GraphPwdAuth
Transcript of GraphPwdAuth
-
8/10/2019 GraphPwdAuth
1/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 1
Mini Project Report on
R PHICAL PASSWORD AUTHENTICATION
USING
CLICK CUED POINTS
Submitted for partial fulfillment of the degree
Of
Master of Computer pplications
To
Department of Computer Applications
CUSAT
By
SUBH
DEPARTMENT OF COMPUTER APPLICATIONS
COCHIN UNIVERSITY OF SCIENCE AND
TECHNOLOGY
Kochi- 682022, Kerala.
-
8/10/2019 GraphPwdAuth
2/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 2
CERTIFIC TE
This is to certify that the project entitled
GRAPHICAL PASSWORD AUTHENTICATION USING CLICK CUED
POINTS submitted to Cochin University of Science and
Technologyin partial fulfillment of the requirements for the award of
the degree of Master of Computer Applications is the bonfide
record of the project work done bySUBHA Aunder our supervision
and guidance during the academic year 2009-2010.
Examiner
Head of the Department
DCA
CUSAT
-
8/10/2019 GraphPwdAuth
3/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 3
ACKNOWLEDGEMENT
With great pleasure I hereby acknowledge the help given
to me by various individuals throughout the project. This Project itself
is an acknowledgement to the inspiration, drive and technical
assistance contributed by many individuals. This project would have
never seen the light of this day without the help and guidance I have
received.
I would also like to express my profound thanks to Dr. K.V.
Pramod sir(Head of the Department), Sreekumar sir, Kannan sir,
Malathi madam, Arun sir, faculties, Department of Computer
Applications, Cochin University of Science And Technology, Cochin,
Kerala for providing me with excellent infrastructure and awesomeenvironment that laid potentially strong foundation for my
professional life. I owe an incalculable debt to all staffs of the
Department of Computer Applications for their direct and indirect
help.
I extend my heartfelt thanks to my parents, friends and well
wishers for their support and timely help. Last but not the least; I
thank the God Almighty for guiding me in every step of the way.
SUBHA A
-
8/10/2019 GraphPwdAuth
4/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 4
SYNOPSIS
Title : Graphical Password Authentication
Using Click Cued Points
Name of Student : Subha A
Venue of the Project : DCA, CUSAT
Duration : 4months
Platform : Windows 2007
Application Software
Front End : JAVA
Back End : MYSQL
-
8/10/2019 GraphPwdAuth
5/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 5
CONTENTS
TITLE PAGE NO.
ABSTRACT
1. INTRODUCTION
1.1 OBJECTIVE
2. System Study
2.1 Existing System
2.2
Drawbacks in the Existing System
3.System Analysis
3.1
Proposed System
3.2 Scope
3.3 Need for the Proposed System
3.4
Feasibility Study
3.4.1 Technical Feasibility
3.4.2 Financial Feasibility
3.4.3 Operational Feasibility
3.5
Overview
4.System Requirement Specification
4.1 Purpose, Scope And Overview
4.2 Functional Requirements
4.3 User Interfaces Requirements
-
8/10/2019 GraphPwdAuth
6/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 6
4.4 Performance Requirements
4.4
Common constraints
4.5
Other Non Functional Requirements
5. System Environment
5.1 Hardware
5.2 Software
5.2.1 Operating System Info
5.2.2
About The Language
5.2.3 About The Tool
6. System Design Specification
6.1 Architectural Design
6.1.1 Data Flow Diagrams
6.1.2 Database Tables
6.1.3 User Case Diagrams
7. SoftwareTesting7.1 Unit Testing
7.2 Integration Testing
7.3 System Testing
8. System Implementation
9. CONCLUSION
1o. Screen Shots
11. Bibliography
-
8/10/2019 GraphPwdAuth
7/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 7
ABSTRACT
Click cued points is a click-based graphical
password scheme, a cued-recall graphical password technique. Users
Click on one point per image for a sequence of images. The next image
is based on the previous click-point. Performance was very good in
terms of speed, accuracy, and number of errors. Users preferred CCP to
PassPoint, saying that selecting and remembering only one point per
image was easier, and that seeing each image triggered their memory
of where the corresponding point was located. CCP also provides
greater security than PassPoints because the number of images
increases the workload for attackers.
Key words:Graphical Passwords, Computer Security, Authentication,
Usable Security, User Study
-
8/10/2019 GraphPwdAuth
8/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 8
INTRODUCTION
Various graphical password schemes have
been proposed as alternatives to text-based passwords. Research and
experience have shown that text-based passwords are fraught with
both usability and security problems that make them less than
desirable solutions. Psychology studies have revealed that the human
brain is better at recognizing and recalling images than text. Graphicalpasswords are intended to capitalize on this human characteristic in
hopes that by reducing the memory burden on users, coupled with a
larger full password space offered by images, more secure passwords
can be produced and users will not resort to unsafe practices in order
to cope.
In this project, we propose a new click-based graphical
password scheme called Cued Click Points (CCP). It can be viewed as a
combination of PassPoints , Passfaces , and Story . A password consists
of one click-point per image for a sequence of images. The next image
displayed is based on the previous click-point so users receive
immediate implicit feedback as to whether they are on the correct path
when logging in. CCP offers both improved usability and security.
Users could quickly create and re-enter their
passwords. Another feature of ccp is the immediate implicit feedback
telling the correct user whether their latest click-point was correctly
entered.
-
8/10/2019 GraphPwdAuth
9/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 9
OBJECTIVE
Cued Click Points (CCP) is a proposed alternative to
PassPoints. In CCP, users click one point on each of images rather than
on different points on one image. It offers cued-recall and introducesvisual cues that instantly alert valid users if they have made a mistake
when entering their latest click-point at which point they can cancel
their attempt and retry from the beginning. It also makes attacks based
on hotspot analysis more challenging.
As shown in Figure 1, each click results in showing
a next-image, in effect leading users down a path as they click ontheir sequence of points. A wrong click leads down an incorrect path,
with an explicit indication of authentication failure only after the final
click. Users can choose their images only to the extent that their click-
point dictates the next image. If they dislike the resulting images, they
could create a new password involving different click-points to get
different images.
-
8/10/2019 GraphPwdAuth
10/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 10
Fig. 1. CCP passwords can be regarded as a choice-dependent path
of images.
During password creation, the first image can be selected
by the user from a given list .We will find out the co-ordinates of the
click-point and will find out the tolerance square number. For each
click-point in a subsequent login attempt, this number is retrieved
and used to determine whether the click-point falls within tolerance
of the original point.
Our example system
had images of size 200x200 pixels and cells of 4x4 pixels. In this project,
we have different layers of images each containing 16 squares. We use
-
8/10/2019 GraphPwdAuth
11/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 11
a random function to maps each cell to a next-image. Each of the 16
next-images would have 16 tolerance squares and thus require 16 next-
images of their own. The number of images would quickly become
quite large increasing exponentially. When computing the next-image
index, if any is a repeat, we can select a distinct image using undo
button.
A users initial image is selected by the
system based on user characteristic such as username. The sequence is
regenerated on-the-fly from the function each time a user enters the
password. If a user enters an incorrect click-point, then the sequence of
images from that point onwards will be incorrect and thus the loginattempt will fail. For an attacker who does not know the correct
sequence of images, this cue will not be helpful. We expect that
hotspots will appear as in PassPoints, but since the number of images is
significantly increased, analysis will require more effort which increases
proportionally with the configurable number of images in the system.
For example, if attackers identify five likely
click-points on the first image, they then need to analyze the five
corresponding second images (once they determine both the indices ofthese images and get access to the images themselves), and so on,
growing exponentially.
A major usability improvement
over PassPoints is the fact that legitimate users get immediate feedback
about an error when trying to log in. When they see an incorrect image,
they know that the latest click-point was incorrect and can immediately
cancel this attempt and try again from the beginning. The visual cue
does not explicitly reveal right or wrong but is evident usingknowledge only the legitimate user should possess. As with text
passwords, PassPoints can only safely provide feedback at the end and
cannot reveal the cause of error.
-
8/10/2019 GraphPwdAuth
12/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 12
Providing explicit feedback in PassPoints before the
final click-point could allow PassPoints attackers to mount an online
attack to prune potential password subspaces, whereas CCPs visual
cues should not help attackers in this way. Another usability
improvement is that being cued to recall one point on each of five
images appears easier than remembering an ordered sequence of five
points on one image.
-
8/10/2019 GraphPwdAuth
13/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 13
SYSTEM STUDY
-
8/10/2019 GraphPwdAuth
14/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 14
System Study
Click cued points is the best graphical passwordauthentication technique.It offers cued-recall and introduces visual
cues that instantly alert valid users if they have made a mistake when
entering their latest click-point at which point they can cancel their
attempt and retry from the beginning. It also makes attacks
based on hotspot analysis more challenging.
2.1 Existing System:
The existing system is PassPoints . It proposed
Passwords which could be composed of several points anywhere on an
image. They also proposed a scheme with three overlapping grids,
allowing for login attempts that were approximately correct to be
accepted.
2.2 Drawbacks in the existing systems:
It seems obvious that some areas of an image are
more attractive to users as click-points. If this phenomenon is too
strong, the likelihood that attackers can guess a password significantly
increases. If attackers learn which images are being used, they can
select a set of likely hotspots through image processing tools or by
observing a small set of users on the target image and then building an
attack dictionary based on those points.
-
8/10/2019 GraphPwdAuth
15/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 15
SYSTEM ANALYSIS
-
8/10/2019 GraphPwdAuth
16/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 16
System Analysis
System analysis or study is an
important phase of any system development process. The system is
studied to the minute detail and analyzed. The system analyst
dwelled deep into the working of the present system. The system
was viewed as a whole and the input of the system are identified.
During analysis phase for each problem identified many alternative
solutions were evaluated and selected the most feasible one. A
feasibility analysis was performed to evaluate possible solutions torecommend the most feasible one.
3.1 Purpose
Click cued points is a click-based graphical password
scheme, a cued-recall graphical password technique. Various graphical
password schemes have been proposed as alternatives to text-based
passwords .It can be used as password for folder lock, web-driven
applications, desktop lock etc.
3.2 Scope
In future it has great scope. It can be used everywhere
instead of text-based password .We can increase the security of
this system by increasing the number of levels used, the number
of tolerance squares used.
-
8/10/2019 GraphPwdAuth
17/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 17
3.3 FEASIBILITY STUDY
After the problem is clearly understood and solutions
proposed, the next step is to conduct the feasibility study. Feasibility
study is defined as evaluation or analysis of the potential impact of a
proposed project or program. The objective is to determine whether
the proposed system is feasible. There are three aspects of feasibility
study to which the proposed system is subjected as discussed below.
3.3.1. Technical Feasibility
Technical feasibility assesses whether the current technical
resources are sufficient for the new system. If they are not available,
can they be upgraded to provide the level of technology necessary for
the new system? It checks whether the proposed system can be
implemented in the present system without supporting the existing
hardware.
3.3.2. Economic Feasibility
Economic feasibility determines whether the time and
money are available to develop the system. It also includes the
purchase of new equipment, hardware, and software. A software
product must be cost effective in the development, on maintenance
and in the use. Since the hardware and resources are already availablewith the organization and the organization can afford to allocate the
required resources.
-
8/10/2019 GraphPwdAuth
18/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 18
3.3.3. Operational Feasibility
Operational feasibility determines if the human resources
are available to operate the system once it has been installed. The
resources that are required to implement or install are already available
with the organization. The persons of the organization need no
exposure to computer but have to be trained to use this particular
software. A few of them will be trained. Further, training is very less.
The management will also be convinced that the project is optimallyfeasible.
3.4 OVERVIEW
The software should be developed according to the system.
The user interface module should be developed in such a way that the
user can easily operate the system. The most important responsibility of
developer is maintenance. He is responsible to give support to thecustomer when they are getting problem related to the software.
It has following additional features
Written in Java, so it runs on Mac OS, OS/2, Unix, VMS and
windows
Database is Mysql.
Highly user friendly and customizable
High security
-
8/10/2019 GraphPwdAuth
19/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 19
SYSTEM REQUIREMENT
SPECIFICATION
-
8/10/2019 GraphPwdAuth
20/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 20
4.1Purpose, Scope and Overview
Click cued points is a click-based graphical password
scheme, a cued-recall graphical password technique. Various graphical
password schemes have been proposed as alternatives to text-based
passwords .It can be used as password for folder lock , web-driven
applications , desktop lock etc.
In future it has great scope. It can be
used everywhere instead of text-based password .We can increase
the security of this system by increasing the number of levels
used, the number of tolerance squares used.
The software should be developed
according to the system. The user interface module should be developed
in such a way that the user can easily operate the system. The most
important responsibility of developer is maintenance. He is responsible to
give support to the customer when they are getting problem related to
the software.
It has following additional features
Written in Java, so it runs on Mac OS, OS/2, Unix, VMS and
windows Database is Mysql.
Highly user friendly and customizable
Different look and feel
-
8/10/2019 GraphPwdAuth
21/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 21
4.2 FUNCTIONAL REQUIREMENTS
The various functional requirements of this project are
the following:
Selection of first image during registration.
Database module for maintaining the framework
Pre-Processing modules for different areas.
Customizable3
4.3 USER INTERFACE REQUIREMENT
User Education and Training: -
To achieve the objectives and benefits expected from
the computer based system, it is essential for people who will be
involved to be confident of their role in the new system. This involves
them in understanding the overall system. As the system becomes
more complex the need for education and training is more and more
important. Education of the user should really have taken place much
earlier in the project when they were being involved in the
investigation and design work. Once the staff has been trained thesystem can be tested.
System testing is an expensive but critical process that can
make as much as fifty percentage of the budget of the program
development. The common view of testing held by the user is
-
8/10/2019 GraphPwdAuth
22/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 22
that it is performed to prove that there are no errors in the
program. Therefore, the most practical approach is with
understanding that testing is the process of executing programs
with the intention of finding errors.
4.4. Performance Requirements
Considering the interactive nature of the task the system must
have the following characters.
Minimum response time
Efficient CPU utilization
Less Memory space
High reliability
High flexibility
User friendly
4.5. General Constraints
As the clients is not used to an automated environment
they didnt impose any stringent constraints over the system. But they
put they forth some important comment that is desirable for the
proposed system.
-
8/10/2019 GraphPwdAuth
23/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 23
4.6. Other Non Functional Requirements
Nonfunctional requirements define system properties and
constraints it arises through user needs, because of budget constraints
or organizational policies, or due to the external factors such as safety
regulations, privacy registration and so on. Nonfunctional requirements
are:
Security
Reliability
Maintainability
Portability
Extensibility
Reusability
Application Affinity/Compatibility
Resource Utilization
-
8/10/2019 GraphPwdAuth
24/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 24
SYSTEM ENVIRONMENT
-
8/10/2019 GraphPwdAuth
25/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 25
5. SYSTEM ENVIRONMENT
The following hardware and software are required for the
development and deployment of the system.
5.1 Hardware
Processor : Intel Pentium IV
Main Memory : 512 MB RAM
Hard Disk : 80 GB
CD Drive : 52X speed
Mouse : Standard two button or higher
Keyboard : Standard 101-102 key keyboard
Display : 15 Monitor
Other devices : Modem
5.2 Software
Operating System : Windows 2000/XP
Language Used : JAVA 2
Tools : NETBEANS IDE, MYSQL SERVER
-
8/10/2019 GraphPwdAuth
26/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 26
5.2.1 Operating System Info
WINDOWS XP OPERATING SYSTEM
The operating system used was Microsoft Windows XP. The
Windows XP provides a suitable environment for the smooth
functioning of the project.
Windows XP makes personal computing easy. Power,
performance, a bright new look and plenty of help when you need it.
Windows XP has it all, along with unmatched dependability and
security.
Windows XP professional marks a new standard in business
software combining enterprise-class performance and reliability with
unprecedented ease of use. Built on the rock-solid foundation of
Microsofts proven Windows 2000 technology, Windows XP
Professional contains all the features of Microsoft Windows XP Home
Edition, and includes new and enhanced features designed especially
for business and advanced use.
The all-new Help and Support Center in Windows XP is our
one-stop shop for:
Clear how-to instructions
Engaging start-to-finish articles
Troubleshooting advice.
Special wizards give you step-by-step instructions to smooth
the way when connecting new devices and running new software.
-
8/10/2019 GraphPwdAuth
27/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 27
6.2.2 ABOUT THE LANGUAGE
JAVA:
Java is the first programming language designed from ground up
with network programming in mind. The core API for Java includes
classes and interfaces that provide uniform access to a diverse set of
network protocols. As the Internet and network programming has
evolved, java has maintained its cadence. New APIs and toolkit have
expanded the available options for the java network programmer.
Java is both a programming language and an environment for
executing programs written in java language. Unlike traditional
compilers, which convert source code into machine level
instructions, the java compiler translates java source code into
instructions that are interpreted by the runtime Java Virtual
Machine. So unlike language like C and C++, Java is an interpreted
language
Java Environment:
The java environment is composed of several separate entities.
Java Language:
This is a language that follows object-oriented concept used to
create executable contents such as applications and applets. But
Java is not pure object oriented language, it does not support
multiple inheritance & Operator overloading.
Java Runtime Environment:
-
8/10/2019 GraphPwdAuth
28/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 28
The runtime environment used to execute the code. It is made up
of the java language and java virtual machine. It is portable and it is
platform neutral.
Java tools:
It is used by the developers to create java code. They include java
compiler, java interpreter, classes, libraries and applet viewer.
Java Application:
Applications are programs written in java to carry out certaintasks on stand alone local computer. Execution of a stand-alone
program involves two steps.
1.Compiling the source code in to byte code using javac.
2.Executing byte code program using java interpreter
Java Applets:
Java applets are pieces of java code that are embedded in HTML
document using the applet tag. When the browser encounters such
code it automatically download it and execute it.
Java Virtual Machine:
It is a specification to which java codes must be written. All java
code is to be compiled in this nonexistent virtual machine. Writing
the code that compiles in JVM ensures platform independence.
-
8/10/2019 GraphPwdAuth
29/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 29
Advantages of Java
Java is Robust:
Robust programs are those reliable programs that are unlikely to
fail even under the most unlikely conditions. Many languages like C
do not have this feature because they are relaxed in terms of type
checking in terms of programming errors. Java is strict about type
declaration and does not allow automatic typecasting. Also it uses a
pointer model that does not overwrite memory or corrupt data.
Java is secure:
Java allows creation of virus-free, tamper free systems to be
created. It ensures security in the following ways.
Pointers and memory allocations are removed during compile
time.
The interpreter verifies all byte codes before executing. All java applets are treated as entrusted code executing in trusted
environment.
Because Java was written to support distributed applications over
the computer networks, it can be used with a variety of CPU and
operating system architectures. To achieve this goal a compiler was
created that produces architecture-neutral object files from Java
code.
-
8/10/2019 GraphPwdAuth
30/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 30
Java is Portable:
Java byte code will be executed on any computer that has Java
Runtime Environment. The portability is achieved in the followingways.
Java primitive data types and the behavior of arithmetic
operations on these data types are explicitly specified.
The java libraries include portable interfaces for each platform on
which the run time environment is available.
The entire java system itself is portable.
Java is small:
Because java was designed to run on small computers, java
system is relatively small for a programming language. It can run
efficiently on PCs with 4MB RAM or more. The java interpreter takes
up only a few hundred-kilo bytes.
Java is garbage collected:
Java programs dont have to worry about memory management.
The java system has a built in program called the garbage collector,
which scans the memory and automatically frees the memory
chunks that are not in use.
Java is dynamic:
Fundamentally distributed computer environments must be
dynamic. Java is capable of dynamic linking new libraries, methods
-
8/10/2019 GraphPwdAuth
31/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 31
and instance variables as it goes without breaking and without
concern.
Java Swing:
The swing classes eliminate Javas biggest weakness: Its relatively
primitive user interface toolkit. Swing provides many new
components and containers that allow us to build sophisticated user
interfaces, far beyond what was possible with AWT. The old
components have been greatly improved, and there are many new
components, like trees, tables, and even text editors. It also adds
several completely new features to Javas user interface capabilities:
drag-and-drop, undo, and the ability to develop our own Look and
Feel, or the ability to choose between several standard looks. The
swing components are all lightweight, and therefore provide more
uniform behavior across platforms, making it easier to test our
software.
Reason for Using Java:
It is required to explore systems running different operating
system. In order to do so, there should be some way to connect to
bridge those operating systems so that all the differences between
them are solved and the functionalities are achieved. Also the
functions performed in one system should be able to transfer to
another and the result should be able to reflect there properly. Javaserves as a bridge between these Operating systems. Also java is
widely considered to be the best in developing network applications.
The communication happens between Java Virtual Machines
running on the systems. When the client wants to perform the
-
8/10/2019 GraphPwdAuth
32/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 32
functionalities in another system and see the result, a method in the
remote system is invoked from the client. The corresponding
method in the remote system performs the job and sends the results
to the client that is reflected in its interface.
5.2.3 ABOUT THE TOOL
NETBEANS IDE
The NetBeans Platform allows applications to be developed from
a set of modular software components called modules. A module is aJava archive file that contains Java classes written to interact with the
NetBeans Open APIs and a manifest file that identifies it as a module.
MYSQL SERVER
MYSQL SERVER is a form of mini-server that can run on almost
any Windows Operating System. MYSQL is an Open Source, SQL
Relational Database Management System (RDBMS) that is free for
many uses. Early in its history, MYSQL occasionally faced opposition
due to its lack of support for some core SQL constructs such as sub-
selects and foreign keys. Ultimately, however, MYSQL found a broad,
enthusiastic user base for its liberal licensing terms, performance, and
ease of use. Its acceptance was aided in part by the wide variety of
other technologies such as PHP, Java, Perl, and Python and has
encouraged its use through stable, well-documented modules and
extensions.
-
8/10/2019 GraphPwdAuth
33/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 33
SYSTEM DESIGN SPECIFICATION
-
8/10/2019 GraphPwdAuth
34/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 34
6.1 ARCHITECTURAL DESIGN
6.1.1 DATA FLOW DIAGRAMS:
Data flow diagrams (DFD) was first developed by LARRY
CONSTANTINE as way representing system requirements in a
graphical form; this lead to modular design. A DFD describes what
data flow (logical) rather than how they are processed, so it does
not depend on hardware, software, data structure or file
organization. It is also known as bubble chart.
A Data Flow Diagrams is a structured analysis and design tool that
can be used for flowcharting in place of, or in association with,
information-oriented and process-oriented systems flowcharts. A
DFD is a network that describes the flow of data and the processes
that change, or transform, data throughout a system. This network
is constructed by using a set of symbols that do not imply a
physical implementation. It has the purpose of clarifying systemrequirements and identifying major transformations that will
become programs in system design. So it is the starting point of
the design phase that functionality decomposes the requirement
specifications down to the lowest level of detail.
The symbols used to prepare DFD do not imply a physical
implementation, a DFD can be considered to an abstract of thelogic of an information-oriented or a process-oriented system
flow-chart. For these reasons DFDs are often referred to as logical
data flow diagrams. The four basic symbols used to construct data
flow diagrams are shown below:
-
8/10/2019 GraphPwdAuth
35/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 35
A rectangle represents a data source or
destination.
A directed line represents the flow of data that
is data stream.
An enclosed figure, usually a circle or an oval
bubble, represent a process that transforms
data streams.
An open-ended rectangle represents data
storage.
These are symbols that represent data flows, data sources, data
transformations and data storage. The points at which data aretransformed are represented by enclosed figures, usually circles,
which are called nodes. The principle processes that take place at
nodes are:
1.
combining data streams
2.
splitting data streams
3.
modifying data streams.
-
8/10/2019 GraphPwdAuth
36/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 36
DFD LEVEL-0
INFORMATION REQUEST
DFD LEVEL-1
PICTURE
LOG
USERCCP
GRAPHICAL
PASSWORD
AUTHENTICATION
USER
REGISTRATION
PROCESS
LOGIN PROCESS
Retrieve
pictureRegistration
information
Password
information
Request
information
Retrieve
information
Login result
Login
information
-
8/10/2019 GraphPwdAuth
37/64
-
8/10/2019 GraphPwdAuth
38/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 38
Table Design
Table 1: picture
Serial
No.
Column
name
Data Type Size Key Default
1 Name VARCHAR 350 Primary
Table 2: log
Serial
No
Column
Name
Data Type Size Key Default
1 User VARCHAR 1o Primary
2 Level INT 200
3 position VARCHAR 200
4 Name VARCHAR 200
5 First VARCHAR 10 foreign
-
8/10/2019 GraphPwdAuth
39/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 39
Class Diagrams
-
8/10/2019 GraphPwdAuth
40/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 40
SOFTWARE TESTING
-
8/10/2019 GraphPwdAuth
41/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 41
7. SOFTWARE TESTING
Software testing is the process of checkingwhether the developed system is working according to the original
objectives and requirements. Software testing process commences
once the program is created and the documentation and related data
structures are designed. Software testing is essential for correcting
errors. Otherwise the project is not said to be complete.
The system should be tested experimentally
with test data so as to ensure that the system works according to therequired specification. When the system is found working, test it with
actual data and check performance. Software testing is a critical
element of software quality assurance and represents the ultimate
review of specification, design and coding.
Need for Testing
Testing was essential for the following reasons:-
Existence of program defects of inadequacies
The software behavior as intended by its designer
Conformance with requirement specification/user needs.
Assess the operational reliability of the system.
Reflect the frequency of actual user inputs.
Find the fault, which caused the output anomaly.Checks for detect flaws and deficiencies in the requirements.
Check whether the software is operationally useful.
Exercise the program using data like the real data processed by
the program.
-
8/10/2019 GraphPwdAuth
42/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 42
Testing Strategies
The philosophy behind testing is to find errors. Test cases are
devised with this purpose in mind. Test case is a set of data that the
system will process as normal input.
Characteristics of a Good Test:
Tests are likely to catch bugs
No redundancy
Not too simple or too complex
7.1 Unit Testing:
The primary goal of unit testing is to take the
smallest piece of testable software in the application, isolate
it from the remainder of the code, and determine whether it
behaves exactly as you expect. Each unit is tested separately
before integrating them into modules to test the interfaces
between modules. Unit testing has proven its value in that a large
percentage of defects are identified during its use.
Unit testing is a software verification and validation
method where the programmer gains confidence that individual
units of source code are fit for use. A unit is the smallest testable part
of an application. In procedural programming a unit may be an
individual program, function, procedure, etc., while in object-oriented
-
8/10/2019 GraphPwdAuth
43/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 43
programming, the smallest unit is a class, which may belong to a
base/super class, abstract class or derived/child class.
Ideally, each test case is independent from the others:
substitutes like method stubs, mock objects, fakes and test harnesses
can be used to assist testing a module in isolation. Unit tests are
typically written and run by software developers to ensure that code
meets its design and behaves as intended. Its implementation can vary
from being very manual (pencil and paper) to being formalized as part
of build automation.
7.2 Integration Testing
Integration testing, also known as integration and testing
(I&T), is a software development process which program units are
combined and tested as groups in multiple ways. In this context, a unit
is defined as the smallest testable part of an application. Integration
testing can expose problems with the interfaces among program
components before trouble occurs in real-world program execution.
Integration testing is a component of Extreme Programming (XP), a
pragmatic method of software development that takes a meticulous
approach to building a product by means of continual testing and
revision.
-
8/10/2019 GraphPwdAuth
44/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 44
There are two major ways of carrying out an
integration test, called the bottom-up method and the top-down
method. Bottom-up integration testing begins with unit testing,
followed by tests of progressively higher-level combinations of
units called modules or builds. In top-down integration testing,
the highest-level modules are tested first and progressively
lower-level modules are tested after that. In a comprehensive
software development environment, bottom-up testing is usually
done first, followed by top-down testing.
7.3 Validation testing
At the validation level, testing focuses
on user visible actions and user recognizable output from the
system. Validations testing is said to be successful when software
functions in a manner that can be reasonably expected by the
customer.
Two types of validation testing:
Alpha testing is simulated or actual operational
testing by potential users/customers or an
independent test team at the developers' site.
Alpha testing is often employed for off-the-shelf
-
8/10/2019 GraphPwdAuth
45/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 45
software as a form of internal acceptance testing,
before the software goes to beta testing.
Beta testing comes after alpha testing.
Versions of the software, known as beta version,
are released to a limited audience outside of the
programming team. The software is released to
groups of people so that further testing can
ensure the product has few faults or bugs.Sometimes, beta versions are made available to the
open public to increase the feedback field to a
maximal number of future users.
-
8/10/2019 GraphPwdAuth
46/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 46
CONCLUSION
-
8/10/2019 GraphPwdAuth
47/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 47
Conclusion
The proposed Cued Click Points scheme
shows promise as a usable and memorable authentication mechanism.
By taking advantage of users ability to recognize images and the
memory trigger associated with seeing a new image, CCP has
advantages over PassPoints in terms of usability. Being cued as each
images shown and having to remember only one click-point per imageappears easier than having to remember an ordered series of clicks on
one image.
CCP offers a more secure alternative
to PassPoints. CCP increases the workload for attackers by forcing them
to first acquire image sets for each user, and then conduct hotspot
analysis on each of these images.
In future development we can also
add challenge response interaction. In challenge response interactions,
server will present a challenge to the client and the client need to
give response according to the condition given. If the response is
correct then access is granted. Also we can limit the number a user can
enter the wrong password .
-
8/10/2019 GraphPwdAuth
48/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 48
SCREEN SHOTS
-
8/10/2019 GraphPwdAuth
49/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 49
Register and Login page
-
8/10/2019 GraphPwdAuth
50/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 50
When register button is clicked
-
8/10/2019 GraphPwdAuth
51/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 51
Availability of username is checked
-
8/10/2019 GraphPwdAuth
52/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 52
-
8/10/2019 GraphPwdAuth
53/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 53
When a point is clicked
-
8/10/2019 GraphPwdAuth
54/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 54
When second picture is clicked
-
8/10/2019 GraphPwdAuth
55/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 55
Submit button is clicked
-
8/10/2019 GraphPwdAuth
56/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 56
Before entering the login page
-
8/10/2019 GraphPwdAuth
57/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 57
Username is given after clicking login button
-
8/10/2019 GraphPwdAuth
58/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 58
Afterclicking ok button
-
8/10/2019 GraphPwdAuth
59/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 59
After first correct click
-
8/10/2019 GraphPwdAuth
60/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 60
After second click
-
8/10/2019 GraphPwdAuth
61/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 61
When sign in button is clicked
-
8/10/2019 GraphPwdAuth
62/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 62
The password matches and the page is shown.
-
8/10/2019 GraphPwdAuth
63/64
Graphical Password Authentication Using Click Cued Points
Created by SUBHA A Page 63
BIBLIOGRAPHY
-
8/10/2019 GraphPwdAuth
64/64
Graphical Password Authentication Using Click Cued Points
BIBLIOGRAPHY
The books that I have referenced are:
Core Java 2 Volume I and II, by Cay S. Horstmann and
Gary Cornell
JavaTM How to Program by H.M Deitel
Beginning JavaScript 2ndEdition, by Wilton
Websitesreferred:-
http://www.java.sun.com
and many more websites to refer the database connections.