GraphPwdAuth

8/10/2019 GraphPwdAuth

1/64

Graphical Password Authentication Using Click Cued Points

Created by SUBHA A Page 1

Mini Project Report on

R PHICAL PASSWORD AUTHENTICATION

USING

CLICK CUED POINTS

Submitted for partial fulfillment of the degree

Of

Master of Computer pplications

To

Department of Computer Applications

CUSAT

By

SUBH

DEPARTMENT OF COMPUTER APPLICATIONS

COCHIN UNIVERSITY OF SCIENCE AND

TECHNOLOGY

Kochi- 682022, Kerala.


2/64



CERTIFIC TE

This is to certify that the project entitled

GRAPHICAL PASSWORD AUTHENTICATION USING CLICK CUED

POINTS submitted to Cochin University of Science and

Technologyin partial fulfillment of the requirements for the award of

the degree of Master of Computer Applications is the bonfide

record of the project work done bySUBHA Aunder our supervision

and guidance during the academic year 2009-2010.

Examiner

Head of the Department

DCA

CUSAT


3/64



ACKNOWLEDGEMENT

With great pleasure I hereby acknowledge the help given

to me by various individuals throughout the project. This Project itself

is an acknowledgement to the inspiration, drive and technical

assistance contributed by many individuals. This project would have

never seen the light of this day without the help and guidance I have

received.

I would also like to express my profound thanks to Dr. K.V.

Pramod sir(Head of the Department), Sreekumar sir, Kannan sir,

Malathi madam, Arun sir, faculties, Department of Computer

Applications, Cochin University of Science And Technology, Cochin,

Kerala for providing me with excellent infrastructure and awesomeenvironment that laid potentially strong foundation for my

professional life. I owe an incalculable debt to all staffs of the

Department of Computer Applications for their direct and indirect

help.

I extend my heartfelt thanks to my parents, friends and well

wishers for their support and timely help. Last but not the least; I

thank the God Almighty for guiding me in every step of the way.

SUBHA A


4/64



SYNOPSIS

Title : Graphical Password Authentication

Using Click Cued Points

Name of Student : Subha A

Venue of the Project : DCA, CUSAT

Duration : 4months

Platform : Windows 2007

Application Software

Front End : JAVA

Back End : MYSQL


5/64



CONTENTS

TITLE PAGE NO.

ABSTRACT

1. INTRODUCTION

1.1 OBJECTIVE

2. System Study

2.1 Existing System

2.2

Drawbacks in the Existing System

3.System Analysis

3.1

Proposed System

3.2 Scope

3.3 Need for the Proposed System

3.4

Feasibility Study

3.4.1 Technical Feasibility

3.4.2 Financial Feasibility

3.4.3 Operational Feasibility

3.5

Overview

4.System Requirement Specification

4.1 Purpose, Scope And Overview

4.2 Functional Requirements

4.3 User Interfaces Requirements


6/64



4.4 Performance Requirements

4.4

Common constraints

4.5

Other Non Functional Requirements

5. System Environment

5.1 Hardware

5.2 Software

5.2.1 Operating System Info

5.2.2

About The Language

5.2.3 About The Tool

6. System Design Specification

6.1 Architectural Design

6.1.1 Data Flow Diagrams

6.1.2 Database Tables

6.1.3 User Case Diagrams

7. SoftwareTesting7.1 Unit Testing

7.2 Integration Testing

7.3 System Testing

8. System Implementation

9. CONCLUSION

1o. Screen Shots

11. Bibliography


7/64



ABSTRACT

Click cued points is a click-based graphical

password scheme, a cued-recall graphical password technique. Users

Click on one point per image for a sequence of images. The next image

is based on the previous click-point. Performance was very good in

terms of speed, accuracy, and number of errors. Users preferred CCP to

PassPoint, saying that selecting and remembering only one point per

image was easier, and that seeing each image triggered their memory

of where the corresponding point was located. CCP also provides

greater security than PassPoints because the number of images

increases the workload for attackers.

Key words:Graphical Passwords, Computer Security, Authentication,

Usable Security, User Study


8/64



INTRODUCTION

Various graphical password schemes have

been proposed as alternatives to text-based passwords. Research and

experience have shown that text-based passwords are fraught with

both usability and security problems that make them less than

desirable solutions. Psychology studies have revealed that the human

brain is better at recognizing and recalling images than text. Graphicalpasswords are intended to capitalize on this human characteristic in

hopes that by reducing the memory burden on users, coupled with a

larger full password space offered by images, more secure passwords

can be produced and users will not resort to unsafe practices in order

to cope.

In this project, we propose a new click-based graphical

password scheme called Cued Click Points (CCP). It can be viewed as a

combination of PassPoints , Passfaces , and Story . A password consists

of one click-point per image for a sequence of images. The next image

displayed is based on the previous click-point so users receive

immediate implicit feedback as to whether they are on the correct path

when logging in. CCP offers both improved usability and security.

Users could quickly create and re-enter their

passwords. Another feature of ccp is the immediate implicit feedback

telling the correct user whether their latest click-point was correctly

entered.


9/64



OBJECTIVE

Cued Click Points (CCP) is a proposed alternative to

PassPoints. In CCP, users click one point on each of images rather than

on different points on one image. It offers cued-recall and introducesvisual cues that instantly alert valid users if they have made a mistake

when entering their latest click-point at which point they can cancel

their attempt and retry from the beginning. It also makes attacks based

on hotspot analysis more challenging.

As shown in Figure 1, each click results in showing

a next-image, in effect leading users down a path as they click ontheir sequence of points. A wrong click leads down an incorrect path,

with an explicit indication of authentication failure only after the final

click. Users can choose their images only to the extent that their click-

point dictates the next image. If they dislike the resulting images, they

could create a new password involving different click-points to get

different images.


10/64



Fig. 1. CCP passwords can be regarded as a choice-dependent path

of images.

During password creation, the first image can be selected

by the user from a given list .We will find out the co-ordinates of the

click-point and will find out the tolerance square number. For each

click-point in a subsequent login attempt, this number is retrieved

and used to determine whether the click-point falls within tolerance

of the original point.

Our example system

had images of size 200x200 pixels and cells of 4x4 pixels. In this project,

we have different layers of images each containing 16 squares. We use


11/64



a random function to maps each cell to a next-image. Each of the 16

next-images would have 16 tolerance squares and thus require 16 next-

images of their own. The number of images would quickly become

quite large increasing exponentially. When computing the next-image

index, if any is a repeat, we can select a distinct image using undo

button.

A users initial image is selected by the

system based on user characteristic such as username. The sequence is

regenerated on-the-fly from the function each time a user enters the

password. If a user enters an incorrect click-point, then the sequence of

images from that point onwards will be incorrect and thus the loginattempt will fail. For an attacker who does not know the correct

sequence of images, this cue will not be helpful. We expect that

hotspots will appear as in PassPoints, but since the number of images is

significantly increased, analysis will require more effort which increases

proportionally with the configurable number of images in the system.

For example, if attackers identify five likely

click-points on the first image, they then need to analyze the five

corresponding second images (once they determine both the indices ofthese images and get access to the images themselves), and so on,

growing exponentially.

A major usability improvement

over PassPoints is the fact that legitimate users get immediate feedback

about an error when trying to log in. When they see an incorrect image,

they know that the latest click-point was incorrect and can immediately

cancel this attempt and try again from the beginning. The visual cue

does not explicitly reveal right or wrong but is evident usingknowledge only the legitimate user should possess. As with text

passwords, PassPoints can only safely provide feedback at the end and

cannot reveal the cause of error.


12/64



Providing explicit feedback in PassPoints before the

final click-point could allow PassPoints attackers to mount an online

attack to prune potential password subspaces, whereas CCPs visual

cues should not help attackers in this way. Another usability

improvement is that being cued to recall one point on each of five

images appears easier than remembering an ordered sequence of five

points on one image.


13/64



SYSTEM STUDY


14/64



System Study

Click cued points is the best graphical passwordauthentication technique.It offers cued-recall and introduces visual

cues that instantly alert valid users if they have made a mistake when

entering their latest click-point at which point they can cancel their

attempt and retry from the beginning. It also makes attacks

based on hotspot analysis more challenging.

2.1 Existing System:

The existing system is PassPoints . It proposed

Passwords which could be composed of several points anywhere on an

image. They also proposed a scheme with three overlapping grids,

allowing for login attempts that were approximately correct to be

accepted.

2.2 Drawbacks in the existing systems:

It seems obvious that some areas of an image are

more attractive to users as click-points. If this phenomenon is too

strong, the likelihood that attackers can guess a password significantly

increases. If attackers learn which images are being used, they can

select a set of likely hotspots through image processing tools or by

observing a small set of users on the target image and then building an

attack dictionary based on those points.


15/64



SYSTEM ANALYSIS


16/64



System Analysis

System analysis or study is an

important phase of any system development process. The system is

studied to the minute detail and analyzed. The system analyst

dwelled deep into the working of the present system. The system

was viewed as a whole and the input of the system are identified.

During analysis phase for each problem identified many alternative

solutions were evaluated and selected the most feasible one. A

feasibility analysis was performed to evaluate possible solutions torecommend the most feasible one.

3.1 Purpose

Click cued points is a click-based graphical password

scheme, a cued-recall graphical password technique. Various graphical

password schemes have been proposed as alternatives to text-based

passwords .It can be used as password for folder lock, web-driven

applications, desktop lock etc.

3.2 Scope

In future it has great scope. It can be used everywhere

instead of text-based password .We can increase the security of

this system by increasing the number of levels used, the number

of tolerance squares used.


17/64



3.3 FEASIBILITY STUDY

After the problem is clearly understood and solutions

proposed, the next step is to conduct the feasibility study. Feasibility

study is defined as evaluation or analysis of the potential impact of a

proposed project or program. The objective is to determine whether

the proposed system is feasible. There are three aspects of feasibility

study to which the proposed system is subjected as discussed below.

3.3.1. Technical Feasibility

Technical feasibility assesses whether the current technical

resources are sufficient for the new system. If they are not available,

can they be upgraded to provide the level of technology necessary for

the new system? It checks whether the proposed system can be

implemented in the present system without supporting the existing

hardware.

3.3.2. Economic Feasibility

Economic feasibility determines whether the time and

money are available to develop the system. It also includes the

purchase of new equipment, hardware, and software. A software

product must be cost effective in the development, on maintenance

and in the use. Since the hardware and resources are already availablewith the organization and the organization can afford to allocate the

required resources.


18/64



3.3.3. Operational Feasibility

Operational feasibility determines if the human resources

are available to operate the system once it has been installed. The

resources that are required to implement or install are already available

with the organization. The persons of the organization need no

exposure to computer but have to be trained to use this particular

software. A few of them will be trained. Further, training is very less.

The management will also be convinced that the project is optimallyfeasible.

3.4 OVERVIEW

The software should be developed according to the system.

The user interface module should be developed in such a way that the

user can easily operate the system. The most important responsibility of

developer is maintenance. He is responsible to give support to thecustomer when they are getting problem related to the software.

It has following additional features

Written in Java, so it runs on Mac OS, OS/2, Unix, VMS and

windows

Database is Mysql.

Highly user friendly and customizable

High security


19/64



SYSTEM REQUIREMENT

SPECIFICATION


20/64



4.1Purpose, Scope and Overview

Click cued points is a click-based graphical password

scheme, a cued-recall graphical password technique. Various graphical

password schemes have been proposed as alternatives to text-based

passwords .It can be used as password for folder lock , web-driven

applications , desktop lock etc.

In future it has great scope. It can be

used everywhere instead of text-based password .We can increase

the security of this system by increasing the number of levels

used, the number of tolerance squares used.

The software should be developed

according to the system. The user interface module should be developed

in such a way that the user can easily operate the system. The most

important responsibility of developer is maintenance. He is responsible to

give support to the customer when they are getting problem related to

the software.

It has following additional features

Written in Java, so it runs on Mac OS, OS/2, Unix, VMS and

windows Database is Mysql.

Highly user friendly and customizable

Different look and feel


21/64



4.2 FUNCTIONAL REQUIREMENTS

The various functional requirements of this project are

the following:

Selection of first image during registration.

Database module for maintaining the framework

Pre-Processing modules for different areas.

Customizable3

4.3 USER INTERFACE REQUIREMENT

User Education and Training: -

To achieve the objectives and benefits expected from

the computer based system, it is essential for people who will be

involved to be confident of their role in the new system. This involves

them in understanding the overall system. As the system becomes

more complex the need for education and training is more and more

important. Education of the user should really have taken place much

earlier in the project when they were being involved in the

investigation and design work. Once the staff has been trained thesystem can be tested.

System testing is an expensive but critical process that can

make as much as fifty percentage of the budget of the program

development. The common view of testing held by the user is


22/64



that it is performed to prove that there are no errors in the

program. Therefore, the most practical approach is with

understanding that testing is the process of executing programs

with the intention of finding errors.

4.4. Performance Requirements

Considering the interactive nature of the task the system must

have the following characters.

Minimum response time

Efficient CPU utilization

Less Memory space

High reliability

High flexibility

User friendly

4.5. General Constraints

As the clients is not used to an automated environment

they didnt impose any stringent constraints over the system. But they

put they forth some important comment that is desirable for the

proposed system.


23/64



4.6. Other Non Functional Requirements

Nonfunctional requirements define system properties and

constraints it arises through user needs, because of budget constraints

or organizational policies, or due to the external factors such as safety

regulations, privacy registration and so on. Nonfunctional requirements

are:

Security

Reliability

Maintainability

Portability

Extensibility

Reusability

Application Affinity/Compatibility

Resource Utilization


24/64



SYSTEM ENVIRONMENT


25/64



5. SYSTEM ENVIRONMENT

The following hardware and software are required for the

development and deployment of the system.

5.1 Hardware

Processor : Intel Pentium IV

Main Memory : 512 MB RAM

Hard Disk : 80 GB

CD Drive : 52X speed

Mouse : Standard two button or higher

Keyboard : Standard 101-102 key keyboard

Display : 15 Monitor

Other devices : Modem

5.2 Software

Operating System : Windows 2000/XP

Language Used : JAVA 2

Tools : NETBEANS IDE, MYSQL SERVER


26/64



5.2.1 Operating System Info

WINDOWS XP OPERATING SYSTEM

The operating system used was Microsoft Windows XP. The

Windows XP provides a suitable environment for the smooth

functioning of the project.

Windows XP makes personal computing easy. Power,

performance, a bright new look and plenty of help when you need it.

Windows XP has it all, along with unmatched dependability and

security.

Windows XP professional marks a new standard in business

software combining enterprise-class performance and reliability with

unprecedented ease of use. Built on the rock-solid foundation of

Microsofts proven Windows 2000 technology, Windows XP

Professional contains all the features of Microsoft Windows XP Home

Edition, and includes new and enhanced features designed especially

for business and advanced use.

The all-new Help and Support Center in Windows XP is our

one-stop shop for:

Clear how-to instructions

Engaging start-to-finish articles

Troubleshooting advice.

Special wizards give you step-by-step instructions to smooth

the way when connecting new devices and running new software.


27/64



6.2.2 ABOUT THE LANGUAGE

JAVA:

Java is the first programming language designed from ground up

with network programming in mind. The core API for Java includes

classes and interfaces that provide uniform access to a diverse set of

network protocols. As the Internet and network programming has

evolved, java has maintained its cadence. New APIs and toolkit have

expanded the available options for the java network programmer.

Java is both a programming language and an environment for

executing programs written in java language. Unlike traditional

compilers, which convert source code into machine level

instructions, the java compiler translates java source code into

instructions that are interpreted by the runtime Java Virtual

Machine. So unlike language like C and C++, Java is an interpreted

language

Java Environment:

The java environment is composed of several separate entities.

Java Language:

This is a language that follows object-oriented concept used to

create executable contents such as applications and applets. But

Java is not pure object oriented language, it does not support

multiple inheritance & Operator overloading.

Java Runtime Environment:


28/64



The runtime environment used to execute the code. It is made up

of the java language and java virtual machine. It is portable and it is

platform neutral.

Java tools:

It is used by the developers to create java code. They include java

compiler, java interpreter, classes, libraries and applet viewer.

Java Application:

Applications are programs written in java to carry out certaintasks on stand alone local computer. Execution of a stand-alone

program involves two steps.

1.Compiling the source code in to byte code using javac.

2.Executing byte code program using java interpreter

Java Applets:

Java applets are pieces of java code that are embedded in HTML

document using the applet tag. When the browser encounters such

code it automatically download it and execute it.

Java Virtual Machine:

It is a specification to which java codes must be written. All java

code is to be compiled in this nonexistent virtual machine. Writing

the code that compiles in JVM ensures platform independence.


29/64



Advantages of Java

Java is Robust:

Robust programs are those reliable programs that are unlikely to

fail even under the most unlikely conditions. Many languages like C

do not have this feature because they are relaxed in terms of type

checking in terms of programming errors. Java is strict about type

declaration and does not allow automatic typecasting. Also it uses a

pointer model that does not overwrite memory or corrupt data.

Java is secure:

Java allows creation of virus-free, tamper free systems to be

created. It ensures security in the following ways.

Pointers and memory allocations are removed during compile

time.

The interpreter verifies all byte codes before executing. All java applets are treated as entrusted code executing in trusted

environment.

Because Java was written to support distributed applications over

the computer networks, it can be used with a variety of CPU and

operating system architectures. To achieve this goal a compiler was

created that produces architecture-neutral object files from Java

code.


30/64



Java is Portable:

Java byte code will be executed on any computer that has Java

Runtime Environment. The portability is achieved in the followingways.

Java primitive data types and the behavior of arithmetic

operations on these data types are explicitly specified.

The java libraries include portable interfaces for each platform on

which the run time environment is available.

The entire java system itself is portable.

Java is small:

Because java was designed to run on small computers, java

system is relatively small for a programming language. It can run

efficiently on PCs with 4MB RAM or more. The java interpreter takes

up only a few hundred-kilo bytes.

Java is garbage collected:

Java programs dont have to worry about memory management.

The java system has a built in program called the garbage collector,

which scans the memory and automatically frees the memory

chunks that are not in use.

Java is dynamic:

Fundamentally distributed computer environments must be

dynamic. Java is capable of dynamic linking new libraries, methods


31/64



and instance variables as it goes without breaking and without

concern.

Java Swing:

The swing classes eliminate Javas biggest weakness: Its relatively

primitive user interface toolkit. Swing provides many new

components and containers that allow us to build sophisticated user

interfaces, far beyond what was possible with AWT. The old

components have been greatly improved, and there are many new

components, like trees, tables, and even text editors. It also adds

several completely new features to Javas user interface capabilities:

drag-and-drop, undo, and the ability to develop our own Look and

Feel, or the ability to choose between several standard looks. The

swing components are all lightweight, and therefore provide more

uniform behavior across platforms, making it easier to test our

software.

Reason for Using Java:

It is required to explore systems running different operating

system. In order to do so, there should be some way to connect to

bridge those operating systems so that all the differences between

them are solved and the functionalities are achieved. Also the

functions performed in one system should be able to transfer to

another and the result should be able to reflect there properly. Javaserves as a bridge between these Operating systems. Also java is

widely considered to be the best in developing network applications.

The communication happens between Java Virtual Machines

running on the systems. When the client wants to perform the


32/64



functionalities in another system and see the result, a method in the

remote system is invoked from the client. The corresponding

method in the remote system performs the job and sends the results

to the client that is reflected in its interface.

5.2.3 ABOUT THE TOOL

NETBEANS IDE

The NetBeans Platform allows applications to be developed from

a set of modular software components called modules. A module is aJava archive file that contains Java classes written to interact with the

NetBeans Open APIs and a manifest file that identifies it as a module.

MYSQL SERVER

MYSQL SERVER is a form of mini-server that can run on almost

any Windows Operating System. MYSQL is an Open Source, SQL

Relational Database Management System (RDBMS) that is free for

many uses. Early in its history, MYSQL occasionally faced opposition

due to its lack of support for some core SQL constructs such as sub-

selects and foreign keys. Ultimately, however, MYSQL found a broad,

enthusiastic user base for its liberal licensing terms, performance, and

ease of use. Its acceptance was aided in part by the wide variety of

other technologies such as PHP, Java, Perl, and Python and has

encouraged its use through stable, well-documented modules and

extensions.


33/64



SYSTEM DESIGN SPECIFICATION


34/64



6.1 ARCHITECTURAL DESIGN

6.1.1 DATA FLOW DIAGRAMS:

Data flow diagrams (DFD) was first developed by LARRY

CONSTANTINE as way representing system requirements in a

graphical form; this lead to modular design. A DFD describes what

data flow (logical) rather than how they are processed, so it does

not depend on hardware, software, data structure or file

organization. It is also known as bubble chart.

A Data Flow Diagrams is a structured analysis and design tool that

can be used for flowcharting in place of, or in association with,

information-oriented and process-oriented systems flowcharts. A

DFD is a network that describes the flow of data and the processes

that change, or transform, data throughout a system. This network

is constructed by using a set of symbols that do not imply a

physical implementation. It has the purpose of clarifying systemrequirements and identifying major transformations that will

become programs in system design. So it is the starting point of

the design phase that functionality decomposes the requirement

specifications down to the lowest level of detail.

The symbols used to prepare DFD do not imply a physical

implementation, a DFD can be considered to an abstract of thelogic of an information-oriented or a process-oriented system

flow-chart. For these reasons DFDs are often referred to as logical

data flow diagrams. The four basic symbols used to construct data

flow diagrams are shown below:


35/64



A rectangle represents a data source or

destination.

A directed line represents the flow of data that

is data stream.

An enclosed figure, usually a circle or an oval

bubble, represent a process that transforms

data streams.

An open-ended rectangle represents data

storage.

These are symbols that represent data flows, data sources, data

transformations and data storage. The points at which data aretransformed are represented by enclosed figures, usually circles,

which are called nodes. The principle processes that take place at

nodes are:

1.

combining data streams

2.

splitting data streams

3.

modifying data streams.


36/64



DFD LEVEL-0

INFORMATION REQUEST

DFD LEVEL-1

PICTURE

LOG

USERCCP

GRAPHICAL

PASSWORD

AUTHENTICATION

USER

REGISTRATION

PROCESS

LOGIN PROCESS

Retrieve

pictureRegistration

information

Password

information

Request

information

Retrieve

information

Login result

Login

information


37/64


38/64



Table Design

Table 1: picture

Serial

No.

Column

name

Data Type Size Key Default

1 Name VARCHAR 350 Primary

Table 2: log

Serial

No

Column

Name

Data Type Size Key Default

1 User VARCHAR 1o Primary

2 Level INT 200

3 position VARCHAR 200

4 Name VARCHAR 200

5 First VARCHAR 10 foreign


39/64



Class Diagrams


40/64



SOFTWARE TESTING


41/64



7. SOFTWARE TESTING

Software testing is the process of checkingwhether the developed system is working according to the original

objectives and requirements. Software testing process commences

once the program is created and the documentation and related data

structures are designed. Software testing is essential for correcting

errors. Otherwise the project is not said to be complete.

The system should be tested experimentally

with test data so as to ensure that the system works according to therequired specification. When the system is found working, test it with

actual data and check performance. Software testing is a critical

element of software quality assurance and represents the ultimate

review of specification, design and coding.

Need for Testing

Testing was essential for the following reasons:-

Existence of program defects of inadequacies

The software behavior as intended by its designer

Conformance with requirement specification/user needs.

Assess the operational reliability of the system.

Reflect the frequency of actual user inputs.

Find the fault, which caused the output anomaly.Checks for detect flaws and deficiencies in the requirements.

Check whether the software is operationally useful.

Exercise the program using data like the real data processed by

the program.


42/64



Testing Strategies

The philosophy behind testing is to find errors. Test cases are

devised with this purpose in mind. Test case is a set of data that the

system will process as normal input.

Characteristics of a Good Test:

Tests are likely to catch bugs

No redundancy

Not too simple or too complex

7.1 Unit Testing:

The primary goal of unit testing is to take the

smallest piece of testable software in the application, isolate

it from the remainder of the code, and determine whether it

behaves exactly as you expect. Each unit is tested separately

before integrating them into modules to test the interfaces

between modules. Unit testing has proven its value in that a large

percentage of defects are identified during its use.

Unit testing is a software verification and validation

method where the programmer gains confidence that individual

units of source code are fit for use. A unit is the smallest testable part

of an application. In procedural programming a unit may be an

individual program, function, procedure, etc., while in object-oriented


43/64



programming, the smallest unit is a class, which may belong to a

base/super class, abstract class or derived/child class.

Ideally, each test case is independent from the others:

substitutes like method stubs, mock objects, fakes and test harnesses

can be used to assist testing a module in isolation. Unit tests are

typically written and run by software developers to ensure that code

meets its design and behaves as intended. Its implementation can vary

from being very manual (pencil and paper) to being formalized as part

of build automation.

7.2 Integration Testing

Integration testing, also known as integration and testing

(I&T), is a software development process which program units are

combined and tested as groups in multiple ways. In this context, a unit

is defined as the smallest testable part of an application. Integration

testing can expose problems with the interfaces among program

components before trouble occurs in real-world program execution.

Integration testing is a component of Extreme Programming (XP), a

pragmatic method of software development that takes a meticulous

approach to building a product by means of continual testing and

revision.


44/64



There are two major ways of carrying out an

integration test, called the bottom-up method and the top-down

method. Bottom-up integration testing begins with unit testing,

followed by tests of progressively higher-level combinations of

units called modules or builds. In top-down integration testing,

the highest-level modules are tested first and progressively

lower-level modules are tested after that. In a comprehensive

software development environment, bottom-up testing is usually

done first, followed by top-down testing.

7.3 Validation testing

At the validation level, testing focuses

on user visible actions and user recognizable output from the

system. Validations testing is said to be successful when software

functions in a manner that can be reasonably expected by the

customer.

Two types of validation testing:

Alpha testing is simulated or actual operational

testing by potential users/customers or an

independent test team at the developers' site.

Alpha testing is often employed for off-the-shelf


45/64



software as a form of internal acceptance testing,

before the software goes to beta testing.

Beta testing comes after alpha testing.

Versions of the software, known as beta version,

are released to a limited audience outside of the

programming team. The software is released to

groups of people so that further testing can

ensure the product has few faults or bugs.Sometimes, beta versions are made available to the

open public to increase the feedback field to a

maximal number of future users.


46/64



CONCLUSION


47/64



Conclusion

The proposed Cued Click Points scheme

shows promise as a usable and memorable authentication mechanism.

By taking advantage of users ability to recognize images and the

memory trigger associated with seeing a new image, CCP has

advantages over PassPoints in terms of usability. Being cued as each

images shown and having to remember only one click-point per imageappears easier than having to remember an ordered series of clicks on

one image.

CCP offers a more secure alternative

to PassPoints. CCP increases the workload for attackers by forcing them

to first acquire image sets for each user, and then conduct hotspot

analysis on each of these images.

In future development we can also

add challenge response interaction. In challenge response interactions,

server will present a challenge to the client and the client need to

give response according to the condition given. If the response is

correct then access is granted. Also we can limit the number a user can

enter the wrong password .


48/64



SCREEN SHOTS


49/64



Register and Login page


50/64



When register button is clicked


51/64



Availability of username is checked


52/64




53/64



When a point is clicked


54/64



When second picture is clicked


55/64



Submit button is clicked


56/64



Before entering the login page


57/64



Username is given after clicking login button


58/64



Afterclicking ok button


59/64



After first correct click


60/64



After second click


61/64



When sign in button is clicked


62/64



The password matches and the page is shown.


63/64



BIBLIOGRAPHY


64/64


BIBLIOGRAPHY

The books that I have referenced are:

Core Java 2 Volume I and II, by Cay S. Horstmann and

Gary Cornell

JavaTM How to Program by H.M Deitel

Beginning JavaScript 2ndEdition, by Wilton

Websitesreferred:-

http://www.java.sun.com

and many more websites to refer the database connections.

GraphPwdAuth

Documents

Transcript of GraphPwdAuth