DroidDetector: Android Malware Characterization and Detection Using Deep Learning

DroidDetector: Android Malware Characterization and Detection Using Deep Learning

DroidDetector: Android Malware Characterization and Detection Using Deep Learning

ABSTRACT:

Smartphones and mobile tablets are rapidly becoming indispensable in daily life. Android has been the most popular mobile operating system since 2012. However, owing to the open nature of Android, countless malwares are hidden in a large number of benign apps in Android markets that seriously threaten Android security. Deep learning is a new area of machine learning research that has gained increasing attention in artificial intelligence. In this study, we propose to associate the features from the static analysis with features from dynamic analysis of Android apps and characterize malware using deep learning techniques. We implement an online deep-learning-based Android malware detection engine (DroidDetector) that can automatically detect whether an app is a malware or not. With thousands of Android apps, we thoroughly test DroidDetector and perform an indepth analysis on the features that deep learning essentially exploits to characterize malware. The results show that deep learning is suitable for characterizing Android malware and especially effective with the availability of more training data. DroidDetector can achieve 96.76% detection accuracy, which outperforms traditional machine learning techniques. An evaluation of ten popular anti-virus softwares demonstrates the urgency of advancing our capabilities in Android malware detection.

OUTPUT VIDEO:

EXISTING SYSTEM:

  • Previous research has revealed that Android malware is rapidly evolving to circumvent signature based characterizations and thus calls for the development of next-generation anti-mobile-malware solutions.
  • Android malware evidently cannot be adequately characterized using only specific patterns (signatures). In view of this situation, machine learning- based methods are being proposed to characterize Android malware that extract features by the static or dynamic analysis of Android apps and learn the distinctions between malware and benign apps automatically.
  • In particular, these machine-learning-based methods can avoid the need to manually craft and update detection rules, which is crucial for keeping pace with the variety of Android malware.

DISADVANTAGES OF EXISTING SYSTEM:

  • The main countermeasure to defense against malware on Android platforms is a risk communication mechanism that warns users about the permissions required before installing each app.
  • In a previous study it is used to detect the presence of a malware by detecting the trend, not the rate, of the observed illegitimate scan traffic.
  • The filter is used to separate malware traffic from background non malware scan traffic.

PROPOSED SYSTEM:

  • In this study, our contributions include:
  • We describe our development of a deep-learning-based Android malware detection engine (DroidDetector) that has been put online for user testing and can automatically detect whether an app is a malware or not.
  • We thoroughly test DroidDetector and perform an in-depth analysis on the features that deep learning essentially exploits to characterize malware using association rule mining techniques.
  • We conduct experiments on ten popular anti-virus softwares and reveal that they are extremely vulnerable to repackaging attacks. In the light of our analyses, we conclude that deep learning is a promising technique for Android malware detection.

ADVANTAGES OF PROPOSED SYSTEM:

  • Our experiments also demonstrated that the deep learning model significantly outperforms traditional machine learning models.
  • In our opinion, if a malware cannot be identified correctly, its malicious characteristics must not have been properly learned by the machine learning model. Note that any app defined as a malware must have some special characteristics that have been defined as malicious behaviors. Therefore, to characterize and detect more types of malware, more fine-grained features that can cover more aspects of malware must be collected.
  • More types of training samples learned

SYSTEM ARCHITECTURE:

DroidDetector

MODULES:

  • Feature Extraction
  • Deep Learning Engine
  • Evaluation
  • Features exploitation

MODULES DESCSRIPTION:

Feature Extraction

To systematically characterize Android apps (i.e., both malware and benign apps), we conduct static and dynamic analyses to extract features from each app.. All the features fall under one of three types: required permissions, sensitive APIs, and dynamic behaviors. Among them, required permissions and sensitive APIs are extracted through the static analysis, whereas dynamic behaviors are extracted through dynamic analysis. Specifically, all we need is the installation file (i.e., apk file) of each Android app.  In this way, we obtained few features for each app through static and dynamic analyses. Note that each feature is binary, indicating that when a feature occurs in an app, its feature value is 1; otherwise, its feature value is 0.

Deep Learning Engine

In this module, we develop the deep learning engine. Traditional machine learning models (e.g., SVM and C4.5) that have less than three layers of computation units are considered to have shallow architectures. Fortunately, deep learning models with a deep architecture change that situation. In practical use, a deep learning model can be constructed with different deep architectures, e.g., Deep Belief Networks (DBN) and convolutional neural networks. For this study, we chose DBN architecture to construct our deep learning model and characterize Android apps.

Evaluation

To validate the ability of the deep learning model to detect Android malware and make an in-depth analysis on the features that deep learning essentially exploits to characterize malware, we conducted experiments on public app sets. One benign app set was randomly crawled from the Google Play Store, which contains a large-scale of Apps. Although there might be a few malicious apps hidden among them, we regard all of them as benign apps. Another two malicious app sets were respectively collected from the Contagio Community. Several parameters need to be set when building deep learning networks, including the number of layers, number of neurons in each layer, contrastive divergence (CD-k) value, and number of iterations.

Features exploitation

In this module, we develop the features exploitation, we conducted experiments on the app sets. We performed an in-depth analysis on the features exploited by deep learning to distinguish malicious and benign apps using association rule mining techniques. In these experiments, we consider that the analysis results only reflect trends in the feature differences between them and are not absolute distinctions in real-world situations. First, we examined the ten top-ranked features in either malicious or benign classes. The results show that they both have the same features.

SYSTEM REQUIREMENTS:

HARDWARE REQUIREMENTS:

 

  • System : Pentium Dual Core.
  • Hard Disk : 120 GB.
  • Monitor : 15’’ LED
  • Input Devices : Keyboard, Mouse
  • Ram : 1 GB

SOFTWARE REQUIREMENTS:

  • Operating system : Windows 7.
  • Coding Language : Android,JAVA
  • Toolkit : Android 2.3 ABOVE
  • IDE :         Eclipse

REFERENCE:

Zhenlong Yuan, Yongqiang Lu, and Yibo Xue, “DroidDetector: Android Malware Characterization and Detection Using Deep Learning”, IEEE Tsinghua Science and Technology, 2016

Designing a Secure Exam Management System (SEMS) for M-Learning Environments

Designing a Secure Exam Management System (SEMS) for M-Learning Environments

Designing a Secure Exam Management System (SEMS) for M-Learning Environments

ABSTRACT:

M-Learning has enhanced the e-learning by making the learning process learner-centered. However, enforcing exam security in open environments where each student has his/her own mobile/tablet device connected to a Wi-Fi network through which it is further connected to the Internet can be one of the most challenging tasks. In such environments, students can easily exchange information over the network during exam time. This paper aims to identify various vulnerabilities that may violate exam security in m-learning environments and to design the appropriate security services and countermeasures that can be put in place to ensure exam security. It also aims to integrate the resulting secure exam system with an existing, opensource and widely accepted Learning Management System (LMS) and its service extension to the m-learning environment, namely “the Moodbile Project”.

PROJECT OUTPUT VIDEO: (Click the below link to see the project output video):

EXISTING SYSTEM:

  • The classical approach to perform e-exams involves providing specific exam centers equipped with machines configured with static security policy to be used only for exam purposes. This approach brings about the cost of creation and upkeep of the environment, and continuous underutilization thereof.
  • Also, such policies cannot be applied in m-learning environments where the students’ mobile/tablet devices are meant to be used for general purposes, e.g. Internet browsing or e-book reading, as well as for the sake of exams. Using students’ mobile devices as exam stations offers the advantages of low cost, more exam takers at the same time, and no need for a wired network. Thus, a dynamic security policy is needed in this case with an appropriate enforcing mechanism.

DISADVANTAGES OF EXISTING SYSTEM:

  • Moodbile Project does not address the security and privacy issues related to conducting exams in m-learning environment, and neither does the Moodle Quiz Engine which emphasizes only on the learning process not on securing the examination process.
  • The “Secure Exam Environment” described in existing supports exams based on Moodle to be taken by students on laptops. The system denies access to local files and Internet, but allows the use of certain programs like Excel and Java applications. Students have to connect their laptops to the wired LAN and boot from a USB drive or DVD.
  • Other e-exam systems developed based on mobile platforms with wireless access lack proper security considerations and exam management functions.

PROPOSED SYSTEM:

  • This paper aims to design a Secure Exam Management System (SEMS) that meets the distinct security requirements of m-learning environments and to integrate it with the current Moodle/Moodbile platform. This will result in a complete LMS that is both equipped with secure exam services and suitable for m-learning. Our intention of integrating SEMS with a well-known LMS such as Moodle is so to get the benefits of Moodle’s readymade services in other learning aspects such as course material administration, documentation, etc.
  • However, the proposed SEMS can also work as a standalone secure exam management system for mlearning environments without integration with Moodle.
  • We need to develop a new Quiz Engine that can be deployed as a service oriented application, so that its services can be consumed by a mobile application designed to cater to m-learning specific security requirements. As well, it should be integratable with Moodle/ Moodbile in order to have a complete LMS which suites the m-learning environment and addresses all of its security issues.

ADVANTAGES OF PROPOSED SYSTEM:

  • To the best of our knowledge, this issue has not yet been addressed by any previous work for the same environment.
  • Enabling the teacher to specify a subject’s exam properties such as: Date and Time, Duration, Percentage of level A, level B, and level C questions in the exam paper, etc. through an appropriate interface (Subject’s Exam Setup Interface).
  • Securely authenticating and enrolling students, using any of the well-known secure authentication mechanisms, into exams at the pre-defined date and time through the Exam Enrollment Interface.
  • Multifactor authentication can be adopted for stronger security.
  • Creating exam instances by random distribution of exam questions to the enrolled students’ mobile/ tablet devices according to the predefined exam properties such as percentage of each question level. This means that questions are not going to reach students in the same order.

SYSTEM ARCHITECTURE:

Designing a Secure Exam Management System (SEMS) for M-Learning Environments

MODULES:

  • Student Module
  • Teacher Module
  • Admin Module

MODULES DESCSRIPTION:

Student Module:

  • This Module is developed in Client Side (Android).
  • Here students register and logins to write exams.
  • Students by typing exam name can write the appropriate exams.
  • Students after writing exams can view their results using the Secret key generated at the time of registration..
  • Student have to memorise their secret key to view their own results

Teacher Module:

  • This Module is developed in Client Side (Android).
  • View all the students results.
  • Schedules exam and inform the students about exam by sending messages through WHATSAPP

Admin Module:

  • This module is developed in Server Side (PHP).
  • View all the student details.
  • Immediately removes the student name from table after the completion of exams.
  • So the student can’t access again.
  • Views all the student results and can remove the secKey so that student can view.
  • The result only for particular period of time.
  • Views all the teachers details

SYSTEM REQUIREMENTS:

HARDWARE REQUIREMENTS: 

  • System : Pentium Dual Core.
  • Hard Disk : 120 GB.
  • Monitor : 15’’ LED
  • Input Devices : Keyboard, Mouse
  • Ram : 1 GB

SOFTWARE REQUIREMENTS: 

  • Operating system : Windows 7.
  • Coding Language : Android,JAVA
  • Toolkit : Android 2.3 ABOVE
  • IDE :         Eclipse
  • Server Sid : PhP

REFERENCE:

Mustafa Kaiiali, Armagan Ozkaya, Halis Altun, Hatem Haddad, Marc Alier, “Designing a Secure Exam Management System (SEMS) for M-Learning Environments”, IEEE Transactions on Learning Technologies, 2016.

Authentication of Smartphone Users Using Behavioral Biometrics

Authentication of Smartphone Users Using Behavioral Biometrics

Authentication of Smartphone Users Using Behavioral Biometrics

ABSTRACT:

Smartphones and tablets have become ubiquitous in our daily lives. Smartphones, in particular, have become more than personal assistants. These devices have provided new avenues for consumers to play, work and socialize whenever and wherever they want. Smartphones are small in size; so they are easy to handle and to stow and carry in users’ pockets or purses. However, mobile devices are also susceptible to various problems. One of the greatest concerns is the possibility of breach in security and privacy if the device is seized by an outside party. It is possible that threats can come from friends as well as strangers. Due to the size of smart devices, they can be easily lost and may expose details of users’ private lives. In addition, this might enable pervasive observation or imitation of one’s movements and activities, such as sending messages to contacts, accessing private communication, shopping with a credit card, and relaying information about where one has been. This paper highlights the potential risks that occur when smartphones are stolen or seized, discusses the concept of continuous authentication, and analyzes current approaches and mechanisms of behavioral biometrics with respect to methodology, associated datasets and evaluation approaches.

PROJECT OUTPUT VIDEO: (Click the below link to see the project output video):

EXISTING SYSTEM:

  • We summarize existing studies which propose significant solutions for smartphone authentication by discussing the following points:
  • The amount of the data the authors use,
  • The types of classifiers the authors choose, and
  • The results the authors obtain.
  • Protecting the security and privacy of smartphone users against unauthorized access is very important and has become a crucial area of research.
  • Researchers from both academia and industry have proposed mechanisms to ensure security and privacy of sensitive information.

DISADVANTAGES OF EXISTING SYSTEM:

  • The security of mobile devices continues to be a major concern for manufacturers and users alike.
  • They are easy to evade, weak against shoulder surfing and other attacks and cumbersome to use.
  • Most widely-used authentication techniques for mobile devices are vulnerable, including PINs and patterns.
  • Authentication methods fail to detect and identify an intruder once he or she has passed the point of entry. These methods are also deficient in dealing with various non-conventional attacks such as smudge attack.

PROPOSED SYSTEM:

  • In this paper, we plan to comprehensively review the state-of-the-art in smartphone authentication focusing on types of behavioral biometrics.
  • We discuss the development of several behavior biometric approaches that aim to provide continuous authentication for smartphone devices.
  • We characterize each behavioral biometric, outline the algorithms used for recognition and present obtaining results obtained using various techniques for comparison.
  • We present a summary of these studies and introduce open problems and future work in continuous authentication.

ADVANTAGES OF PROPOSED SYSTEM:

  • An easy way to access mobile devices with few interruptions once the owner wants to use the device.
  • Balancing between security and usability to provide easy use of the device and offer high level of security at the same time.
  • Making continuous authentication based on application usage can be one way to enhance security and privacy.

SYSTEM ARCHITECTURE:

Authentication of Smartphone Users

MODULES:

  • Authentication
  • Hand waving Based Authentication
  • Wave-to-Access
  • Keystroke Based Authentication

MODULES DESCSRIPTION:

Authentication:

Authentication is the process used to validate the true user of a system. Authentication, in the context of security, takes into account three primary stages.

1) Knowledge-based, which uses something unique to an individual: This type of entity could be a password, answer to a security question, or an ID number that a user must know.

 2) Possession for object-based, which uses something one possesses in a physical sense: The prevalent examples of this type are a security token, an ID card or another trusted device.

3) Biometric, which denotes a physical or behavioral characteristic: This can be represented by one or more physical or behavioral attributes. Common examples are fingerprints and keystroke dynamic models of the owner of the device.

4) Pin Authentication:

  • Two Type of passwords: PIN and a complicated alphanumeric password. The main goal for this application is to capture key events and inter-keystroke latencies.

Hand waving Based Authentication:

Identifying users based on wave gesture has gained attention recently. Hand-waving behavior is the waving pattern of a person. In other words, it can be used to distinguish users because different individual, while interacting with the phone or not, the movement of hand holding the phone is difficult for different people wave differently. For example, many people use their hands to wave in a gentle way while others wave drastically when an individual waves while holding a smartphone. Several features can be used to distinguish among users. These include speed, frequency, waving range and the wrist twisting.

Wave-to-Access:

Wave-to-Access based on waving gestures to prevent malware attack on smartphones. This approach uses a lightweight ambient light sensor that is built in smartphones, to analyze phone dialing behavior. The authorized user has to wave his/her hand in front of the phone order to make a call.

Keystroke Based Authentication:

Validating the nature of typing motion is one of the oldest methods to validate users. This technique analyzes keystrokes to determine authorized and unauthorized users. Typing motion or keystrokes can be used to detect and identify the user based on his/her manner of typing. Typing motion is divided into static and dynamic typing. In static typing, participants are asked to type a short and pre-defined text to compare motion information, while in dynamic typing, the subject is not required to type a specific string.

SYSTEM REQUIREMENTS:

HARDWARE REQUIREMENTS: 

  • System : Pentium Dual Core.
  • Hard Disk : 120 GB.
  • Monitor : 15’’ LED
  • Input Devices : Keyboard, Mouse
  • Ram : 1 GB

SOFTWARE REQUIREMENTS: 

  • Operating system : Windows 7.
  • Coding Language : Android,JAVA
  • Toolkit : Android 2.3 ABOVE
  • IDE :         Android Studio

REFERENCE:

Abdulaziz Alzubaidi and Jugal Kalita, “Authentication of Smartphone Users Using Behavioral Biometrics”, IEEE COMMUNICATIONS SURVEYS AND TUTORIALS, 2016.  

An Exploration of Geographic Authentication Schemes

An Exploration of Geographic Authentication Schemes

An Exploration of Geographic Authentication Schemes

ABSTRACT:

We design and explore the usability and security of two geographic authentication schemes: GeoPass and GeoPassNotes. GeoPass requires users to choose a place on a digital map to authenticate with (a location password). GeoPassNotes—an extension of GeoPass—requires users to annotate their location password with a sequence of words that they can associate with the location (an annotated location password). In GeoPassNotes, users are authenticated by correctly entering both a location and an annotation. We conducted user studies to test the usability and assess the security of location passwords and annotated location passwords. The results indicate that both variants are highly memorable, and that annotated location passwords may be more advantageous than location passwords alone due to their increased security and the minimal usability impact introduced by the annotation.

PROJECT OUTPUT VIDEO: (Click the below link to see the project output video):

EXISTING SYSTEM:

  • Thorpe et al. report on the GeoPass system, which asks users to zoom in to a digital map and select a single location to be used as their password. GeoPass enforces certain zoom levels and error tolerances to balance security and usability.
  • SmartPass is a location password system with a similar design to GeoPass that was implemented for mobile phones. In a study with 20 users, and login tests on days 1, 2, 3,4, 7, and 31, they found that in all sessions, all users were able to recall their location password within 3 login attempts.
  • RouteMap is a system that requires a user to click a sequence of locations on a map, which displays a “route”. This sequence of locations becomes the users password.
  • Renaud et al. compare how users responded to traditional text challenge questions and picture-based challenges for both name-based and location-based questions. The location-based questions were often answered incorrectly in both cases, apparently due to the fact that users were required to enter a text city and country name, which lead to inexact inputs by users.

DISADVANTAGES OF EXISTING SYSTEM:

  • GeoPass is certainly vulnerable to offline guessing attacks.
  • Additionally, GeoPass may offer weak security against online guessing attacks in some circumstances (e.g., if it is deployed in a small city or if the adversary had a method of effectively prioritizing guesses). Thus, prudent implementations of GeoPass should find another way to increase security.
  • Login times were however still high.

PROPOSED SYSTEM:

  • We design and explore the usability and security of two geographic authentication schemes: GeoPass—first proposed and analyzed in the preliminary version of this work—and GeoPassNotes, which is proposed and analyzed for the first time in this paper. We first develop a map-based user authentication system we call GeoPass, in which a user chooses a single place on a digital map as their password.
  • We aim to enhance the security of location passwords by asking users to choose a note they can associate with their chosen location; we call this combination of the location password and its note an annotated location password. Users are authenticated by correctly entering both a location and an annotation. In essence, an annotated location password is using the location component to cue a user’s memory for text information; however, both components (location and text) are used together for stronger authentication. GeoPassNotes is our implementation of an annotated location password system.
  • We study annotations to evaluate the security and usability impact of adding this easily associable piece of information to the location password.

ADVANTAGES OF PROPOSED SYSTEM:

  • Our analyses suggest that annotated location passwords are more secure than and as memorable as regular location passwords.
  • Our security analyses suggest that GeoPassNotes is resistant to online attacks (even without any system-enforced policies) and to offline attack (with system-enforced policies).
  • Also, our security analysis for GeoPassNotes suggests it may offer stronger protection than text passwords against offline attacks.
  • We design adversary models and attacker strategies to allow estimation of the security these systems offer when considering patterns in user choice.
  • We compute the first, and to our knowledge only to date, estimates of the effective security provided by geographic authentication systems, using our adversary models and the user study data collected.
  • We perform the first analysis of user’s navigation patterns to better understand how they may be used to improve future geographic authentication schemes.

 

SYSTEM ARCHITECTURE:

An Exploration of Geographic Authentication Schemes

MODULES:

  • USER
  • ADMIN

MODULES DESCSRIPTION:

  1. User.
  • a] geo Pass the location (Geo registration)
  • b] Add geo notes to the location (App registration)
  • c] View his/her own location on map..
  • d] Find Route between any two locations and time taken to travel is measured..
  • e] Send Passcode to admin to decrypt the location
  1. Admin
  • a] View all users
  • b] decrypts the location
  • c] Finds distance between user location and office location.
  • d] based on the distance help user in choosing transportation

SYSTEM REQUIREMENTS:

HARDWARE REQUIREMENTS:

 

  • System : Pentium Dual Core.
  • Hard Disk : 120 GB.
  • Monitor : 15’’ LED
  • Input Devices : Keyboard, Mouse
  • Ram : 1 GB

SOFTWARE REQUIREMENTS:

  • Operating system : Windows 7.
  • Coding Language : Android,JAVA
  • Toolkit : Android 2.3 ABOVE
  • IDE :         Eclipse/Android Studio

REFERENCE:

Brent MacRae, Amirali Salehi-Abari, and Julie Thorpe, “An Exploration of Geographic Authentication Schemes”, IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 2016.

A Shoulder Surfing Resistant Graphical Authentication System

A Shoulder Surfing Resistant Graphical Authentication System

A Shoulder Surfing Resistant Graphical Authentication System

ABSTRACT:

Authentication based on passwords is used largely in applications for computer security and privacy. However, human actions such as choosing bad passwords and inputting passwords in an insecure way are regarded as “the weakest link” in the authentication chain. Rather than arbitrary alphanumeric strings, users tend to choose passwords either short or meaningful for easy memorization. With web applications and mobile apps piling up, people can access these applications anytime and anywhere with various devices. This evolution brings great convenience but also increases the probability of exposing passwords to shoulder surfing attacks. Attackers can observe directly or use external recording devices to collect users’ credentials. To overcome this problem, we proposed a novel authentication system PassMatrix, based on graphical passwords to resist shoulder surfing attacks. With a one-time valid login indicator and circulative horizontal and vertical bars covering the entire scope of pass-images, PassMatrix offers no hint for attackers to figure out or narrow down the password even they conduct multiple camera-based attacks. We also implemented a PassMatrix prototype on Android and carried out real user experiments to evaluate its memorability and usability. From the experimental result, the proposed system achieves better resistance to shoulder surfing attacks while maintaining usability.

PROJECT OUTPUT VIDEO: (Click the below link to see the project output video):

EXISTING SYSTEM:

  • Wiedenbeck et al. proposed PassPoints in which the user picks up several points (3 to 5) in an image during the password creation phase and re-enters each of these pre-selected click-points in a correct order within its tolerant square during the login phase. Comparing to traditional PIN and textual passwords, the Pass-Points scheme substantially increases the password space and enhances password memorability.
  • David Kim et al. proposed a visual authentication scheme for tabletop interfaces called ”Color Rings”, where the user is assigned i authentication (key) icons, which are collectively assigned one of the four color-rings: red, green, blue, or pink.

DISADVANTAGES OF EXISTING SYSTEM:

  • Most of the existing system image-based passwords are vulnerable to shoulder surfing attacks (SSAs). This type of attack either uses direct observation, such as watching over someone’s shoulder or applies video capturing techniques to get passwords, PINs, or other sensitive personal information
  • Some of them are not suitable to be applied in mobile devices and most of them can be easily compromised to shoulder surfing attacks if attackers use video capturing techniques like Google Glass.
  • The limitations of usability include issues such as taking more time to log in, passwords being too difficult to recall after a period of time, and the authentication method being too complicated for users without proper education and practice.
  • If observers are able to capture the whole authentication process, the passwords can be cracked easily.
  • A large number of objects will crowd the display and may make objects indistinguishable.
  • These kinds of passwords can be cracked by intersecting the user’s selections in each login because the color of the assigned ring is fixed and a ring can include at most seven icons. Thus, the attacker only requires a limited number of trials to guess the user’s password.

PROPOSED SYSTEM:

  • In this paper, we present a secure graphical authentication system named PassMatrix that protects users from becoming victims of shoulder surfing attacks when inputting passwords in public through the usage of one-time login indicators.
  • A login indicator is randomly generated for each pass-image and will be useless after the session terminates. The login indicator provides better security against shoulder surfing attacks, since users use a dynamic pointer to point out the position of their passwords rather than clicking on the password object directly.
  • The existing graphical authentication scheme is vulnerable to shoulder surfing attacks. Hence, based on the PassPoints, we add the idea of using one-time session passwords and distracters to develop our PassMatrix authentication system that is resistant to shoulder surfing attacks.

ADVANTAGES OF PROPOSED SYSTEM:

  • The passwords of our PassMatrix are easy to memorize.
  • Users can log into the system with only 1:64 (Median=1) authentication requests on average, and the Total Accuracy of all login trials is 93:33% even after two weeks.
  • Passwords are not exposed to risky environments.
  • The proposed system acts as a secure authentication system and will be able to defend against shoulder surfing attacks and will be applicable to all kinds of devices.

SYSTEM ARCHITECTURE:

A Shoulder Surfing Resistant Graphical Authentication

SYSTEM REQUIREMENTS:

HARDWARE REQUIREMENTS:

 

  • System : Pentium Dual Core.
  • Hard Disk : 120 GB.
  • Monitor : 15’’ LED
  • Input Devices : Keyboard, Mouse
  • Ram : 1 GB

SOFTWARE REQUIREMENTS: 

  • Operating system : Windows 7.
  • Coding Language : Android,JAVA
  • Toolkit : Android 2.3 ABOVE
  • IDE :         Eclipse/Android Studio

REFERENCE:

Hung-Min Sun, Shiuan-Tung Chen, Jyh-Haw Yeh and Chia-Yun Cheng, “A Shoulder Surfing Resistant Graphical Authentication System”, IEEE Transactions on Dependable and Secure Computing, 2016.