Download the complete Computer science topic and material (chapter 1-5) titled A SECURED GRAPHICAL AUTHENTICATION FOR WEB BASED APPLICATIONS here on PROJECTS.ng. See below for the abstract, table of contents, list of figures, list of tables, list of appendices, list of abbreviations and chapter one. Click the DOWNLOAD NOW button to get the complete project work instantly.
The Project File Details
Authentication is unavoidable in any environment where sensitive information is utilized. In accessing resources via the Internet, the most common means of identification required for authentication is the user’s identity and a secret passphrase known as a password. Studies have shown that the birth of graphical password which uses images/pictures/objects was out of the trivial password generated by users because of the inability to remember complex passwords when using text-based password. Graphical password is stronger and increases memorability. However, graphical-based password is faced with several challenges including, a high storage capacity for all the images/pictures/objects, no assistance for users in browsing through an array of images/pictures/objects and vulnerability to shoulder surfing attacks.
The graphical authentication scheme was evaluated using Magic Triangle Evaluation model. The results showed that the password space and entropy were2.61*104and 14.39 respectively. The scheme showed a level of resistance of about 85% towards shoulder surfing attacks.
The study concluded that the graphical authentication scheme has a high level of resistance against shoulder surfing attacks but a low password space and entropy making it vulnerable to brute force attacks. It is therefore recommended to be used in an environment where shoulder surfing is inevitable and additional security mechanism should be added to reduce its vulnerability to brute force attacks. It can also be used as a Completely Automated Turing Test to tell Computers and Humans Apart (CAPTCHA).
Keywords: Graphical authentication, Shoulder surfing attack, Brute force attack, Web-based
application, Password space and Entropy.
Title Page i
CHAPTER ONE: INTRODUCTION
CHAPTER TWO: REVIEW OF LITERATURE
CHAPTER THREE: METHODOLOGY
CHAPTER FOUR: DATA ANALYSIS, RESULTS AND
DISCUSSION OF FINDINGS
4.4.2 Password Entropy 52
CHAPTER FIVE: SUMMARY, CONCLUSION AND
3.1: Coloured columns and their associative value 27
2.2: Passpoint 12
2.14: Novel Shoulder Surfing Resistant Authentication Schemes using
Text-Graphical Passwords 22
CSS Cascading Style Sheet
DAS Draw A Secret
HMAC Key-hash Message Authentication Code
HMAC-MD 5 Hash Message Authentication Code – Message Digest 5
HMAC-SHA 1 Hash Message Authentication Code – Secure Hash
HTML Hyper Text Mark-up Language
MAC Message Authentication Code
MD5 Message Digest 5
NE North East
NW North West
OTP One Time Password
PHP PHP Hypertext Pre-processor
POI Point of Interest
QR Quick Response
ROA Region of Answer
SE South East
SHA 1 Secure Hash Algorithm 1
SHA 2 Secure Hash Algorithm 2
SHA 256 Secure Hash Algorithm 256
SMS Short Message Service
SSL Secure Socket Layer
SW South West
TLS Transport Layer Security
URI Uniform Resource Identifier
WAMP Windows Apache MySQL PHP
WWW World Wide Web
Networking in computer science is simply the connection of multiple electronic devices known as nodes for the purpose of exchanging information and this concept was groomed out of the need for man to connect and share information (which may be in the form of voice, video or data). The largest network in the world is the Internet and is described as a collection of vast mixture of networks in terms of topologies, architecture and communication technologies which however, utilizes a common set of protocols to offer certain services. In short, it is termed the network of networks (Ciubotaru & Muntean, 2013; Forcht & Fore, 1995). The Internet has aided in many major advancement and development today in our society. There has been an alarming rate of internet users from 400 million in 2000 to more than 3 billion internet users in 2015 (International Telecommunication Union, 2015).
Many organizations utilize the World Wide Web (www), one of the major and widely used service of the Internet to share information. The World Wide Web (www) is an information space in which relevant items, known as resources (e.g. image, audio, video or any other file), are identified by global identifiers called Uniform Resource Identifiers (URI) (Berners-Lee, et al., 2004); in 2001 Google, a multinational technology company announced it provided customers direct ac1cess to 3 billion web documents on the Internet (Googlepress, 2001).
This technical wizardry of communication around the world has begotten the proliferation of computers and other ubiquitous devices since the 1960s and with it, a demand for organization to protect their digital information from unauthorized users and provide services to authorized users. The concern to protect information is a product of the Internet being a fully decentralized network and depends on voluntary cooperation between the thousands of network administrators throughout the world to provide individuals with access to this network of tremendously varied resources. Thus, the Internet is a public network owned by no one and sensitive information should be made exclusive to only the rightful recipient (Forcht & Fore, 1995; Menezes, Van Oorschot & Vanstone, 1997).
Furthermore, by the very nature of the Internet, access is very easy, attracting individuals of different kind and with different aim. While some individuals are aimed at sharing information others tend to conduct malicious activities. As a result, information security is of great importance to any service provider.Information security can be described a sactions that implement services which assure adequate protection for information systems used by or hosted within an organization.From the description, services are technical or managerial methods used with respect to the information being protected.Information systems are computer systems or communication systems that handle the information being protected, and protection implies the conjunction of integrity, confidentiality, authenticity, and availability (Shimeall & Spring, 2014).
Confidentiality, availability, data integrity and authentication are few of the major security features provided by information security in ensuring the reliability of information. The importance of each of these varies depending on the type of organization (e.g. confidentiality will be of most importance to the military).Authentication is related to identification and it is the most fundamental procedure to ensure security and provide access to sensitive web resources to users over the Internet. The most utilized and popularauthentication method is the Text-based password authentication which requires a valid user I.D. (Identity) and password in other to prevent unauthorized access (Liao & Lee, 2010; Menezeset al, 1997). This mechanism is easy and inexpensive to implement; however, this static password comes with major security drawbacks. For example, users tend to implement easy to guess password, use the same password in multiple accounts, write the passwords or store them on their machines making it susceptible to numerous attacks including dictionary attack, brute force attack, phishing attack, shoulder surfing etc.(Prakash, Infant & Shobana, 2010).
This trivial password mania by users has become a bedrock for computer hackers/crackers and therefore, the focus of this work is to create a platform to enable users to generate a stronger password that is easy to remember and implement but difficult for unauthorized personnel.
Over the years, other authentication methods have been developed which involves the use of secondary object (token based authentication) or biometric system (biometric based authentication) (Abdulkader, Ayman & Mostafa, 2015). Though more secured, these methods require more infrastructure/equipment.
Since the mid-1990s, several graphical based password schemes have been developed aimed at strengthening security and enhancing the password memorability. (Alsaiari, Papadaki, Dowland & Furnell, 2016). Graphical password is based on the use of images/pictures rather than text. The idea of graphical password hasstirred several experiments, theories and assumptions showing that presenting items as pictures is easier to remember than presenting items as words. Thus, the pictures superiority effect appears to significantly increase memorability. (Paivio, 1991; Standing, Conezio & Haber, 1970). Graphical based password provides some benefits such as enlarging the passwords space (in some graphical authentication), reducing choice oftrivial passwords, and making it difficult to share and write passwords (Golofit, 2007). However, this method is still vulnerable to various types of attacks especially shoulder-surfing (Biddle, Chiasson & Oorschot, 2011). In addition, in some graphical schemes, users have to browse through the entire set of images/pictures/objects, pictures have larger size than text, and therefore the server is expected to allocate a reasonable amount of space in storing these pictures. (Wiedenbeck, Waters, Birget, Brodskiy & Memon, 2005).
Therefore, this research proposes a graphical authentication that increases memorability, resistant to shoulder surfing, aid in searching and requires no upload of pictures/images during registration and authentication.
The main objective of this study is to develop a secure graphical authentication for web based applications. The specific objectives are to:
Storing of user’s credentials, handling of the One-Time password and performing authentication was done by the application suite, WAMP (Windows Apache MySQL PHP). The scheme was evaluatedusing magic triangle evaluation.
Thisresearch provides a graphical environment to assist users in implementing a robust password and increase memorability, optimize storage utilization capacity of the server makes it impractical to share password, therefore immune to phishing attacks and contributes to the existing solutions which researchers have developed in mitigating attacks such as dictionary, brute force, and most especially shoulder surfing attack.
The study focused on the development of an authentication scheme for identification and authorization of users in accessing web systems/applications, particularly, on the interface that interacts with the user in generatingunique passwords. In addition, given the size of the image (in terms of height and width) utilized for this research, a device of very large screen size of about 650 by 450 pixels is used in order to provide the full description of the work. The research will cover the aspect of user registration and authentication