things during the login where asincase of recall based technique user has to recall thethingsduring the login in such a way that whatever theyselectedduring the password creation they have to recall it inthe samemanner.

Figure: Categorization of Password Authentication Techniques

III. PREVIOUS WORK DONE

Paul C. van Oorschot[1] says about Pass- Points-stylegraphical passwords which have been shown to be susceptibleto hot-spots, which can be exploited in human-seeded attacks,whereby human-computed data (harvesting click-points from asmall set of users) is used to facilitate efficient attacks. Theseattacks require that the attacker collect sufficient “human-computed” data for the target image, which is more costly forsystems with multiple images. Logically grouping the click-points through a click-order pattern (such as five points in astraight line), and/or choosing click-points in the areas of theimage that their attention is naturally drawn towards.AmirSadovnik [2] says about attempts to constructdictionary attacksfor PassPoints which is similar to the MPP (Microsoft PicturePassword), butonly allows the tap gesture. In PassPoints, theuser taps n pointson the image in a successive order, whichconstitute his passwords. There are two main categories forthese attacks: human-seeded andpurely automatic. Both rely onthe fact that users tend to select similarlocations in images. Thehuman-seeded attacks need tohave a small set of click pointsinitialized by humans for the sameimages they are attempting

to predict the password on. By clusteringthese points in a smartway they are able to identify regions whichhave a higherprobability of being used in a password. Although thisyieldsstate-of-the-art results it is not applicable in the case of theMPPsince eachuser will select their own personal image, andnoprior information about the image exists.Amir Herzberg[3]proposed an adaptive authentication mechanism based onimage recognition and negative training conditions. Phishing -password theft via fake websites is an extremely worrying,widespread phenomenon. With billions of dollars lost and alarge increase in the amount of attacks, it’s clear that today’sdefenses aren’t adequate. A click whirr response to loginforms, automatically submitting their credentials to a loginform on a familiar interface are developed. Most users alsofollow email links from familiar senders and trust familiarhomepages, even if not protected by SSL, and navigate to thesite’s login page. When following those links and buttons,users might reach a spoofed login page. The three click whirrresponses are mentioned to make the Internet a fertile groundfor phishing attacks. A variety of methods to prevent phishingattacks, including passive and interactive indicators andbookmark tokens are described.DorrinKhazaei [4] proposed aunimodal person authentication system based on signingsound. Person authentication based on only the name,password or person identification number is not securedenough. Human physiological and behavioral parameters arefocused, because these parameters are more unique andhuman-specific than traditional ones. This approach of personauthentication is usually called biometric authentication.Signature is the most commonly used behavioral biometricwhich is investigated in two ways ofonline and offline. Inonline procedure, the temporal indices of signature such assigning velocity, and acceleration are involved to increase theaccuracy relative to offline methods and to recognizecounterfeit signatures. Here a unimodal authentication systembased on the sounds of the signing of thirty persons isproposed. Signals are analyzed in online approach. Fourdifferent types of features based on cepstrum analysis andparametric models are extracted and classified with threedifferent distance based classifiers. For the evaluation of theproposed authentication system, 10xl0 fold cross-validationmethod is used and the results are reported in terms of FalseAccept Rate (FAR) and False Reject Rate (FRR) metrics.

IV. GRAPHICAL PASSWORD AUTHENTICATION

1.PassPointsStyle:PassPoints-Style Graphical Passwordswhich focuses on bottom-up visual attention, using thecomputational model of visual attention of Itti as this model iswell-known, and there is empirical evidence that it capturespeople’s bottom-up visual attention [1]. The general idea is thatareas of an image are salient (or visually “stand out”) whenthey differ from their surroundings. PassPoints involves a usercreating a five-point click sequence on a background image.These graphical passwords have reasonable login and creationtimes, acceptable error rates, decent general perception, andless interference between multiple passwords when compared

National Conference on “Advanced Technologies in Computing and Networking"-ATCON-2015Special Issue of International Journal of Electronics, Communication & Soft Computing Science and Engineering, ISSN: 2277-9477

228

has limited lengthpassword which means that password spaceis small.Biometric based authentication techniques aresomewhatexpensive, slow and unreliable and thus not preferredby many [4]. Token based authentication system has highsecurity andusability and accessibility then the others. Also thesystemuses theknowledge based techniques to enhance thesecurityof token based system. But the problem with tokenbasedsystem is that if token get lost, the security get alsolost.Therefore the Knowledge based authenticationtechniquesare most preferable technique to improve the realhighsecurity. Graphical Password is one of the knowledgebasedtechnique and it is categorized into Recognition basedand Recall based [5]. In Recognition based techniques user hastorecognize or reproduce the things during the login where asincase of recall based technique user has to recall thethingsduring the login in such a way that whatever theyselectedduring the password creation they have to recall it inthe samemanner.

Figure: Categorization of Password Authentication Techniques

III. PREVIOUS WORK DONE

Paul C. van Oorschot[1] says about Pass- Points-stylegraphical passwords which have been shown to be susceptibleto hot-spots, which can be exploited in human-seeded attacks,whereby human-computed data (harvesting click-points from asmall set of users) is used to facilitate efficient attacks. Theseattacks require that the attacker collect sufficient “human-computed” data for the target image, which is more costly forsystems with multiple images. Logically grouping the click-points through a click-order pattern (such as five points in astraight line), and/or choosing click-points in the areas of theimage that their attention is naturally drawn towards.AmirSadovnik [2] says about attempts to constructdictionary attacksfor PassPoints which is similar to the MPP (Microsoft PicturePassword), butonly allows the tap gesture. In PassPoints, theuser taps n pointson the image in a successive order, whichconstitute his passwords. There are two main categories forthese attacks: human-seeded andpurely automatic. Both rely onthe fact that users tend to select similarlocations in images. Thehuman-seeded attacks need tohave a small set of click pointsinitialized by humans for the sameimages they are attempting

to predict the password on. By clusteringthese points in a smartway they are able to identify regions whichhave a higherprobability of being used in a password. Although thisyieldsstate-of-the-art results it is not applicable in the case of theMPPsince eachuser will select their own personal image, andnoprior information about the image exists.Amir Herzberg[3]proposed an adaptive authentication mechanism based onimage recognition and negative training conditions. Phishing -password theft via fake websites is an extremely worrying,widespread phenomenon. With billions of dollars lost and alarge increase in the amount of attacks, it’s clear that today’sdefenses aren’t adequate. A click whirr response to loginforms, automatically submitting their credentials to a loginform on a familiar interface are developed. Most users alsofollow email links from familiar senders and trust familiarhomepages, even if not protected by SSL, and navigate to thesite’s login page. When following those links and buttons,users might reach a spoofed login page. The three click whirrresponses are mentioned to make the Internet a fertile groundfor phishing attacks. A variety of methods to prevent phishingattacks, including passive and interactive indicators andbookmark tokens are described.DorrinKhazaei [4] proposed aunimodal person authentication system based on signingsound. Person authentication based on only the name,password or person identification number is not securedenough. Human physiological and behavioral parameters arefocused, because these parameters are more unique andhuman-specific than traditional ones. This approach of personauthentication is usually called biometric authentication.Signature is the most commonly used behavioral biometricwhich is investigated in two ways ofonline and offline. Inonline procedure, the temporal indices of signature such assigning velocity, and acceleration are involved to increase theaccuracy relative to offline methods and to recognizecounterfeit signatures. Here a unimodal authentication systembased on the sounds of the signing of thirty persons isproposed. Signals are analyzed in online approach. Fourdifferent types of features based on cepstrum analysis andparametric models are extracted and classified with threedifferent distance based classifiers. For the evaluation of theproposed authentication system, 10xl0 fold cross-validationmethod is used and the results are reported in terms of FalseAccept Rate (FAR) and False Reject Rate (FRR) metrics.

IV. GRAPHICAL PASSWORD AUTHENTICATION

1.PassPointsStyle:PassPoints-Style Graphical Passwordswhich focuses on bottom-up visual attention, using thecomputational model of visual attention of Itti as this model iswell-known, and there is empirical evidence that it capturespeople’s bottom-up visual attention [1]. The general idea is thatareas of an image are salient (or visually “stand out”) whenthey differ from their surroundings. PassPoints involves a usercreating a five-point click sequence on a background image.These graphical passwords have reasonable login and creationtimes, acceptable error rates, decent general perception, andless interference between multiple passwords when compared

National Conference on “Advanced Technologies in Computing and Networking"-ATCON-2015Special Issue of International Journal of Electronics, Communication & Soft Computing Science and Engineering, ISSN: 2277-9477

228

has limited lengthpassword which means that password spaceis small.Biometric based authentication techniques aresomewhatexpensive, slow and unreliable and thus not preferredby many [4]. Token based authentication system has highsecurity andusability and accessibility then the others. Also thesystemuses theknowledge based techniques to enhance thesecurityof token based system. But the problem with tokenbasedsystem is that if token get lost, the security get alsolost.Therefore the Knowledge based authenticationtechniquesare most preferable technique to improve the realhighsecurity. Graphical Password is one of the knowledgebasedtechnique and it is categorized into Recognition basedand Recall based [5]. In Recognition based techniques user hastorecognize or reproduce the things during the login where asincase of recall based technique user has to recall thethingsduring the login in such a way that whatever theyselectedduring the password creation they have to recall it inthe samemanner.

Figure: Categorization of Password Authentication Techniques

III. PREVIOUS WORK DONE

Paul C. van Oorschot[1] says about Pass- Points-stylegraphical passwords which have been shown to be susceptibleto hot-spots, which can be exploited in human-seeded attacks,whereby human-computed data (harvesting click-points from asmall set of users) is used to facilitate efficient attacks. Theseattacks require that the attacker collect sufficient “human-computed” data for the target image, which is more costly forsystems with multiple images. Logically grouping the click-points through a click-order pattern (such as five points in astraight line), and/or choosing click-points in the areas of theimage that their attention is naturally drawn towards.AmirSadovnik [2] says about attempts to constructdictionary attacksfor PassPoints which is similar to the MPP (Microsoft PicturePassword), butonly allows the tap gesture. In PassPoints, theuser taps n pointson the image in a successive order, whichconstitute his passwords. There are two main categories forthese attacks: human-seeded andpurely automatic. Both rely onthe fact that users tend to select similarlocations in images. Thehuman-seeded attacks need tohave a small set of click pointsinitialized by humans for the sameimages they are attempting

to predict the password on. By clusteringthese points in a smartway they are able to identify regions whichhave a higherprobability of being used in a password. Although thisyieldsstate-of-the-art results it is not applicable in the case of theMPPsince eachuser will select their own personal image, andnoprior information about the image exists.Amir Herzberg[3]proposed an adaptive authentication mechanism based onimage recognition and negative training conditions. Phishing -password theft via fake websites is an extremely worrying,widespread phenomenon. With billions of dollars lost and alarge increase in the amount of attacks, it’s clear that today’sdefenses aren’t adequate. A click whirr response to loginforms, automatically submitting their credentials to a loginform on a familiar interface are developed. Most users alsofollow email links from familiar senders and trust familiarhomepages, even if not protected by SSL, and navigate to thesite’s login page. When following those links and buttons,users might reach a spoofed login page. The three click whirrresponses are mentioned to make the Internet a fertile groundfor phishing attacks. A variety of methods to prevent phishingattacks, including passive and interactive indicators andbookmark tokens are described.DorrinKhazaei [4] proposed aunimodal person authentication system based on signingsound. Person authentication based on only the name,password or person identification number is not securedenough. Human physiological and behavioral parameters arefocused, because these parameters are more unique andhuman-specific than traditional ones. This approach of personauthentication is usually called biometric authentication.Signature is the most commonly used behavioral biometricwhich is investigated in two ways ofonline and offline. Inonline procedure, the temporal indices of signature such assigning velocity, and acceleration are involved to increase theaccuracy relative to offline methods and to recognizecounterfeit signatures. Here a unimodal authentication systembased on the sounds of the signing of thirty persons isproposed. Signals are analyzed in online approach. Fourdifferent types of features based on cepstrum analysis andparametric models are extracted and classified with threedifferent distance based classifiers. For the evaluation of theproposed authentication system, 10xl0 fold cross-validationmethod is used and the results are reported in terms of FalseAccept Rate (FAR) and False Reject Rate (FRR) metrics.

IV. GRAPHICAL PASSWORD AUTHENTICATION

1.PassPointsStyle:PassPoints-Style Graphical Passwordswhich focuses on bottom-up visual attention, using thecomputational model of visual attention of Itti as this model iswell-known, and there is empirical evidence that it capturespeople’s bottom-up visual attention [1]. The general idea is thatareas of an image are salient (or visually “stand out”) whenthey differ from their surroundings. PassPoints involves a usercreating a five-point click sequence on a background image.These graphical passwords have reasonable login and creationtimes, acceptable error rates, decent general perception, andless interference between multiple passwords when compared

National Conference on “Advanced Technologies in Computing and Networking"-ATCON-2015Special Issue of International Journal of Electronics, Communication & Soft Computing Science and Engineering, ISSN: 2277-9477

229

to text passwords. A successful dictionary attack must be ableto efficiently generate a dictionary containing highly probablepasswords. The size of a dictionary is normally considered themost important cost for a dictionary attack, whereas the cost ofdictionary generation is often neglected; the latter is reasonableif a one-time pre-computation can be reused. Alternately, if thedictionary must be generated on-the-fly, or recomputed eachtime (e.g., for a different background image), then the cost ofdictionary generation may become as or more important thanthe size of the dictionary itself. Given an alphabet, it canefficiently generate -permutations that also satisfy a predefinedset of conditions (e.g., click-order heuristics). This method ismore efficient than generating all possible -permutations fromthe alphabet and then checking which ones satisfy a predefinedcondition.

2. AcousAuth: Smartphone empowered system designed forpersonal authentication is described as AcousAuth. AcousAuthadopts the emerging friendly jamming technique from radiocommunication for data confidentiality and it features aseamless, faster, easier and safer user authentication processwithout the need for special infrastructure [3]. This system isintended to provide security assurances comparable to orgreater than that of conventional authentication systems whileoffering the same user experience as inputting a passwordalone. AcousAuth provides a purely software-based solution tosecure Smartphone short-range communication without keyagreement phase and it is potentially well suited for legacymobile devices. Despite the computational restrictionsandbandwidth of mobile device, the mobile application is ableto maintain real-time performance.

Two modules are implemented which is described asfollows,Module I: The seed value or unique value forthe user is set

in Module I. Selecting the Firstimage is a vital role played byseed value. For further image selection also this seed value isused.The seed value is generating on the basis of user name.Thenthe user name and seed value will decide the First image.

Module II: CenteredDiscretization technique isimplementedin module II. Discretization is used to just allow thecorrectclick-points to be accepted in the region without storingexactclick-point co-ordinates. Centre tolerance is offered byCentered Discretization such that during password creationaninvisible grid is overlaid in such a way that the grid comesincenter with respect to selected click-point and the gridsizeused is 2r×2r. The image is divided into square\toleranceregions, to verify whether a login click-point comeswithin thesame tolerance region as the original click-point. Thegrids location is set for every clickpoint during passwordcreation and there is an identical tolerance area centered ontheoriginal click-point, by calculating the appropriate value andgrid offset (in pixels) from an origin at thetop-left corner of theimage. Later during user login, thesystem uses the originallyrecorded grid offsets to place thegrid and determine theacceptance of the each login clickpoint.

V. PROPOSED METHODOLOGY

In Click based graphical password scheme (C-GPS), usersare required to select several images from an image pool is the

first step known as image selection. Users should first select n∈ N1 images if suppose there are N1 images in the image pool,in a fixed order and remember this order of images like a story.The images in the pool are everyday images with differenttopics (e.g., images of cartoon characters, images oflandscape). Subsequently, users should further choose k ∈ nimages from the above selected n images which will be used inthe next step. Consider while implementing the system, let N1

= 10 is set and users should first select n = 4 images out of theimage pool and organize these images in a story order. Then,users have to further select k = 1 images for click-drawing theirsecrets. During the authentication, users should re-select thesame n = 4 images in the correct ordered sequence and furtherselect the right k = 1 image for click drawing their secrets. InFig 1. below, given a case to illustrate the step of imageselection in the example system.

Fig 1. Step of Image Selection

VI. RESULT AND ANALYSIS

As shown in Fig a. above, there are totally 10 everydayimages (arranged in 5×2 grids) in the image pool that covervarious themes such as fruits, landscape, cartoon characters,food, sport, buildings, cars, animals, books and people. Usersshould first select 4 images from the image pool in a story-sequence (e.g., {6, 3, 4, and 7}) that users can construct andremember their stories through, using their selected imagesaccording to their own preference and knowledge. Then, usersshould further select 1 image (e.g., {3}) from the above 4selected images to draw their secrets in the step of secretdrawing. During the authentication, users are required to re-select these images in the correct ordered sequence. PersuasiveTechnology motivates and influence people to behave in adesired manner and hence proposed system is based on it. Theproposed system is based on click based graphical passwordsystem that not only guides and helps the user for passwordselection but also encourages the user to select more randomdistributed password. The Persuasive features are combinedwith the cued click point in proposed system to makeauthentication system more secure. Basically during passwordcreation the part of an image which is less guessable ishighlighted and user has to select the click-point within thehighlighted portion and if the user is unable to select the click-point then he/she can move towards the next highlightedportion by pressing the shuffle button. Selecting more randompasswords is basically guided by the highlighted part of animage, which is less likely to include hotspots. Therefore this

National Conference on “Advanced Technologies in Computing and Networking"-ATCON-2015Special Issue of International Journal of Electronics, Communication & Soft Computing Science and Engineering, ISSN: 2277-9477

229

to text passwords. A successful dictionary attack must be ableto efficiently generate a dictionary containing highly probablepasswords. The size of a dictionary is normally considered themost important cost for a dictionary attack, whereas the cost ofdictionary generation is often neglected; the latter is reasonableif a one-time pre-computation can be reused. Alternately, if thedictionary must be generated on-the-fly, or recomputed eachtime (e.g., for a different background image), then the cost ofdictionary generation may become as or more important thanthe size of the dictionary itself. Given an alphabet, it canefficiently generate -permutations that also satisfy a predefinedset of conditions (e.g., click-order heuristics). This method ismore efficient than generating all possible -permutations fromthe alphabet and then checking which ones satisfy a predefinedcondition.

2. AcousAuth: Smartphone empowered system designed forpersonal authentication is described as AcousAuth. AcousAuthadopts the emerging friendly jamming technique from radiocommunication for data confidentiality and it features aseamless, faster, easier and safer user authentication processwithout the need for special infrastructure [3]. This system isintended to provide security assurances comparable to orgreater than that of conventional authentication systems whileoffering the same user experience as inputting a passwordalone. AcousAuth provides a purely software-based solution tosecure Smartphone short-range communication without keyagreement phase and it is potentially well suited for legacymobile devices. Despite the computational restrictionsandbandwidth of mobile device, the mobile application is ableto maintain real-time performance.

Two modules are implemented which is described asfollows,Module I: The seed value or unique value forthe user is set

in Module I. Selecting the Firstimage is a vital role played byseed value. For further image selection also this seed value isused.The seed value is generating on the basis of user name.Thenthe user name and seed value will decide the First image.

Module II: CenteredDiscretization technique isimplementedin module II. Discretization is used to just allow thecorrectclick-points to be accepted in the region without storingexactclick-point co-ordinates. Centre tolerance is offered byCentered Discretization such that during password creationaninvisible grid is overlaid in such a way that the grid comesincenter with respect to selected click-point and the gridsizeused is 2r×2r. The image is divided into square\toleranceregions, to verify whether a login click-point comeswithin thesame tolerance region as the original click-point. Thegrids location is set for every clickpoint during passwordcreation and there is an identical tolerance area centered ontheoriginal click-point, by calculating the appropriate value andgrid offset (in pixels) from an origin at thetop-left corner of theimage. Later during user login, thesystem uses the originallyrecorded grid offsets to place thegrid and determine theacceptance of the each login clickpoint.

V. PROPOSED METHODOLOGY

In Click based graphical password scheme (C-GPS), usersare required to select several images from an image pool is the

first step known as image selection. Users should first select n∈ N1 images if suppose there are N1 images in the image pool,in a fixed order and remember this order of images like a story.The images in the pool are everyday images with differenttopics (e.g., images of cartoon characters, images oflandscape). Subsequently, users should further choose k ∈ nimages from the above selected n images which will be used inthe next step. Consider while implementing the system, let N1

= 10 is set and users should first select n = 4 images out of theimage pool and organize these images in a story order. Then,users have to further select k = 1 images for click-drawing theirsecrets. During the authentication, users should re-select thesame n = 4 images in the correct ordered sequence and furtherselect the right k = 1 image for click drawing their secrets. InFig 1. below, given a case to illustrate the step of imageselection in the example system.

Fig 1. Step of Image Selection

VI. RESULT AND ANALYSIS

As shown in Fig a. above, there are totally 10 everydayimages (arranged in 5×2 grids) in the image pool that covervarious themes such as fruits, landscape, cartoon characters,food, sport, buildings, cars, animals, books and people. Usersshould first select 4 images from the image pool in a story-sequence (e.g., {6, 3, 4, and 7}) that users can construct andremember their stories through, using their selected imagesaccording to their own preference and knowledge. Then, usersshould further select 1 image (e.g., {3}) from the above 4selected images to draw their secrets in the step of secretdrawing. During the authentication, users are required to re-select these images in the correct ordered sequence. PersuasiveTechnology motivates and influence people to behave in adesired manner and hence proposed system is based on it. Theproposed system is based on click based graphical passwordsystem that not only guides and helps the user for passwordselection but also encourages the user to select more randomdistributed password. The Persuasive features are combinedwith the cued click point in proposed system to makeauthentication system more secure. Basically during passwordcreation the part of an image which is less guessable ishighlighted and user has to select the click-point within thehighlighted portion and if the user is unable to select the click-point then he/she can move towards the next highlightedportion by pressing the shuffle button. Selecting more randompasswords is basically guided by the highlighted part of animage, which is less likely to include hotspots. Therefore this

National Conference on “Advanced Technologies in Computing and Networking"-ATCON-2015Special Issue of International Journal of Electronics, Communication & Soft Computing Science and Engineering, ISSN: 2277-9477

229

to text passwords. A successful dictionary attack must be ableto efficiently generate a dictionary containing highly probablepasswords. The size of a dictionary is normally considered themost important cost for a dictionary attack, whereas the cost ofdictionary generation is often neglected; the latter is reasonableif a one-time pre-computation can be reused. Alternately, if thedictionary must be generated on-the-fly, or recomputed eachtime (e.g., for a different background image), then the cost ofdictionary generation may become as or more important thanthe size of the dictionary itself. Given an alphabet, it canefficiently generate -permutations that also satisfy a predefinedset of conditions (e.g., click-order heuristics). This method ismore efficient than generating all possible -permutations fromthe alphabet and then checking which ones satisfy a predefinedcondition.

2. AcousAuth: Smartphone empowered system designed forpersonal authentication is described as AcousAuth. AcousAuthadopts the emerging friendly jamming technique from radiocommunication for data confidentiality and it features aseamless, faster, easier and safer user authentication processwithout the need for special infrastructure [3]. This system isintended to provide security assurances comparable to orgreater than that of conventional authentication systems whileoffering the same user experience as inputting a passwordalone. AcousAuth provides a purely software-based solution tosecure Smartphone short-range communication without keyagreement phase and it is potentially well suited for legacymobile devices. Despite the computational restrictionsandbandwidth of mobile device, the mobile application is ableto maintain real-time performance.

Two modules are implemented which is described asfollows,Module I: The seed value or unique value forthe user is set

in Module I. Selecting the Firstimage is a vital role played byseed value. For further image selection also this seed value isused.The seed value is generating on the basis of user name.Thenthe user name and seed value will decide the First image.

Module II: CenteredDiscretization technique isimplementedin module II. Discretization is used to just allow thecorrectclick-points to be accepted in the region without storingexactclick-point co-ordinates. Centre tolerance is offered byCentered Discretization such that during password creationaninvisible grid is overlaid in such a way that the grid comesincenter with respect to selected click-point and the gridsizeused is 2r×2r. The image is divided into square\toleranceregions, to verify whether a login click-point comeswithin thesame tolerance region as the original click-point. Thegrids location is set for every clickpoint during passwordcreation and there is an identical tolerance area centered ontheoriginal click-point, by calculating the appropriate value andgrid offset (in pixels) from an origin at thetop-left corner of theimage. Later during user login, thesystem uses the originallyrecorded grid offsets to place thegrid and determine theacceptance of the each login clickpoint.

V. PROPOSED METHODOLOGY

In Click based graphical password scheme (C-GPS), usersare required to select several images from an image pool is the

first step known as image selection. Users should first select n∈ N1 images if suppose there are N1 images in the image pool,in a fixed order and remember this order of images like a story.The images in the pool are everyday images with differenttopics (e.g., images of cartoon characters, images oflandscape). Subsequently, users should further choose k ∈ nimages from the above selected n images which will be used inthe next step. Consider while implementing the system, let N1

= 10 is set and users should first select n = 4 images out of theimage pool and organize these images in a story order. Then,users have to further select k = 1 images for click-drawing theirsecrets. During the authentication, users should re-select thesame n = 4 images in the correct ordered sequence and furtherselect the right k = 1 image for click drawing their secrets. InFig 1. below, given a case to illustrate the step of imageselection in the example system.

Fig 1. Step of Image Selection

VI. RESULT AND ANALYSIS

As shown in Fig a. above, there are totally 10 everydayimages (arranged in 5×2 grids) in the image pool that covervarious themes such as fruits, landscape, cartoon characters,food, sport, buildings, cars, animals, books and people. Usersshould first select 4 images from the image pool in a story-sequence (e.g., {6, 3, 4, and 7}) that users can construct andremember their stories through, using their selected imagesaccording to their own preference and knowledge. Then, usersshould further select 1 image (e.g., {3}) from the above 4selected images to draw their secrets in the step of secretdrawing. During the authentication, users are required to re-select these images in the correct ordered sequence. PersuasiveTechnology motivates and influence people to behave in adesired manner and hence proposed system is based on it. Theproposed system is based on click based graphical passwordsystem that not only guides and helps the user for passwordselection but also encourages the user to select more randomdistributed password. The Persuasive features are combinedwith the cued click point in proposed system to makeauthentication system more secure. Basically during passwordcreation the part of an image which is less guessable ishighlighted and user has to select the click-point within thehighlighted portion and if the user is unable to select the click-point then he/she can move towards the next highlightedportion by pressing the shuffle button. Selecting more randompasswords is basically guided by the highlighted part of animage, which is less likely to include hotspots. Therefore this

National Conference on “Advanced Technologies in Computing and Networking"-ATCON-2015Special Issue of International Journal of Electronics, Communication & Soft Computing Science and Engineering, ISSN: 2277-9477

230

works encouraging users to select more random, and difficultpasswords to guess. During Login, images are displayednormally but this time highlighted portion is not present as itonly provides the system suggestion and user has to select theclick point as chosen at the time of password creation.Supporting users in selecting password of higher security withlarger password space is an important usability goal ofproposed system. The pattern formation attack and Hotspotattack (it is an area of an image where most of the user isselecting it as the click-point) are removed by the proposedsystem. Also it removes the shoulder surfing attack.

CONCLUSION

This approach may give us a better result in terms of speedof recalling a password. A comprehensive analysis of existingrecall-based graphical password schemes, covering bothusability and security aspects can be performed. A novelapproach which uses sound signature to recall graphicalpassword click points is proposed. Larger password space isprovided by the proposed scheme then the alphanumericpassword is one of the major advantages. As Graphicalpassword is better than the Text based passwords there is arising interest in it, while people are better atmemorizinggraphical passwords than text-based passwords is animportantargument for graphical passwords. Sinceit providesthe system suggestionit removes the pattern formation andhotspot attack. Also the proposed systemremoves the shouldersurfing attack.

FUTURE SCOPE

In order to improve theresults, other feature extractionmethods and classifiers can be studied, to ensure that theusability impact is acceptable and that security is not impactedin other unexpectedways.

REFERENCES

[1] Paul C. van Oorschot, AmiraliSalehi- Abari, and JulieThorpe, “Purely Automated Attacks on PassPoints-StyleGraphical Passwords”, IEEE Transactions on InformationForensics and Security, vol. 5, no. 3, pp. 393 to 405,September 2010.

[2] Amir Sadovnik and Tsuhan Chen, “A Visual Dictionary attack onpicture passwords”, ICIP 2013, 978-1-4799-2341, PP. 4447 to 4451,January 2013.

[3] Amir Herzberg and Ronen Margulies, “Training Johnny toAuthenticate (Safely): An adaptive authentication mechanism basedon image recognition and negative training conditions users to log insafely and increases attack detection rates”, IEEE Computer andReliability Societies, 1540-7993/12, PP. 37 to 45, January/February2012.

[4] DorrinKhazaei, KeivanMaghooli, FardinAfdideh, Hilda Azimi, “Aunimodal person authentication system based on signing sound”,Proceedings of the IEEE-EMBS International Conference onBiomedical and Health Informatics (BHI 2012), 978-1-4577-2177-9,PP. 152 to 154, 2-7 Jan 2012.

[5] Si Chen, Muyuan Li, Zhan Qin, Bings heng Zhang, KuiRen,“AcousAuth: An acoustic-based mobile Application for userauthentication”, 2014 IEEE INFOCOM, 978-1-4673-1017, PP. 215 -216, August 2014.

AUTHOR’S PROFILE

Dharmesh H. SamraD.H Samra has completed B.E. Degree inInformation Technology from SantGadge BabaAmravati University, Amravati, Maharashtra. Heis pursuingMaster’s Degree in Computer Scienceand Information Technology from P.G.Department of Computer Science andEngineering, S.G.B.A.U. Amravati.

Dr. Mrs. S. S. SherekarDr. Swati Sherekar received the degree of M.Sc.and Ph.D. in computer sciencefrom SGBAmravati University, Amravati. Presentlyworking as Associate professor in the P. G.Department of Computer Science and Engg.Andhaving 19 years of teaching experience. Her areaof research is Network security, data security,Image Processing and completed her Ph.D. inmultimedia authentication. Completed one MRP.Number of papers is on her credits at National &International level journals and conferences.

Dr. V. M. ThakareDr. Vilas M. Thakare is Professor and Head inPost Graduate department of Computer Scienceand Engg, Faculty of Engineering &Technology, SGB Amravati university,Amravati. He is also working as a coordinator onUGC sponsored scheme of e-learning and m-learning specially designed for teaching andresearch. He is Ph.D. in Computer Science/Enggand completed M.E. in year 1989 and graduatedin 1984-85.He has exhibited meritorious performance in hisstudentship. He has more than 27 years ofexperience in teaching and research. Throughouthis teaching career he has taught more than 50subjects at various UG and PG level courses. Hehas done his PhD in area of robotics, AI andcomputer architecture. He has completed oneUGC research project on "MRP”. He haspublished more than 150 papers in International& National level Journals and also InternationalConferences and National level Conferences.

National Conference on “Advanced Technologies in Computing and Networking"-ATCON-2015Special Issue of International Journal of Electronics, Communication & Soft Computing Science and Engineering, ISSN: 2277-9477

230

works encouraging users to select more random, and difficultpasswords to guess. During Login, images are displayednormally but this time highlighted portion is not present as itonly provides the system suggestion and user has to select theclick point as chosen at the time of password creation.Supporting users in selecting password of higher security withlarger password space is an important usability goal ofproposed system. The pattern formation attack and Hotspotattack (it is an area of an image where most of the user isselecting it as the click-point) are removed by the proposedsystem. Also it removes the shoulder surfing attack.

CONCLUSION

This approach may give us a better result in terms of speedof recalling a password. A comprehensive analysis of existingrecall-based graphical password schemes, covering bothusability and security aspects can be performed. A novelapproach which uses sound signature to recall graphicalpassword click points is proposed. Larger password space isprovided by the proposed scheme then the alphanumericpassword is one of the major advantages. As Graphicalpassword is better than the Text based passwords there is arising interest in it, while people are better atmemorizinggraphical passwords than text-based passwords is animportantargument for graphical passwords. Sinceit providesthe system suggestionit removes the pattern formation andhotspot attack. Also the proposed systemremoves the shouldersurfing attack.

FUTURE SCOPE

In order to improve theresults, other feature extractionmethods and classifiers can be studied, to ensure that theusability impact is acceptable and that security is not impactedin other unexpectedways.

REFERENCES

[1] Paul C. van Oorschot, AmiraliSalehi- Abari, and JulieThorpe, “Purely Automated Attacks on PassPoints-StyleGraphical Passwords”, IEEE Transactions on InformationForensics and Security, vol. 5, no. 3, pp. 393 to 405,September 2010.

[2] Amir Sadovnik and Tsuhan Chen, “A Visual Dictionary attack onpicture passwords”, ICIP 2013, 978-1-4799-2341, PP. 4447 to 4451,January 2013.

[3] Amir Herzberg and Ronen Margulies, “Training Johnny toAuthenticate (Safely): An adaptive authentication mechanism basedon image recognition and negative training conditions users to log insafely and increases attack detection rates”, IEEE Computer andReliability Societies, 1540-7993/12, PP. 37 to 45, January/February2012.

[4] DorrinKhazaei, KeivanMaghooli, FardinAfdideh, Hilda Azimi, “Aunimodal person authentication system based on signing sound”,Proceedings of the IEEE-EMBS International Conference onBiomedical and Health Informatics (BHI 2012), 978-1-4577-2177-9,PP. 152 to 154, 2-7 Jan 2012.

[5] Si Chen, Muyuan Li, Zhan Qin, Bings heng Zhang, KuiRen,“AcousAuth: An acoustic-based mobile Application for userauthentication”, 2014 IEEE INFOCOM, 978-1-4673-1017, PP. 215 -216, August 2014.

AUTHOR’S PROFILE

Dharmesh H. SamraD.H Samra has completed B.E. Degree inInformation Technology from SantGadge BabaAmravati University, Amravati, Maharashtra. Heis pursuingMaster’s Degree in Computer Scienceand Information Technology from P.G.Department of Computer Science andEngineering, S.G.B.A.U. Amravati.

Dr. Mrs. S. S. SherekarDr. Swati Sherekar received the degree of M.Sc.and Ph.D. in computer sciencefrom SGBAmravati University, Amravati. Presentlyworking as Associate professor in the P. G.Department of Computer Science and Engg.Andhaving 19 years of teaching experience. Her areaof research is Network security, data security,Image Processing and completed her Ph.D. inmultimedia authentication. Completed one MRP.Number of papers is on her credits at National &International level journals and conferences.

Dr. V. M. ThakareDr. Vilas M. Thakare is Professor and Head inPost Graduate department of Computer Scienceand Engg, Faculty of Engineering &Technology, SGB Amravati university,Amravati. He is also working as a coordinator onUGC sponsored scheme of e-learning and m-learning specially designed for teaching andresearch. He is Ph.D. in Computer Science/Enggand completed M.E. in year 1989 and graduatedin 1984-85.He has exhibited meritorious performance in hisstudentship. He has more than 27 years ofexperience in teaching and research. Throughouthis teaching career he has taught more than 50subjects at various UG and PG level courses. Hehas done his PhD in area of robotics, AI andcomputer architecture. He has completed oneUGC research project on "MRP”. He haspublished more than 150 papers in International& National level Journals and also InternationalConferences and National level Conferences.

National Conference on “Advanced Technologies in Computing and Networking"-ATCON-2015Special Issue of International Journal of Electronics, Communication & Soft Computing Science and Engineering, ISSN: 2277-9477

230

works encouraging users to select more random, and difficultpasswords to guess. During Login, images are displayednormally but this time highlighted portion is not present as itonly provides the system suggestion and user has to select theclick point as chosen at the time of password creation.Supporting users in selecting password of higher security withlarger password space is an important usability goal ofproposed system. The pattern formation attack and Hotspotattack (it is an area of an image where most of the user isselecting it as the click-point) are removed by the proposedsystem. Also it removes the shoulder surfing attack.

CONCLUSION

This approach may give us a better result in terms of speedof recalling a password. A comprehensive analysis of existingrecall-based graphical password schemes, covering bothusability and security aspects can be performed. A novelapproach which uses sound signature to recall graphicalpassword click points is proposed. Larger password space isprovided by the proposed scheme then the alphanumericpassword is one of the major advantages. As Graphicalpassword is better than the Text based passwords there is arising interest in it, while people are better atmemorizinggraphical passwords than text-based passwords is animportantargument for graphical passwords. Sinceit providesthe system suggestionit removes the pattern formation andhotspot attack. Also the proposed systemremoves the shouldersurfing attack.

FUTURE SCOPE

In order to improve theresults, other feature extractionmethods and classifiers can be studied, to ensure that theusability impact is acceptable and that security is not impactedin other unexpectedways.

REFERENCES

[1] Paul C. van Oorschot, AmiraliSalehi- Abari, and JulieThorpe, “Purely Automated Attacks on PassPoints-StyleGraphical Passwords”, IEEE Transactions on InformationForensics and Security, vol. 5, no. 3, pp. 393 to 405,September 2010.

[2] Amir Sadovnik and Tsuhan Chen, “A Visual Dictionary attack onpicture passwords”, ICIP 2013, 978-1-4799-2341, PP. 4447 to 4451,January 2013.

[3] Amir Herzberg and Ronen Margulies, “Training Johnny toAuthenticate (Safely): An adaptive authentication mechanism basedon image recognition and negative training conditions users to log insafely and increases attack detection rates”, IEEE Computer andReliability Societies, 1540-7993/12, PP. 37 to 45, January/February2012.

[4] DorrinKhazaei, KeivanMaghooli, FardinAfdideh, Hilda Azimi, “Aunimodal person authentication system based on signing sound”,Proceedings of the IEEE-EMBS International Conference onBiomedical and Health Informatics (BHI 2012), 978-1-4577-2177-9,PP. 152 to 154, 2-7 Jan 2012.

[5] Si Chen, Muyuan Li, Zhan Qin, Bings heng Zhang, KuiRen,“AcousAuth: An acoustic-based mobile Application for userauthentication”, 2014 IEEE INFOCOM, 978-1-4673-1017, PP. 215 -216, August 2014.

AUTHOR’S PROFILE

Dharmesh H. SamraD.H Samra has completed B.E. Degree inInformation Technology from SantGadge BabaAmravati University, Amravati, Maharashtra. Heis pursuingMaster’s Degree in Computer Scienceand Information Technology from P.G.Department of Computer Science andEngineering, S.G.B.A.U. Amravati.

Dr. Mrs. S. S. SherekarDr. Swati Sherekar received the degree of M.Sc.and Ph.D. in computer sciencefrom SGBAmravati University, Amravati. Presentlyworking as Associate professor in the P. G.Department of Computer Science and Engg.Andhaving 19 years of teaching experience. Her areaof research is Network security, data security,Image Processing and completed her Ph.D. inmultimedia authentication. Completed one MRP.Number of papers is on her credits at National &International level journals and conferences.

Dr. V. M. ThakareDr. Vilas M. Thakare is Professor and Head inPost Graduate department of Computer Scienceand Engg, Faculty of Engineering &Technology, SGB Amravati university,Amravati. He is also working as a coordinator onUGC sponsored scheme of e-learning and m-learning specially designed for teaching andresearch. He is Ph.D. in Computer Science/Enggand completed M.E. in year 1989 and graduatedin 1984-85.He has exhibited meritorious performance in hisstudentship. He has more than 27 years ofexperience in teaching and research. Throughouthis teaching career he has taught more than 50subjects at various UG and PG level courses. Hehas done his PhD in area of robotics, AI andcomputer architecture. He has completed oneUGC research project on "MRP”. He haspublished more than 150 papers in International& National level Journals and also InternationalConferences and National level Conferences.