GRAPHICAL PASSWORD AUTHENTICATION USING

CUED CLICK POINT TECHNIQUE

NOR AZIDA BINTI MOHD FAZLI

BACHELOR OF COMPUTER SCIENCE (COMPUTER

NETWORK SECURITY) WITH HONOURS

UNIVERSITI SULTAN ZAINAL ABIDIN

2021

GRAPHICAL PASSWORD AUTHENTICATION USING CUED

CLICK POINT TECHNIQUE

NOR AZIDA BINTI MOHD FAZLI

BACHELOR OF COMPUTER SCIENCE (COMPUTER

NETWORK SECURITY) WITH HONOURS

Universiti Sultan Zainal Abidin

2021

i

DECLARATION

I hereby declare that the report is based on my original work with allocate the

information source of research knowledge except for quotations and citations, which

have been recognized correctly. I also declare that it has not been previously or

concurrently submitted for any other degree at Universiti Sultan Zainal Abidin or other

institutions.

_______________________________

Name: Nor Azida Binti Mohd Fazli

Date: 28 January 2021

ii

CONFIRMATION

This is to confirm that:

The research conducted and the writing of this report were under my supervision.

__________________________

Name: Roslinda Binti Muda

Date: 28 January 2021

iii

DEDICATION

In the Name of Allah, the Most Gracious and the Most Merciful. Alhamdulillah, thank

God for His grace and grace, I can prepare myself to write the report with enough

healthy during pandemic time.

First of all, I would like to express my appreciation to thank my supervisor, Madam

Roslinda Binti Muda because I have the chance to effectively write this report with her

guidance and recommendation, advice, and insightful thoughts.

As well as my gratitude is also to my colleagues who share ideas, opinions, knowledge,

and reminders. They helped me answer every question that was important to me during

making the report. Thanks also to my beloved mother and family for always encourage,

give the support and understanding my task to prepare the report for Final Year Project

I in the house.

I would like to take the opportunity to thank all lecturers of the Informatics and

Computing Faculty for their supporting and exchanging ideas and perceptions to write

this report more focus, direction and advice.

May Allah SWT bless all the efforts that have been given in completing this report.

Thank you.

iv

ABSTRACT

Various kind of system generally uses a graphic-password approach in the

authentication process as an additional action to protect user’s privacy data. Password

authentication in graphics-based enhance the level of security login system rather than

only use a text-based password. The user tends to create memorable text password

where give a chance to attackers for guess the user’s password. Then, it will cause the

user’s password is weak and insecure. However, using a graphic password likewise a

vulnerable state to shoulder surfing attack. This scheme is designed to implement the

use of cued click point technique in graphical password authentication to improve the

data security of the user's password. In cued click point technique, it will request the user

to click a point of the image in the sequence where a specific part pixel’s value will

bring to click point x and y. Cued Click Point technique will create an effective way to

provide the graphical password in making the data user is more secure instead of only

using the textbase form. The expected outcome of this project is it can reduce the guess

by intruders and be alert of shoulder surfing attacks by applying cued click point

technique in graphical password authentication.

v

ABSTRAK

Pelbagai jenis sistem umumnya menggunakan pendekatan kata laluan-grafik dalam

proses pengesahan sebagai tindakan tambahan untuk melindungi data privasi

pengguna. Pengesahan kata laluan berasaskan grafik meningkatkan tahap keselamatan

kemasukan ke dalam sistem daripada hanya menggunakan kata laluan berasaskan teks.

Pengguna cenderung membuat kata laluan teks yang tidak dapat dilupakan di mana

ianya memberi peluang kepada penceroboh untuk meneka kata laluan pengguna.

Kemudian, ia akan menyebabkan kata laluan pengguna lemah dan tidak selamat.

Namun begitu, menggunakan kata laluan grafik juga lemah terhadap serangan

“shoulder surfing”. Skema ini dirancang untuk menerapkan penggunaan teknik titik

klik yang disyaratkan dalam pengesahan kata laluan grafik untuk meningkatkan

keselamatan data kata laluan pengguna. Di dalam teknik petunjuk titik klik, pengguna

akan mengklik titik gambar dalam urutan di mana nilai piksel bahagian tertentu akan

membawa ke titik klik x dan y. Teknik petunjuk titik klik akan memberikan sebuah cara

yang berkesan dengan menggunakan kata laluan grafik untuk menjadikan data

pengguna lebih selamat dan bukan hanya menggunakan teks semata-mata. Hasil yang

diharapkan daripada projek ini adalah dapat mengurangkan cubaan oleh penceroboh

dan waspada terhadap serangan “shoulder surfing”dengan menerapkan teknik

petunjuk titik klik dalam pengesahan kata laluan grafik.

vi

CONTENTS

Pages

DECLARATION i CONFIRMATION ii DEDICATION iii

ABSTRACT iv ABSTRAK v

LIST OF TABLES vii LIST OF FIGURES viii LIST OF ABBREVIATIONS ix CHAPTER 1 INTRODUCTION 10

1.1 Project Background 10

1.2 Problem Statement 12 1.3 Objectives 12 1.4 Scope 12 1.5 Limitation of Work 13

1.6 Thesis Structure 13 1.7 Summary 14

CHAPTER 2 LITERATURE REVIEW 15 2.1 Introduction 15

2.2 Cued Recall Method 15 2.2.1 Blonder Algorithm 15 2.2.2 Passpoint Algorithm 16

2.2.3 Background DAS Algorithm 16 2.2.4 Passmap Algorithm 17

2.2.5 Passlogix v-Go Algorithm 18 2.3 Usability and security in graphical-password based 19 2.4 Summary 25

CHAPTER 3 METHODOLOGY 26

3.1 Introduction 26 3.2 Framework of Graphical Password Authentication Using CCP

Technique 26 3.3 Use Case Diagram Authentication System 27

3.4 Sequence Diagram Login Phase 28 3.5 Flowchart of Cued Click Point Technique 28 3.6 ERD Diagram of GPA Data Structure 30

3.7 Summary 30 CHAPTER 4 CONCLUSION 31

4.1 Introduction 31 REFERENCES 32

vii

LIST OF TABLES

Table No. Title Page

Table 1. Comparison of the method in Cued Recall based 19

Table 2: Usability and security parameters in graphical password 21

viii

LIST OF FIGURES

Figure No. Title Page

Figure 1: Blonder Algorithm 16

Figure 2: Passpoint Algorithm 16

Figure 3: Background DAS Algorithm 17

Figure 4: Passmap Algorithm 18

Figure 5: Bedroom Environment Passlogix v-Go Algorithm 18

Figure 6: The framework of GPA with Cued Click Point technique 27

Figure 7: Use Case Diagram Authentication System 27

Figure 8: Login Phase by Using Sequence Diagram 28

Figure 9: Flowchart of Password in Cued Click Point Technique 29

Figure 10: Cued Click Point Technique in Graphical Password 29

Figure 11: ERD Diagram of GPA Data Structure 30

ix

LIST OF ABBREVIATIONS

GPA GRAPHICAL PASSWORD AUTHENTICATION

CCP CUED CLICK POINT

10

CHAPTER 1

INTRODUCTION

1.1 Project Background

Along with the growing advancement technology, the world becomes digital at a fast

speed and develop several platforms happen in an online form such as online shopping

and storing all the credential information like phone number and credit card details in

digital storage. When everything is changing online, the risk of cyber fraud and data

breaches is rising. Secure data and information of users became a critical significant

in an authentication system. Password acts as a first-line level as defenders in avoiding

from intruders easily access user’s privacy. Many systems have provided an

authentication process (login form) to an authorized user before they can access their

account. Authentication acts as a mechanism where the system can determine and

verify the authorized user [1].

The user can prove their identity through three major authentication categories

are Token-Based Authentication, Biometric-Based Authentication, and Knowledge-

Based Authentication provided by the system [2]. Commonly, more system prefers

Knowledge-Based Authentication due to less cost rather than Biometric-Based and

Token-Based Authentication. In Knowledge-Based Authentication involves two

technique which is text-based and picture-based.

Since text-based password or traditional method authentication using

alphanumeric passwords, the main proposed for this password is to offer more security

level in resisting the intruders to gaining user’s data within a little time. Combination

of the mix (letter, upper and lower case, number and symbol) and long characters (more

11

then 8) will ensure the password becomes strong and hard to guess, thus the privacy

of a user is not easy to crack. Unfortunately, it will give the burden on the user for

memorizing the jumble of characters.

As an alternative to conquer this problem, other than Biometric-based,

graphical-password are used to assist the user in creating a password more convenient

and protected. In the graphical-password authentication (GPA) method, this method

offers to replace the alphanumeric password with graphics-based and implement the

two main aspects are usability and security parameter. With GPA, other than easy to

remember and its also provide more security than text-based as well goes to human

brain tend to recognize visual information like a photo than text information in their

memory [3]. Hence, the user will effortlessly recall the image used. GPA is classified

into two categories where are pure recalled-based and cued recall-based.

Cued Click Point (CCP) is a method under cued recall-based. In this method,

the user will click on any point of the image for each image that chose and then capture

the specific part pixel’s value will bring to point x and y. A click point is used on five

different images [4]. The user could fast create and re-enter their watchword and very

precise when entering their click point on the image and hard to guess by an attacker

due to having a large set of images [5].This project proposed to implement the CCP

technique in graphical password authentication to overcome the user’s problems and

thus increase the data security of the user’s password. Therefore, a password will be

more protected with the increasing number of the image where give workloads to

attacker especially shoulder surfing. The implementation of Cued Click Point

technique in graphical password based will be effective in making user use more

friendly and the data user is more secure instead of only using the textbase form.

12

1.2 Problem Statement

The user tends to create an easy-to-remember password scheme as well as use

memorable things as a password like date of birth. Without them realize, the password

will be easy to crack by an attacker with using several methods such as the use of tool

John The Ripper. Also, users keep the same password to different accounts [6] to avoid

themselves to forget many passwords that have been created.

Other issues come up is the potential of using graphical password based to

the authenticate user also give a drawback where the shoulder surfing attack can

capture the picture (password) loaded by the user during the authentication process

and by other attackers. Hence, the traditional method authentication, textual password

give burden to the user for remember it and at the same time protection of graphical

password in term of securing the password is low.

1.3 Objectives

The following objectives are being targeted in this project:

i. To study and examine various approaches in the graphical password method.

ii. To design an authentication system using graphical-based as a password.

iii. To evaluate Cued Click Point technique in graphical password authentication to ease the

user and get better security towards password.

1.4 Scope

This project will focus on creating graphic password authentication that is more secure

and easy to remember by applying cued click point technique in graphic password-

based.

13

1. User Scope

The new user needs to register in the system where requires basic access authentication

like username and other required details. Next, the user must choose five different

images and click a point for each image to insert the password to make registration

successful.

2. System scope

This project provides security for ensuring the user’s password was protected, so an

unauthorized user and intruder can’t invade into a user account. It will capture a point

on the image that is clicked by the user. Then generate value (involve two primes

number x and y) as a user’s password.

1.5 Limitation of Work

The limitation has been discovered in this project where for the user didn’t remember

their click point on the image, the system only provides two chances, and after that login

process was closed. It will cause the user to need to login back in to enter the system.

Also, the limited choice of picture to insert the point where the user needs to click on

the given picture only and the user need to re-click again the point for all pictures if they

want to change only one point on one image. Next, this proposed project also has a

limitation where it can’t provide the forget password form because this project wants to

test the level of effectiveness Cued Click Point technique as a method to alter the textual

method.

1.6 Thesis Structure

This thesis consists of 3 chapters where encompass the detailed information related to

this project.

14

Chapter 1

Chapter 1 covers the introduction of the idea of the whole project. The section that in

this chapter are project background, problem statement, objectives, scope, limitation,

and limitation work for this project.

Chapter 2

In the chapter 2, the review of the literature paper will be present and describe related to

the project to acquiring more information and understanding the proposed project. The

method that has been used for graphical passwords will be explained in this chapter.

Also, the important element of graphical passwords from reading materials such as

journals will be described in this chapter.

Chapter 3

In the chapter 3, the methodology of this project will be explained where to include its

process model and data model and adding some detailed design where include

framework and flowchart will be more illustrate and describe this project in this

chapter.

Chapter 4

Chapter 4 contains the conclusion regarding information about Graphical Password

Authentication by using Cued Click Point techniques.

1.7 Summary

The necessary information related to this project were discussed in this chapter. The

implementation of Cued Click Point as a technique or method in graphical password

were used to conquer(overcome) the problem in graphical-based password.

15

CHAPTER 2

LITERATURE REVIEW

2.1 Introduction

In the literature review, it will review cued recall method in a graphics-based password

where it will focus on click the point on the image and also review some study to

compare the element usability and security that should have in the graphics-based

password as the sources to complete the project.

2.2 Cued Recall Method

Graphical-based password is another method that uses in knowledge-based method to

verify authorized users. The various method that has been used to create a password

with graphic based. One of the main methods is cued recall based. In this method, the

user needs to click the point as their password on the image. These are the following

method in cued recall based.

2.2.1 Blonder Algorithm

This algorithm was created by Greg E. Blonder in 1996. The user needs to click the

point on the region in the given picture to get successful access to the system.

According to Blonder, this algorithm is safe because it has a million different regions

to choose from (Lashkari et al., 2010). Figure 1 shows the Blonder algorithm is being

used to create the password.

16

Figure 1: Blonder Algorithm

2.2.2 Passpoint Algorithm

An alternative algorithm was designed to enhance the limitation of the Blonder

technique (lack with have the predefined region in the image). This scheme has been

developed by Wiedenbeck et al. in 2005 and comprises a sequence of a click point (5

to 8) that allows the user to choose it on an image. With using any nature image or

favorite image as well, it should be rich enough to have many possible click points as

a hint (picture) to the user in remembering the click points (O, 2015). Figure 2

illustrated the clicked point in the Passpoint algorithm.

Figure 2: Passpoint Algorithm

2.2.3 Background DAS Algorithm

An improvement technique has been proposed in 2007 for easy for the user to create

the credentials and enhance security from the original DAS scheme. Instead of drawing

a grid, this technique adding a background image to provide a cued recall. Therefore, the

17

user needs to choose one of the three-way states:

i. Before starting drawing, users need to have a secret in their mind and then

by using point, draw it from a given background image.

ii. The user’s secret choice must affect by various characteristics of the image.

iii. User can mix two way afore.

User is easy to learn and create the graphical-password but it is the lack in reproduce the

previous secret password and allows shoulder surfing to do attack (Hafiz et al., 2008).

Figure 3 shows the example of creating a password in the Background DAS algorithm.

Figure 3: Background DAS Algorithm

2.2.4 Passmap Algorithm

In Passmap algorithm, its provide less click point than Passpoint and more security.

Other than that, the user will easy to memorize and it is also convenient to use in

practice. User is effortless to recall the landmarks on a well-known journey according

to studies of human memory (Aarthi & Elangovan, 2014). Figure 4 will show the

Passmap algorithm.

18

Figure 4: Passmap Algorithm

2.2.5 Passlogix v-Go Algorithm

Passlogic Inc. is a commercial security company located in New York City USA has

created this algorithm in 2002. In this algorithm, it uses a “Repeating a sequence of

actions” technique where the password is created by chronology situation. From this,

the user can select the image by drag a series of the item in the image based on

environment to create the password(Gokhale & Waghmare, 2016). Figure 5 will show

the environment that to create a password.

Figure 5: Bedroom Environment Passlogix v-Go Algorithm

19

Table 1. Comparison of the method in Cued Recall based

Algorithm Of

Cued Recall Method

Pros Cons

Blonder Safe algorithm to

keep password user is

secure.

The number of predefined

click regions was small thus

make the password is quite

long to be secure.

User can’t choose their point

in the image

Passpoint Allow user to choose

several points in the

picture with

particular order.

Taking a longer time than

the alphanumeric method

to log in.

Background DAS Easy to create by the

user on both

background image and

drawing grid.

Memory decaying next

a week later.

Passmap Not exposed to

shoulder surfing.

Vulnerable to Brute

Force Attack.

Passlogix v-Go Attract and ease the

user to create their

password with real

situation.

The size of the password

space is small.

Easy to guessable.

2.3 Usability and security in graphical-password based

Usability and security features are essential to get an efficient graphic-based password

method. Balancing both features is important that needs to observed when creating the

graphics-based password. It is because the usability of this scheme allows users to be

able to create their password with the graphic password with friendly and easy-to-use

and at the same time the security of this scheme can act as a defender to avoid any data

20

breach to the attacker. The previous study will be review to observed its effectiveness.

According to (Hafiz et al., 2008), the researchers recognized the traditional

authentication system has its flaws in the aspect of usability and security where can

give the problem to the user. A graphical password might be an option to conquer this

problem. In this paper, to improve the existing user authentication technology schemes

to make this method more usable and secure to the user, the longitudinal trial testing

method in a controlled lab environment has been used. Hence, a graphical password

scheme is difficult to be cracked by traditional attack methods such as brute force

search, dictionary, social engineering, and spyware attack have been identified. Even

though graphical authentication has been proposed as a possible alternative solution to

text-based authentication due to the strong password is difficult to memorize. (Masrom

et al., 2009) has found the common lacks that occur in the algorithm of Pure Recall-

Based and Cued Recall Based have been identified. And at the same time, if using the

graphical password, it may better to avoid dictionary attacks due to the number possible

of passwords space is high. (Singh & Chanu, 2013) stated the memorable of user

remember the graphic password have been described with the implementation of Cued

Click technique.

In graphical passwords, it is important to achieve the two main elements

which are security and usability. (Bhanushali et al., 2015) have compared the

algorithm based on two metrics which are the security (attack in graphic password

method) and usability (password space and entropy). Hence, the graphical password

has better security more reliable have been founded. It is true humans easy to remember

the graphic rather than text when (Khodadadi et al., 2016) stated in the paper that the

human psychology study reveals that humans find it not difficult to memorize pictures

as opposed to characters. Besides, the usability aspect of the graphical password scheme

21

has many categories. With using technique comparison of success rate login, login

time, and memorability in details, a set of usability attributes that can be applied in

recognition-based Graphical Password technique have been found which is can be

classified in nine categories like “User assigned Images, Meaningful Images, Category

of Images, Easy and Fun to Use, Easy to Create, Easy to Execute, Easy to learns and

Understand, Easy to Correct, and Nice and Simple Interface”. But, the graphical

password is unresistant to shoulder surfing attacks (Gokhale & Waghmare, 2016).

Then, the use of cued click point technique with many images and separated click point

can avoid the shoulder surfing attack(Sharma et al., 2017). Furthermore, the pattern

and the other common attacks have been identified(Poharkar, 2017). As a solution to

get more security, (S et al., 2018) found cued click point and persuasive cued click

point provide better security.

Table 2: Usability and security parameters in graphical password

Year Tittle Author Technique Descriptions

2017

Cued

Click

Point

(CCP)

Algorithm

for

Graphical

Password

To

Authentica

te

Sharma,

Soni

Pawar,

Monali

Patil,

Snehal

Gole,

Sonam

Cued Click Point

Algorithm

To provide more security

of graphical password to

resist the shoulder surfing

attack.

Percentage of shoulder

surfing attack before using

Cued Click Point is higher

than after using Cued

Click Point

22

Shoulder

Surfing

Resistance

2018 Authentica

tion

System–

Overview

of

Graphical

Passwords

S, Ms.

Dhiviyaa

R, Ms.

Rakshitha

K R, Ms.

Vijayabha

rathi

Method of

graphical

password:

recognition based

and recall based

authentication

Review of recognition

based and recall based

authentication

Proposed Cued Click Point

and Persuasive Cued Click

Point is better security

Graphic passwords are

more dependable and

cheaper than

authentication methods.

2017 Graphical

Password

Authentica

tion

Technique

: A Survey

Kanchan

Poharkar,

Dr.S.A.

Ladhake

Do a comparison

of security issue

in the graphical

password and

text-based

password and

identify major

design and

implementation

Survey of graphical

password techniques about

+ Security issue that

arrives + Design and

implementation issue

Survey on attack pattern

and common attacks in

graphical password

authentication.

23

issue of graphical

password

2016 The

Shoulder

Surfing

Resistant

Graphical

Password

Authentica

tion

Technique

Gokhale,

Mrs.

Aakansha

S.Waghm

are,

Vijaya S.

Modified of

Recognition and

Recall based

approach

+ To proposed new

graphical password

authentications that

resistant to shoulder

surfing and other types of

possible attacks.

+ Provide more strong

security against brute force

and guessing attack due to

having large password

space.

2016 Evaluation

of

Recognitio

n-Based

Graphical

Password

Scheme In

Term Of

Usability

and

Security

Attributes.

Touraj

Khodadadi

,A.K.M.

Muzahidul

Islam,

Sabariah

Baharun,

Shaza

Komaki

Make comparison

in details

according to

success rate login,

login time, and

memorability

+ Research usability

features that need to add

on and possible attacks

will happen in recognition-

based

+ Found a set of usability

attributes that can be

classified into 9 categories.

+ The possibility of the

attack on the Recognition-

Based Graphical Password

technique identified where

24

only the passfaces scheme

and triangle scheme has

the least attack were only

vulnerable Brute Force

Attack.

2015

Compariso

n of

Graphical

Password

Authentica

tion

Technique

s

Arti

Bhanushal

i, Bhavika

Mange,

Harshika

Vyas,

Hetal

Bhanushal

i, Poonam

Bhogle

Comparing the

algorithm based

on two metrics: 1)

Security +

Attack, password

space and entropy

resistance

2) Usability

+ Usability

features

+ Describe and discuss the

various approach by using

graphical passwords. +

Passpoint algorithm gives

a secure advantage over

other algorithms due to

having a large password

space than the

alphanumeric password.

But it is vulnerable to

Spyware attacks.

2009 Pure and

Cued

Recall-

Based

Graphical

User

Authentica

tion

Maslin

Masrom,

Farnaz

Towhidi,

Arash

Habibi

Lashkari

Identify the lacks

of the algorithm

of Pure Recall-

Based and Cued

Recall Based in

detail.

5 common lacks in 9 nine

algorithms (both

techniques) that have been

discovered.

25

2008 Towards

Identifyin

g Usability

and

Security

Features

of

Graphical

Password

in

Knowledg

e-Based

Authentica

tion

Technique

Muhamma

d Daniel

Hafiz,

Abdul

Hanan

Abdullah,

Norafida

Ithnin,

Hazinah

K. Mammi

Use the

longitudinal trial

testing method in

a controlled lab

environment

Graphical password

scheme is difficult to be

cracked by traditional

attack methods such as

brute force search,

dictionary, social

engineering, and spyware

attack.

2.4 Summary

In this chapter, the information related to this project will be used as the source after

reviewing and analyzing the previous research paper. It is important to find the best

method for overcoming the problem that has been stated.

26

CHAPTER 3

METHODOLOGY

3.1 Introduction

In methodology, the choice of the efficient method and technique will be described to

ensure the flow of the project is more systematic during development. The performances

of theoretical analysis (method) will be explained on how the method is used to run the

project. All the system design (diagram) are implemented including the framework, use

case diagram, sequence diagram, flowchart and ERD diagram of the project.

3.2 Framework of Graphical Password Authentication Using CCP Technique

This framework explained a series of steps and decisions that describing the way of

graphical-password is work completed during the authentication process. In this project,

in Figure 6 below shows, at the first stage, the new user needs to register their

information before creating a password like a username, date of birth, email, and phone

number. Then, they need to click the one point on the five given different picture in the

sequence. Their information will be saved into the database. During the login phase, the

user needs to enter the username, click the point same as the registration phase before.

The system will provide the registered image in the sequence. Then, compare the value

of point in the database and send back the result to the registered user. Hence, if the

information is the same as registration before, the user has success authenticate.

27

Figure 6: The framework of GPA with Cued Click Point technique

3.3 Use Case Diagram Authentication System

This diagram will show the general relationship between the use case, user, and database

in the authentication system. For new users, it will interact with the system where they

need to fill in requirements like username, date of birth, email, and password. During

set the password, the system will give several pictures that need the user to choose. The

user will choose 5 pictures and click a point on the chosen image. Then, the database

will save the information. For the registered user, they will enter the username and click

the point on images that give by the database.

Figure 7: Use Case Diagram Authentication System

28

3.4 Sequence Diagram Login Phase

By using a sequence diagram as a model, it will present concisely how the data flow

that happens during the login phase. It involves four entity which are user, login form,

system, and database. After the registered user clicks the login button and enter the

username, the database will provide the images and the system will send them to the

user in the sequences. The user needs to click a registered point on the image, this

process will repeat five times because, during registration, the user has registered the

point for five images which means 5 points. After clicking the valid point, the password

match and the user are passed and authenticate.

Figure 8: Login Phase by Using Sequence Diagram

3.5 Flowchart of Cued Click Point Technique

The Cued Click Point technique will be shown in the flowchart design how it can be

run in graphical-password. This technique will start doing the repetition where during

the process user will choose the image and click a point on the image. After the user

finishes their task, the technique will increment until the condition is equal or more than

5 where means the image is enough 5. The image is having some of the pixels. And then

on each pixel, the value of point X and Y was captured. Hence, both values as a user’s

password will store directly in the database.

29

Figure 9: Flowchart of Password in Cued Click Point Technique

In Figure 10 below, after the user login, this technique will also be doing repetition and

during the process click the registered point, it’s provided condition if the point is not

the same as registered, the user needs to re-click again on the image. Hence, they have

been success authenticate users after finish the process.

Figure 10: Cued Click Point Technique in Graphical Password

30

3.6 ERD Diagram of GPA Data Structure

In this diagram, it will show the data structure that happens in a graphical password

authentication system. To create an efficient and effective database, the ERD diagram

will help to organize the entity and relationships that happen in the database. The main

entity that will be focused is password and image. For these entities, it is essential to

ensure the user easily gain their password. Figure 11 below illustrates the relationships

that happen in graphical password authentications.

Figure 11: ERD Diagram of GPA Data Structure

3.7 Summary

In this chapter, it has been discussed the details about the method that measures before

applying it to the project. It is essential to ensure the determined project’s flow run

smoothly.

31

CHAPTER 4

CONCLUSION

4.1 Introduction

In conclusion, graphical-password based as an alternative method instead use the

alphanumeric password to ensure the user more easily to memorize and their credential

will be more protect from traditional attack method like Brute force attack. However,

the graphical password vulnerable to shoulder surfing attack. Hence, the Cued Click

Point technique as one of the methods in graphical-password based be a solution to

overcome this problem. The increase number of images will give the burden to attacker

for guessing the user’s password. The data and information user will be more secure.

32

REFERENCES

[1] Harold F. Tipton, M. K. (2007). Information Security Management Handbook Volume 1. New York: Auerbach Publication.

[2] Bhanushali, A., Mange, B., Vyas, H., Bhanushali, H., & Bhogle, P. (2015). Comparison of Graphical Password Authentication Techniques. International

Journal of Computer Applications, 116(1), 11–14. https://doi.org/10.5120/20299-

2332.

[3] Dhanashree Kadu, Shanthi Therese, Anil Chaturvedi, “An Effective Authentication Method Using Improved Persuasive Cued Click Points “, International Research Journal of

Engineering and Technology, Vol. 4, Issue 10, Oct 2017.

[4] Iranna A M, Pankaja Patil, “graphical password authentication using persuasive cued click point “, International Journal Advanced Research in Electrical,

Electronics, and Instrumentation Engineering, Vol. 2, Issue 7, July 2013.

[5] R. Shantha Selva Kumari, S. Viji, “Cued Click Point Using Picture Grid “, International Journal of Computer Science and Network”, Vol. 4, Issue 6, Dec

2015.

[6] S. Chiasson, R. Biddle, and P. van Oorchat, “A Second Look at the Usability of Click-Based Graphical Password,” Proc. ACM Symp. Usable Privacy and Security

(SOUPS), July 2007.

[7] Aarthi, D., & Elangovan, K. (2014). A Survey on Recall-Based Graphical User Authentications Algorithms. 2, 89–99.

[8] Bhanushali, A., Mange, B., Vyas, H., Bhanushali, H., & Bhogle, P. (2015). Comparison of Graphical Password Authentication Techniques. International

Journal of Computer Applications, 116(1), 11–14. https://doi.org/10.5120/20299-

2332

[9] Gokhale, M. A. S., & Waghmare, V. S. (2016). The Shoulder Surfing Resistant Graphical Password Authentication Technique. Procedia Computer Science, 79,

490–498. https://doi.org/10.1016/j.procs.2016.03.063

[10] Hafiz, M. D., Abdullah, A. H., Ithnin, N., & Mammi, H. K. (2008). Towards identifying usability and security features of graphical password in knowledge

based authentication technique. Proceedings - 2nd Asia International Conference

on Modelling and Simulation, AMS 2008, 396–403.

https://doi.org/10.1109/AMS.2008.136

[11] Khodadadi, T., Islam, A. K. M. M., Baharun, S., & Komaki, S. (2016). Evaluation of recognition-based graphical password schemes in terms of usability and security

attributes. International Journal of Electrical and Computer Engineering, 6(6),

2939–2948. https://doi.org/10.11591/ijece.v6i6.11227

[12] Lashkari, A. H., Gani, A., Sabet, L. G., & Farmand, S. (2010). A new algorithm on Graphical User Authentication (GUA) based on multi-line grids. Scientific

Research and Essays, 5(24), 3865–3875.

[13] Masrom, M., Towhidi, F., & Lashkari, A. H. (2009). Pure and cued recall-based graphical user authentication. 2009 International Conference on Application of

Information and Communication Technologies, AICT 2009, 1–6.

https://doi.org/10.1109/ICAICT.2009.5372534

[14] O, V. B. (2015). Authentication Scheme for Passwords using Color and Text. 3(3), 316–323.

[15] Poharkar, K. (2017). Graphical Password Authentication Technique : A Survey. International Journal For Research and Development in Technology, 7(4), 16–20.

[16] S, M. D., R, M. R. K., & R, M. V. (2018). AUTHENTICATION SYSTEM – OVERVIEW OF GRAPHICAL PASSWORDS. International Research Journal of

Engineering and Technology (IRJET), 05(02), 449–455.

[17] Sharma, S., Pawar, M., Patil, S., & Gole, S. (2017). Cued Click Point ( Ccp ) Algorithm for Graphical Password To Authenticate Shoulder Surfing Resistance.

International Conference on Academic Research in Engineering and Management,

224–230.

[18] Singh, K. J., & Chanu, U. S. (2013). Graphical Password or Graphical User Authentication as Effective Password Provider. 2(9), 2765–2769.

APPENDIX

(A) Gantt Chart FYP I

W

1

W

2

W

3

W

4

W

5

W

6

W

7

W

8

W

9

W

10

W

11

W

12

W

13

W

14

Discussion tittle

and method

with supervisor

Discussion

abstract with

supervisor

Tittle, abstract

and project

scope

submission

Introduction

project

Literature

review

discussion

Proposal, slide

and gantt chart

preparation

Proposal

Presentation

Proposal

correction

Methodology

POC

Methodology

conference

Format writing

conference

Proposal draft

preparation and

discussion

Proposal draf

submission

Final report and

presentation

preparation

Final

Presentation

Proposal

correction

Proposal report

submission

Task Week

(B) Gantt Chart FYP II

W

1

W

2

W

3

W

4

W

5

W

6

W

7

W

8

W

9

W

1

0

W

1

1

W

1

2

W

1

3

W

1

4

W

1

5

Project

Meeting with

Supervisor

Project

Development

Implementatio

n and

Documentatio

n

Progress

Presentation

and Panel’s

evaluation

Development

project and

documentatio

n

Project

Testing

Project

Testing and

documentatio

n

FYP format

writing

workshop

Draft report

of project

submission

Poster

submission

Preparation

for final

presentation

Final

Presentation

and panel’s

evaluation

Submission

Final Thesis

Supervisor’s

evaluation

Task

Week