AUTHENTICATTION BY FUSION OF BINARY AND GRID

PASSWORDS
By B.NIKHITHA, P.PRIYANKA, R.SUMA
ANDHRA LOYOLA INSTITUTE OF ENGINEERING AND TECHNOLOGY

Abstract:
Authentication of an user is a highly severe menance to any computing device. The
most commonly used authentication techniques till today are alphanumeric, image
passwords, graphical passwords, biometrics e.t.c. Each and every technique
discussed above are having their own drawbacks, and these passwords are prone to
dictionary attacks, eavesdropping, shoulder surfing, and social engineering.
Although the graphical passwords are more user-friendly and increase the level of
security, they are vulnerable to shoulder surfing.
To address this problem we propose a new technique dual passwords for higher
authentication
This technique contains a text field for user name,
field with binary entries and numeric grid layout along with a toggle button which
provide a two way high level and user friendly authentication .

KEYWORDS:
authentication, grid passwords, binary password, graphical passwords, dictionary attacks, eaves
dropping attack, shoulder surfing ,user friendly, man-in-the-middle, attack, toggle button,
password identification pattern, non-trivial pips.

1.1 Base

attacks like dictionary attacks,

eavesdropping, shoulder surfing, and social
engineering e.t.c.

The base for this technique is providing

authentication using two passwords namely
Binary and grid passwords. By using the
binary passwords we can prevent most
common hacking attack called Man-in-themiddle attack in which the attacker can
monitor and alter or inject messages in to the
communication channel. By using the grid
passwords we can restrict the most common

In this method, user needs to pass mainly

through registration process at the beginning
and then head to login. In this users need not
remember tricky alphanumeric passwords
and difficult graphical or image patterns to
gain his rights or access permissions. The

1. Introduction:

best advantage obtained through this

technique is that it is hard to guess correct
passwords even they got hacked. For every
session of login, user have a unique set of
Grid and Binary entities which irritates the
hacker in solving passwords. Toggle button
is also to swap the transmission pattern
which makes the hacker critical to solve the
password even it got hacked.

1.2
Problem
techniques:

with

existing

The most popular

user authentication approach is text based
password scheme in which a user enters a
login name &password. Despite of its wide
usage, the textual passwords have a no. of
short comes. The simple and straight
forward textual passwords are easy to
remember but are more vulnerable for the
attackers to break where as the complex and
arbitrary passwords makes the system more
secure resisting the brute force search and
dictionary attack s but the difficulty lies in
retaining them besides this, textual
passwords are liable to the shoulder-surfing,
hidden cameras and spyware attacks.
However, most of the existing graphical
password authentication methods suffer
from shoulder-surfing a known hazard
where an intrudes can scrutinize the
password by recording the authentication
session or through direct surveillance.
Even through some of the graphical
password procedures resistant to the
shoulder surfing are proposed, yet they have
their own downside like usability issues or
consuming additional time for user to login
or having tolerance levels.

1.3 Objective:
The main objective of this
technique is to provide security to the
systems. The possible attacks like phishing,
sniffing, social attacks and shoulder surfing
can be remove. As soon as the session
expires, the password is the no longer valid.

1.4
Solutions
technique:

through

this

People use passwords to secure their

personal and confidential information from
others. Authentication process is needed to
find authenticated user and to secure the
information.
Grid password strategies have been
introduced as a substitute for textual
passwords, as hot spots can be easily
remembered when compared with words.
Further, it is difficult to formulate automated
attacks for grid passwords more over extend
the textual password and hence probably
providing a higher level of security.
Coming to binary passwords, these are
completely new to user and trust worth
where user need to validate the given
element set using 0s and 1s for every
session, a distinct element set would be
created by which common attacks like main-middle can be avoided. By using Toggle
Button. We would be providing higher
security by swapping the transmission order.

2. Description:
This technique generate session password
are resistant to dictionary attack, brute force

and shoulder surfing. The techniques use

grid for and binary elements for session
passwords generation.

Layout:
The complete layout of this technique
consists of common username filed which
takes the username specified during
registration.
There exists a password entry which
contains two row of first block, an empty
text blocks in the first 1 row of characters
blocks and other row empty text blocks for
binary entries. The no. of blocks in a row
depends on the length of the password. Next
comes, the grid where we mainly use
hotspots technique i.e grid position to
authenticate the user. The size of the grid
will be selected prior at the registration
phrase the level f security increases with the
increases in size of the grid. As the is a dual
password authentication technique, both the
password must be provided accurately. Fig
2.1 gives the layout of the login screen

Submi
t

fig 2.1 the layout

3. Implementation:
3.1 Phases:
3.1.1 Registration Phase:
During this phase, user enters his password.
Minimum length of the password is 6 and
can be up to 12 characters. The password
can contain even or odd number of
characters. The user is asked to select the
size of grid and then the hotspots are to be
selected. Moreover, basic details like first
name, last name, mobile number and emailid are given by the user. Clicking the
submit button in the registration form, all
the information inserted by the user is stored
on to the database. The whole procedure

would be common as regular registration

check out the elements of the set, giving out

excepting the grid, where it will be an

0 if false and 1 if true. Then comes the grid

additional step for the authentication during

where we would be concentrating on the

the login phase.

position of the block in the grid. Grid would

be generated uniquely for every session
same as the element set in binary password.
The positions in the grid are selected prior at
the registration phase as a password. In
addition to this dual password technique we
use toggle button. A toggle button is a button
which shuffles the order in which we
transmit the data, so that it would be hard for
the attacker in the middle to recognize and
distinguish the username with password and
the grid. Even if the attacker gets them it
would be of no use as we are using session
technique.

3.1.2 Login Phase:

During this phase, the user
has to enter the password based on the
interface displayed on the screen; here we
have a special way of entering password
through binary digits. (Which is explained in
fig.3.1.2.1) a random set of elements would
be generated every time when the user tries
to login into his account. The set would be
generated distinctly and the user has to

This is a technique which is completely

new to the users where less effort is
sufficient to remember ones password and
completely avoiding the shoulder surfing
attack. In this type of authentication the user
is provided with asset of random elements
along with text boxes. Each letter of the
password would be evaluated individually,
the user may not give the password every
time when he logins into his account. By
evaluating the each element in generated set
with zero or one he would be able to
access into his area. Fig3.2.1.1 shows the
fig3.2.1.1 binary authentication

3.2 Authentication:
3.2.1Binary Digit Authentication:

procedure of authentication

3.2.2 Grid authentication:

Grid works by
presenting the end-user with a matrix of
cells during enrollment containing random
characters, from which they select a
'personal
identification
pattern
(PIP).Thereafter, whenever the end-user
wishes to authenticate to a Safe Net
Authentication Service protected resource,
the user is presented with a challenge grid
containing random characters. The user then
enters the characters in the cells that
correspond to their PIP. No hardware to lose
and far superior to static passwords. Every
time the challenge grid appears, the
characters in the cells are different, so the
user is always entering a one-time pass
code.Users are presented with a different
grid each time they access a protected
resource. They simply enter the characters

from the grid cells that correspond to their

PIP. The user would be selecting the size of
the grid at the registration phase.
Grid size:

3x3

4x4

5x5

6x6

7x7

8x8

Ideal for IIS6 based web sites: Users

simply browse to the protected site where
they are prompted to enter their PIP to
complete the authentication process.
Cost Effective: This low cost solution
becomes even more attractive because
there's no administrative overhead with
provisioning users with tokens. Grid
Authentication is an innovative way to
ensure an added security if you are
accessing your account from a
untrustworthy computer.

3.2.3 Toggle button:

Grid Character Sets:

Zero Footprints: There is no hardware to

distribute and no client software to install or
maintain.

Digits
Special symbols
Punctuations
Uppercase and lowercase letters
Non-trivial PIPS

Using a PIN with Grid token as with other

Safe Net Authentication Service tokens, the
Grid pass code can be combined with a PIN,
adding an extra layer of protection based on
something only the user knows. If PINs have
been enabled, the user will enter their PIN
followed by the characters in the cells
corresponding to their PIP in the OTP field
of the logon form.

A toggle button allows the

user to change a setting between two states.
You can add a basic toggle button to your
layout with the Toggle Button object A
toggle button here if used to swap the order
in which a regular transmission of data is
carried. That is when the toggle button is on
the data will be sent swapped between the
users or between the user and server so that
even if the intruder wants to trap the data
from the middle he would not be able to
understand it. This works with a key called
toggle key which would be sent at the end of
the data. This toggle button gives more
security to our technique.

Usability: Grid token is easy to use in any

user population.

5.Conclusion:

The

simple-to-

use

technology is ideal for securing both local

(i.e. LAN) and remote (i.e. internet, extranet,
cloud)

access,

and

it

offers

several

deployment options. It can be deployed as

an additional layer on top of your existing
Active Directory authentication; can provide
technology is based on humans instinctive

a stand-alone point solution for secure

ability to memorize patterns much easier

authentication to an application or service.

than PINs or complex and constantlychanging passwords. Each time a user logs

6. Future scope:

on, they use their Personal Identification

Pattern of cells to read a sequence of
numbers from a dynamically changing grid.
This generates a different and unique OneTime Pass code (OTP) each time they log
on. Unlike traditional solutions, at no point
in the authentication process does the user
reveal their secret pattern. And they NEVER
have to touch the grid while they are logging
on. Recent events continue to demonstrate
that

traditional

1-factor

and

2-factor

solutions are no longer a sufficient way of

providing secure authentication. With the
grid solution, because the shared secret
pattern is not revealed, it is much less prone
to the threat of interception, screen scraping
and shoulder surfing. And because there is
no separate hardware token involved, the
costs of deployment and administration are
greatly

reduced

traditional

when

two-factor

compared
solutions

to
.This

In this paper, two authentication techniques

based on binary and grid are proposed for
PDAs. These techniques generate session
passwords and are resistant to dictionary
attack, brute force attack and shouldersurfing. Both the techniques use grid for
session passwords generation. However
these schemes are completely new to the
users and the proposed authentication
techniques should be verified extensively for
usability and effectiveness. These techniques
can

also

be

developed

as

windows

application such as a folder locker or an

external gateway authentication to connect
the application to a database or an external
embedded device

7. Acknowledgement:
We are using this opportunity to express my
gratitude to everyone who supported us
throughout. I am thankful for their aspiring

guidance, invaluably constructive criticism

and friend y advice during the project work.
I am sincerely grateful to them for sharing
their truthful and illuminating views on a
number of issues related to the project.

8. References:
1.

R. Dhamija, and A. Perrig. "Dj Vu: A

User
Study
Using
Images
for
Authentication". In 9th USENIX Security
Symposium, 2000.
2.
Real User Corporation: Passfaces. www.
passfaces. com
3.
Jermyn, I. , Mayer A. , Monrose, F. ,
Reiter, M. , and Rubin. , "The design and
analysis of graphical passwords" in
Proceedings
of
USENIX
Security
Symposium, August 1999.
4.
A. F. Syukri, E. Okamoto, and M.
Mambo, "A User Identification System
Using Signature Written with Mouse," in
Third
Australasian
Conference
on
Information Security and Privacy (ACISP):
Springer-Verlag Lecture Notes in Computer
Science (1438), 1998, pp. 403-441.
5.
G. E. Blonder, "Graphical passwords," in
Lucent Technologies, Inc. , Murray Hill, NJ,
U. S. Patent, Ed. United States, 1996.
6.
Passlogix, site http://www. passlogix.
com.
7.
HaichangGao, ZhongjieRen, Xiuling
Chang, Xiyang Liu UweAickelin, "A New
Graphical Password Scheme Resistant to
Shoulder-Surfing
8.
S. Wiedenbeck, J. Waters, J. C. Birget,
A. Brodskiy, N. Memon, "Design and
longitudinal evaluation of a graphical
password system". International J. of
Human-Computer Studies 63 (2005) 102127.
9.
W. Jansen, "Authenticating Mobile
Device User through Image Selection," in
Data Security, 2004.
10.
W. Jansen, "Authenticating Users on
Handheld Devices "in Proceedings of

Canadian Information Technology Security

Symposium, 2003.
11.
D. Weinshall and S. Kirkpatrick,
"Passwords You'll Never Forget, but Can't
Recall," in Proceedings of Conference on
Human Factors in Computing Systems
(CHI). Vienna, Austria: ACM, 2004, pp.
1399-1402.
12.
J. Goldberg, J. Hagman, V. Sazawal,
"Doodling
Our
Way
To
Better
Authentication", CHI '02 extended abstracts
on Human Factors in Computer Systems,
2002.
13.
H. Zhao and X. Li, "S3PAS: A Scalable
Shoulder-Surfing
Resistant
TextualGraphical
Password
Authentication
Scheme," in 21st International Conference
on Advanced Information Networking and
Applications Workshops (AINAW 07), vol.
2. Canada, 2007, pp. 467-472.
14.
S. Man, D. Hong, and M. Mathews, "A
shoulder
surfing
resistant
graphical
password scheme," in Proceedings of
International conference on security and
management. Las Vegas, NV, 2003.
15.
X. Suo, Y. Zhu and G. Owen, "Graphical
Passwords: A Survey". In Proc. ACSAC'05.
16.
Z. Zheng, X. Liu, L. Yin, Z. Liu "A
Hybrid password authentication scheme
based on shape and text" Journal of
Computers, vol. 5, no. 5 May 2010