 Aim of the project is to develop the application which resistance to

observation attack in graphical password systems.

 Objective of the project is to replaces the static digital images typically
used in graphical password systems with personalized physical token in the
public terminal.
 PassBYOP is a new graphical password scheme for public terminals that
replaces the static digital images typically used in graphical password
systems with personalized physical tokens, herein in the form of digital
pictures displayed on a physical user-owned device such as a mobile
phone.
 Users present these images to a system camera and then enter their
password as a sequence of selections on live video of the token.
 Highly distinctive optical features are extracted from these selections and
used as the password. We present three feasibility studies of PassBYOP
examining its reliability, usability, and security against observation.
 Text passwords and personal identification numbers (PINs) are the
dominant authentication method , as they are simple and can be deployed
on systems including public terminals, the web, and mobile devices.

 However, passwords suffer from limitations in terms of memorability and

security—passwords that are difficult to guess are also hard to remember
 To address this issue, we present a new point-click graphical password
system, PassBYOP—Bring Your Own Picture, that increases resistance to
observation attack by coupling the user’s password to an image or object
physically possessed.
 Text passwords and personal identification numbers (PINs) are the
dominant authentication method as they are simple and can be deployed
on systems including public terminals, the web, and mobile devices.
 However, passwords suffer from limitations in terms of memorability and
security—passwords that are difficult to guess are also hard to remember.
 In order to mitigate these problems, researchers have proposed graphical
password schemes that rely on input such as selecting portions of an image
These systems have been shown to improve memorability without
sacrificing input time or error rates while also maintaining a high resistance
to brute force and guessing attacks .
 However, graphical passwords present their own problems.
 One issue is their susceptibility to intelligent guessing and shoulder-
surfing attacks.
 Such attacks are effective because the sections of images that users
select as password items are both easy for an attacker to observe by
snooping over shoulders or setting up a camera to record input and
also relatively predictable—users tend to choose hotspots such as
the eyes in a facial portrait .
 It present a new point-click graphical password system,
PassBYOP—Bring Your Own Picture, that increases resistance to
observation attack by coupling the user’s password to an image or
object physically possessed.

 The proposal improving the security of graphical password systems

by integrating live video of a physical token that a user carries with
them. It first demonstrates the feasibility of the concept by building
and testing a fully functional prototype.
 PassBYOP seeks to make graphical passwords more secure against
intelligent guessing and shoulder-surfing attacks.
 PassBYOP’s resistance to observation attack—three attackers are unable to
compromise a password using shoulder surfing, camera based observation,
or malware.
 User Registration
 Upload Image
 Hash code generation
 User Login Process
 Admin
 In this module user has to register by giving his information such as
user_id, user name, password ,valid e-mail id etc, and after giving this
information, user has to upload the image which he has brought with him.

 After uploading ,he has to select the five locations in that image as the
password.
 In this module user has to upload image at the time of registration and
same image at the time of authentication, image will be split in to the
number of coordinate blocks and store in the application ,if the user selects
the location, that location specific block hash code will be stored in the
database.
 After successful selection of locations of the image ,those details will be
stored in the database, concatenating all the images locations ,generate
hash code for that and store in the database with respect to the user.
 Registered user will be login to the application by using his userid and
password. After successful login , user has to upload the image which he
has uploaded at the time of password setting , the uploaded image he has to
select the locations , concatenating all the images locations ,generate hash
code for that .
 If the hash code is matched with the existing hash code user can successful
enter in to the home page , else, process ends and login page will display.
 Admin has to login to his account by the authenticated user name and password.
Admin can able to view all the users details, who are successfully registered.
 Login

Image
Database

Authentication
System

PassBYOP
 User
Registration

Upload Image

Hash Code PassBYOP

Generation Login
 Login
succes

Valid
Image
Upload
User
DB Matching

Hash
Code
Wrong

Login
failed
 MD5 (Message Digest 5)
 Image Segmentation
 Texture Feature Extraction
 Feature Comparison and Decision Making.
 Processor : Pentium IV 2.4 GHz.

 Hard Disk : 250 GB.

 RAM : 1 GB
 Operating system : Windows XP Professional / Windows7
 Coding Language : Java (Jdk 1.7),
 Database : My-SQL 5.0
 Database GUI : SQLYog
 Elipse tool : Eclipse Indigo
 It improving the security of graphical password systems by integrating live
video of a physical token that a user carries with them.
 It first demonstrates the feasibility of the concept by building and testing a
fully functional prototype.

 It then illustrates that user performance is equivalent to that attained in

standard graphical password systems through a usability study assessing
task time, error rate, and subjective workload.
 Finally, a security study shows that PassBYOP substantially increases
resistance to shoulder-surfing attacks compared with existing graphical
password schemes.
 PassBYOP performance should be tested with a variety of cameras.
 Finally, the current PassBYOP system achieved multi touch input
capability by wirelessly streaming video from the PassBYOP host
computer to an iPad tablet.

 While this approach was simple and effective, greater speed and efficiency
would be attained with an active application.
 F. Aloul, S. Zahidi, and W. El-Hajj, “Two factor authentication using mobile
phones,” Proc. Comput. Syst. Appl., 2009, pp. 641–644.
 R. Biddle, S. Chiasson, and P. van Oorschot, “Graphical passwords: Learn-
ing from the first twelve years,” ACM Comput. Surveys vol. 44, no. 4, p. 19,
2012.

 S. Chiasson, P. C. van Oorschot, and R. Biddle, “Graphical password

authentication using cued click points,” in Proc. 12th Eur. Symp. Res.
Comput. Security, 2007, pp. 359–374.