International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING 6367(Print), ISSN

N 0976 6375(Online) Volume 3, Issue 3, October-December (2012), IAEME & TECHNOLOGY (IJCET)

ISSN 0976 6367(Print) ISSN 0976 6375(Online) Volume 3, Issue 3, October - December (2012), pp. 490-500 IAEME: www.iaeme.com/ijcet.asp Journal Impact Factor (2012): 3.9580 (Calculated by GISI) www.jifactor.com

IJCET
IAEME

DEFENSES AGAINST LARGE SCALE ONLINE PASSWORD GUESSING ATTACKS BY USING PERSUASIVE CLICK POINTS
Mrs. M. A. Patel 1, Ms. Y.U.Kadam 2, Ms. R. Y.Thombare 3, Ms. H. P. Patil 4 1 (Department of Computer Engineering, Godavari College of Engineering, Jalgaon, mushrafpatel4@gmail.com) 2 (Department of Computer Technology, K. K. Wagh Polytechnic(SS), Nashik, yogitaukadam@gmail.com) 3 (Department of Computer Engineering, K.K.W.I.E.E.R., Nashik, rohinithombare@gmail.com) 4 (Department of Computer Engineering, Godavari College of Engineering, Jalgaon, harsh28_4@yahoo.com)

ABSTRACT The most common computer authentication method is to use alphanumerical usernames and passwords. This method has been shown to have significant drawbacks. For example, users tend to pick passwords that can be easily guessed. On the other hand, if a password is hard to guess, then it is often hard to remember. To address this problem, some researchers have developed authentication methods that use pictures as passwords. In this paper, we conduct com-prehensive survey of the existing graphical password techniques. We classify these techniques into two categories: recognition-based and recall-based approaches. We discuss the strengths and limitations of each method and point out the future research directions in this area. We also try to answer two important questions: What are the major design and implementation issues for graphical passwords. In this paper, we are conducting comprehensive survey of existing graphical image password authentication techniques. Also we are here proposing a new technique for graphical authentication. Keywords: authentication, computer security, graphical passwords, guessing attacks, 1. INTRODUCTION Human factors are often considered the weakest link in a computer security system. Point out that there are three major areas where human-computer interaction is important: authentication, security operations, and developing secure systems. Here we focus on the authentication problem. On the other hand, passwords that are hard to guess or break are often
490

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 6367(Print), ISSN 0976 6375(Online) Volume 3, Issue 3, October-December (2012), IAEME

hard to remember. Studies showed that since user can only remember a limited number of passwords, they tend to write them down or will use the same passwords for different accounts. To address the problems with traditional username password authentication, alternative authentication methods, such as bio-metrics, have been used. In this paper, however, we will focus on another alternative: using pictures as passwords. Graphical password schemes have been proposed as a possible alternative to text-based schemes, motivated partially by the fact that humans can remember pictures better than text; psychological studies supports such assumption. Pictures are generally easier to be remembered or recognized than text. In addition, if the number of possible pictures is sufficiently large, the possible password space of a graphical password scheme may exceed that of text-based schemes and thus presumably offer better resistance to dictionary attacks. Because of these advantages, there is a growing interest in graphical password. In addition to workstation and web log-in applications, graphical passwords have also been applied to ATM machines and mobile devices. In this paper, we conduct a comprehensive survey of the existing graphical password techniques. We will discuss the strengths and limitations of each method. In this paper, we want to answer the following questions: 1. Are graphical passwords as secure as text passwords? 2. What are the major design and implementation issues for graphical passwords? It is useful for researchers who are interested in developing new graphical password algorithms as well as industry practitioners who are interested in deploying graphical password techniques Current authentication methods can be divided into three main areas: 1. Token base authentication 2. Biometric based authentication 3. Knowledge based authentication 2.1 Token based authentication

Fig1: Taxonomy of Password Authentication Techniques

491

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 6367(Print), ISSN 0976 6375(Online) Volume 3, Issue 3, October-December (2012), IAEME

1.1 Token based techniques such as keycards, bank cards and smart cards are widely used. Many token-based authentication systems also use knowledge based techniques to enhance security. For example, ATM cards are generally used together with a PIN number. 1.2 Biometric based authentication technique such as fingerprints, iris scan, or facial recognition, is not yet widely adopted. The major drawback of this approach is that such systems can be expensive, and the identification process can be slow and often unreliable. However, this type of technique provides the highest level of security. 1.3 Knowledge based authentication are the most widely used authentication techniques and include both text-based and picture-based passwords. The picture-based techniques can be further divided into two categories: 1.3.1 Recognition- based techniques: Using recognition-based techniques, a user is presented with a set of images and the user passes the authentication by recognizing and identifying the images he or she selected during the registration stage. 1.3.2 Recall-based graphical techniques: Using recall-based techniques, a user is asked to reproduce something that he or she created or selected earlier during the registration stage. 2. SCHEMES OF AUTHENTICATION Usually user authentication involves confirming with a certain degree of confidence that the electronic form of users identity represented in the IT System corresponds to the real life identity of the user. There are three factors of user authentication that may be used in combination to increase the level of confidence in the claimed identity of a user. 2.1 Single Factor/Knowledge-Based Authentication: This type of authentication technique consists of text base that uses passwords or Personal Identification Numbers (PINs) and graphic based authentication that uses graphics for authentication. Knowledge based authentication uses secret information. When user provides some information to authenticate himself as a legitimate user, the system processes this information and suggests whether the user is legitimate or not Knowledge based authentication is based on Something You Know assumption, in which the user types a password to login to a computer or enters his Personal Identification Number (PIN) to access his/her bank account from an ATM. The classic form of single factor authentication is user ID and Password where the user claims his/her identity by presenting a user ID to the IT access control system. The system then checks the password for the claimed identity against its secure list of known identities and passwords. If the user ID and Password pair entered by the user match the User Id and password stored in the IT access control system then the user is judged to be authentic and given access to the system. 2.2 Two Factor / Token Based Authentication: This scheme uses some physical items called tokens such as smart cards, passports and physical keys. Authentication token or simply a token may be a physical device that an authorized user of computer is given to aid in authentication. Such a token may be physically connected or plugged into the client system. The term may refer to software token as well. Hardware tokens are typically small enough to be carried out in a pocket or purse and often are designed to attach to the users keychain.
492

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 6367(Print), ISSN 0976 6375(Online) Volume 3, Issue 3, October-December (2012), IAEME

Some may store cryptographic keys such as a digital signatures or biometric data such as a fingerprint. Other may include small keypads to allow the entry of a PIN. Token based authentication is based on Something You Have assumption, in which the user carries a wallet full of credentials (a drivers license, credit card, a university ID card) to certify his/her identity (as a driver, as a credit worthy consumer, or as a student). This system uses both forms of authentication. i.e. it involves using Something You Know ( i.e. a PIN) and Something You Have ( i.e. a token). Most widely used forms of two factor authentication are. 2.1.1 Automated Teller Machine (ATM) or Cash point Machine Card and PIN. 2.1.2 Access Control Token and PIN at an ATM, the user puts his/her Cash point/ATM card into the ATM and the ATM requests the user to enter his/her PIN. The information held on magnetic stripe of the card together with the PIN, encrypted in a secure block of data, is sent to the Banks Central authentication System, where the PIN entered by the user, is compared with the PIN held on file against the users account number and details. However, in this scheme, personally designed unique information is used as token. Each user is registered against that unique token which becomes his identifying label of the token. Stored information is presented to the system (e.g. ATM card) as well as PIN code to authenticate a user. 2.3 Three Factor / Biometric Based Authentication: Three factor authentication or Biometric based authentication involves using an access control token such as smart card, a PIN to access the smart card and a biometric value held in the central database. The card is entered into a reader, the PIN is entered, the biometric is read and encrypted under a cryptographic key held on the smart card. The user ID read from the smart card together with the encrypted biometric are sent to the central database, where the biometric can be decrypted and compared with the value on the central access control system/database. It is to be noted that the users PIN is not sent to the central access control system but is checked locally by the smart card. Bio-metrics is the technologies that analyze human characteristics for automated personal authentication. In this scheme, behavioral characters (i.e. voice signature, gait of a human) as well as psychological characters (i.e. finger-print, hand, iris, retina, face) describing human characteristics are used for authentication. Biometric based authentication is used for both authentications as well as for identification. In short, this system uses some physical or behavioral traits of a human for authentication. Comparison among Authentication Schemes Knowledge based authentication has the following flaws It is harder to remember passwords for a long time. With the passage of time, as the users need, when user involves in more than one password based authentication systems, it becomes difficult for the user to distinguish among passwords used for different applications and to correctly remember those passwords. As time passes on, and by using many password based applications, forgetfulness of passwords is more probable to occur. When a user may have more than one account with different passwords, the leakage of one or more of them are just possible. A password that is written down can be seen by others and can be stolen. Passwords invented by people are devised to be easy to remember a word in dictionary or a loved ones name, a telephone number or a keyboard pattern (i.e. asdf) or some combination thereof. Unfortunately, a password drawn from that significantly smaller space will be considered easier to guess. This form of authentication is relatively weak because, the
493

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 6367(Print), ISSN 0976 6375(Online) Volume 3, Issue 3, October-December (2012), IAEME

same password is used over and over again, giving many opportunities for it to be illicitly captured. Two factor/ Token based authentication is considered to be stronger than Single factor/Knowledge based authentication system, where users confidence can be increased beyond what Single factor/Knowledge based authentication method provides by requiring that multiple independent method be used to authenticate individuals. This is known as multifactor authentication and the combination of two independent methods is known as Two Factor authentication. Here ignorance of the Something You Know (a PIN) makes it difficult for an attacker to benefit from stealing the Something You Have (a bank card). As knowledge based and token based authentication techniques are considered to be very effective, but for the reason that passwords and tokens are liable to be stolen, forgotten or shared with some unauthorized users due to which credibility reduces. On the one hand, software tokens are flexible and less expensive than the hardware based solution. But on the other hand, software tokens have the following flaws. Software tokens are inherently vulnerable to malware and key logger attacks. They typically try to retrieve the users credentials when they are typed in. Software tokens are vulnerable to visual spoofing attacks. They need installation of token driver on the system.

These problems are difficult to solve. However, key logger attacks can be partially solved by displaying a keyboard on the clients screen having the user type in his credentials using this keyboard in client-server architecture. Taking hardware token in consideration, carrying token all the times is inconvenient for users. Since biometric data cannot be readily changed, a user whose data has been leaked might be compelled to use different finger for authentication (e.g. in fingerprint authentication system) and so the possibility of reuse due to leakage of enrolled data is impossible as to impersonate the legitimate user for illegitimate purposes. 3. RECOGNITION BASED TECHNIQUES 3.1. Dhamija and Perrig method: Dhamija and Perrig proposed a graphical authentication scheme based on the Hash Visualization technique. In their system, the user is asked to select a certain number of images from a set of random pictures generated by a program. Later, the user will be required to identify the pre selected images in order to be authenticated. The results showed that 90% of all participants succeeded in the authentication using this technique, while only 70% succeeded using text-based passwords and PINS. The average log-in time, however, is longer than the traditional approach. A weakness of this system is that the server needs to store the seeds of the portfolio images of each user in plaintext. Also, the process of selecting a set of pictures from the picture database can be tedious and time consuming for the user. Akula and Devisetty's algorithm [10] is similar to the technique proposed by Dhamija and Perrig [4]. The difference is that by using hash function SHA-1, which produces a 20 byte output, the authentication is secure and require less memory. The authors suggested a possible future improvement by providing persistent storage and this could be deployed on the Internet, cell phones and PDA's. Kirkpatrick [11] sketched several authentication schemes, such as picture recognition, object recognition, and pseudo word recognition, and conducted a number of user studies. In the picture recognition study, a user is trained to recognize a large set of images (100-200 images) selected from a database of 20,000 images. After one to three months, users in their study were able to recognize over 90% of the images in the training set.

494

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 6367(Print), ISSN 0976 6375(Online) Volume 3, Issue 3, October-December (2012), IAEME

Figure2. Random images used by Dhamija and Perrig This study showed that pictures are the most effective among the three schemes tested. Pseudo codes can also be used, but require proper setting and training. Sobrado and Birget developed a graphical password technique that deals with the shoulder-suffering problem. In the first scheme, the system will display a number of pass-objects (pre-selected by user) among many other objects. To be authenticated, a user needs to recognize pass-objects and click inside the convex hull formed by all the pass-objects. In order to make the password hard to guess, Sobrado and Birget suggested using 1000 objects, which makes the display very crowded and the objects almost indistinguishable, but using fewer objects may lead to a smaller password space, since the resulting convex hull can be large. In their second algorithm, a user moves a frame (and the objects within it) until the pass object on the frame lines up with the other two pass-objects. The authors also suggest repeating the process a few more times to minimize the likelihood of logging in by randomly clicking or rotating. The main drawback of these algorithms is that the log in process can be slow. Manetal. [14] proposed another shoulder-suffering resistant algorithm. In this algorithm, a user selects a number of pictures as pass-objects. Each pass-object has several variants and each variant is assigned a unique code. During authentication, the user is challenged with several scenes. Each scene contains several pass-objects (each in the form of a randomly chosen variant) and many decoy-objects. The user has to type in a string with the unique codes corresponding to the pass-object variants present in the scene as well as a code indicating the relative location of the pass objects in reference to a pair of eyes. The argument is that it is very hard to crack this kind of password even if the whole authentication process is recorded on video because where is no mouse click to give away the pass-object information. 3.2 Hongs Method: Hong[7] proposed another shoulder-surfing resistant algorithm. In this approach to allow the user to assign their own codes to pass-object variants . Fig.3 shows the log-in screen of this graphical password scheme. However, this method still forces the user to memorize many text strings and therefore suffer from the many drawbacks of text-based passwords.
495

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 6367(Print), ISSN 0976 6375(Online) Volume 3, Issue 3, October-December (2012), IAEME

Figure3. Another shoulder suffering resistant scheme developed by Hong 4. RECALL BASED TECHNIQUES In this section we discuss recent types of click based graphical password techniques: 4.1. Pass Points (PP) 4.2 Persuasive Cued Click- Points (PCCP) 4.3. Cued Click Points (CCP) 4.1 Pass point (PP): Based on Blonders original idea [7], Pass Points (PP) [7] is a click-based graphical password system where a password consists of an ordered sequence of five click-points on a pixelbased image as shown in Fig.4

Figure 4. Pass Points To login, a user must click within some system-defined tolerance region for each click-point. The image acts as a cue to help users remember their password click-points. 4.2 Persuasive Cued Click-Points (PCCP): To address the issue of hotspots, PCCP was proposed [7].As with CCP, a password consists of five click points, one on each of five images. During password creation, most of the image is dimmed except for a small view port area that is randomly positioned on the image as shown in Fig 5.
496

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 6367(Print), ISSN 0976 6375(Online) Volume 3, Issue 3, October-December (2012), IAEME

Figure 5: The PCCP password creation interface Users must select a click-point within the view port. If they are unable or unwilling to select a point in the current view port, they may press the Shuffle button to randomly reposition the view port. The view port guides users to select more random passwords that are less likely to include hotspots. A user who is determined to reach a certain click-point may still shuffle until the view port moves to the specific location, but this is a time consuming and more tedious process 4.3 Cued Click Points (CCP): CCP [1] was developed as an alternative click based graphical password scheme where users select one point per image for five images Fig.6: The interface displays only one image at a time; the image is replaced by the next image as soon as a user selects a click point. The system determines the next image to display based on the users click-point on the current image. The next image displayed to users is based on a deterministic function of the point which is currently selected. It now presents a one to-one cued recall scenario where each image triggers the users memory of the one click-point on that image. Secondly, if a user enters an incorrect click-point during login, the next image displayed will also be incorrect. Legitimate users who see an unrecognized image know that they made an error with their previous click-point. Conversely, this implicit feedback is not helpful to an attacker who does not know the expected sequence of images 5. DETAILED DESCRIPTION OF METHOD AUTHENTICATION USING CUED CLICK POINTS GRAPHICAL PASSWORD

Cued Click Points (CCP) is a proposed alternative to Pass Points. In CCP, users click one point on each of c = 5 images rather than on five points on one image. It offers cuedrecall and introduces visual cues that instantly alert valid users if they have made a mistake when entering their latest click-point(at which point they can cancel their attempt and retry from the beginning). It also makes attacks based on hotspot analysis more challenging, as we discuss later. As shown in Fig.6, each click results in showing a next image, in effect leading users down a path" as they click on their sequence of points. A wrong click leads down an incorrect path, with an explicit indication of authentication failure only after the final click. Users can
497

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 6367(Print), ISSN 0976 6375(Online) Volume 3, Issue 3, October-December (2012), IAEME

choose their images only to the extent that their click-point dictates the next image. If they dislike the resulting images, they could create a new password involving different clickpoints to get different images. We envision that CCP fits into an authentication model where a user has a client device (which displays the images) to access an online server (which authenticates the user). We assume that the images are stored server-side with client communication through SSL/TLS. For implementation, CCP initially functions like Pass Points. During password creation, a discretization method (e.g., see [1]) is used to determine a Click point's tolerance square and corresponding grid. For each click-point in a subsequent login attempt, this grid is retrieved and used to determine whether the click point

Figure 6: CCP passwords can beregarded as a choice-dependent path of images falls within tolerance of the original point. With CCP, we further need to determine which next-image to display. Similar to the Pass Points studies, our example system had images of size 451x331 pixels and tolerance squares of 19x19 pixels. If we used robust discretization [1], we would have 3 overlapping candidate grids each containing approximately 400 squares and in the simplest design, 1200 tolerance squares per image (although only 400 are used in a given grid). We use a function f(username, current Image, currentToleranceSquare) that uniquely maps each tolerance square to a next image. This suggests a minimum set of one argument against using fewer 1200 images required at each stage. Images, and having multiple tolerance squares map to the same next image, is that this could potentially result in misleading implicit feedback in (albeitrare) situations where users click on an incorrect point yet still see the correct next-image. Each of the 1200 next-images would have 1200 tolerance squares and thus require 1200 next images of their own. The number of images would quickly become quite large. So we propose reusing the image set across stages. By reusing images, there is a slight chance that users see duplicate images. During the 5 stages in password creation, the image indices i1, ..., i5 for the images in the password sequence are each in the range 1= ij = 1200. When computing the next-image index, if any is a repeat (i.e., the next ij is equal to ik for some (k < j), then the next-image selection function f is deterministically perturbed to select a distinct image. A user's initial image is selected by the system based on some user characteristic (as an argument to f above; we used username). The sequence is regenerated on-the-y from the function each time a user enters the password. If a user enters an incorrect click-point, then the sequence of images from that point onwards will be incorrect and thus the login attempt
498

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 6367(Print), ISSN 0976 6375(Online) Volume 3, Issue 3, October-December (2012), IAEME will fail. For an attacker who does not know the correct sequence of images, this cue will not be helpful. We expect that hotspots [6, 16] will appear as in Pass Points, but since the number of images is significantly increased, analysis will require more effort which increases proportionally with the configurable number of images in the system. For example, if attackers identify thirty likely Click Points on the first image, they then need to analyze the thirty corresponding second images (once they determine both the indices of these images and get access to the images themselves), and so on, growing exponentially. A major usability improvement over Pass Points is the fact that legitimate users get immediate feedback about an error when trying to log in. When they see an incorrect image, they know that the latest click-point was incorrect and can immediately cancel this attempt and try again from the beginning. The visual cue does not explicitly reveal right" or wrong" but is evident using knowledge only the legitimate user should possess. As with text passwords, Pass Points can only safely provide feedback at the end and cannot reveal the cause of error. Providing explicit feedback in Pass Points before the final click-point could allow Pass Point attackers to mount an online attack to prune potential password subspaces, whereas CCP's visual cues should not help attackers in this way. Another usability improvement is that being cued to recall one point on each of five images appears easier than remembering an ordered sequence of five points on one image 6. PROPOSED SYSTEM Now-a-days, all business, government and academic organizations are investing a lot of money, time and computer memory for the security of information. Online password guessing attacks have been known since the early days of the Internet, there is little academic literature on prevention techniques. This project deals with guessing attacks like brute force attacks and dictionary attacks. This project proposes a click-based graphical password system. During password creation, there is a small view port area that is randomly positioned on the image. Users must select a click-point within the view port. If they are unable or unwilling to select a point in the current view port, they may press the Shuffle button to randomly reposition the view port. The view port guides users to select more random passwords that are less likely to include hotspots. Therefore this works encouraging users to select more random, and difficult passwords to guess. Brute force and dictionary attacks on password only remote login services are now widespread and ever increasing. Enabling convenient login for legitimate users while preventing such attacks is a difficult problem. Automated Turing Tests (ATTs) continue to be an effective, easy to deploy approach to identify automated malicious login attempts with reasonable cost of inconvenience to users. This project proposes a new Password Guessing Resistant Protocol (PGRP), derived upon revisiting prior proposals designed to restrict such attacks. While PGRP limits the total number of login attempts from unknown remote hosts, legitimate users in most cases (e.g., when attempts are made from known, frequently used machines) can make several failed login attempts before being challenged with an ATT. This proposed system also provides protection against key logger spy ware. Since, computer mouse issued rather than the keyboard to enter our graphical password; this protects the password from key loggers. 7. CONCLUSION The past decade has seen a growing interest in using graphical passwords as an alternative to the traditional text-based passwords. In this paper, we have conducted a comprehensive survey of existing graphical password techniques. The current graphical password techniques can be classified into two categories: recognition-based and recall-based techniques. Although the main argument for graphical passwords is that people are better at memorizing graphical passwords than text-based passwords, the existing user studies are very limited and there is not yet convincing evidence to support this argument. Our preliminary analysis suggests that it is more difficult to break graphical passwords using the traditional attack methods such as brute force search, dictionary attack, or spyware. However, since there is not yet wide deployment of graphical password systems, the vulnerabilities of graphical passwords are still not fully understood 499

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 6367(Print), ISSN 0976 6375(Online) Volume 3, Issue 3, October-December (2012), IAEME

REFERENCES [1] Sonia Chiasson, P.C. van Oorschot, and Robert Biddle, Graphical Password Authentication Using Cued Click Points ESORICS, LNCS 4734, pp.359-374, Springer Verlag Berlin Heidelberg 2007 [2] Manu Kumar, Tal Garfinkel, Dan Boneh and Terry Winograd, Reducing Shouldersurfing by Using Gaze based Password Entry, Symposium on Usable Privacy and Security (SOUPS), July 8-20,2007, Pittsburgh, PA, USA [3] Zhi Li, Qibin Sun, Yong Lian, and D. D. Giusto, An association-based graphical password design resistant to shoulder surfing Attack, International Conference on Multimedia and Expo (ICME), IEEE.2005 [4] R. Dhamija and A. Perrig, "Deja Vu: A User Study Using Images for Authentication," in Proceedings of 9th USENIX Security Symposium, 2000 [5] S. Akula and V. Devisetty, "Image Based Registration and Authentication System, in Proceedings of Midwes Instruction and Computing Symposium, 2004 [6] L. Sobrado and J.-C. Birget, "Graphical passwords," The Rutgers Scholar, An Electronic Bulletin for Undergraduate Research, vol. 4, 2002 [7] Sonia Chiasson, Alain Forget, Robert Biddle, P. C. van Oorschot, User interface design affects security: patterns in click-based graphical passwords, Springer-Verlag 2009 [8] International Journal of Video & Image Processing and Network Security IJVIPNS Vol: 10 No: 04 Comparative Study Of Authentication Techniques" [9] S. Man, D. Hong, and M. Mathews, " A Shoulder surfing resistant graphical password scheme, in Proceedings of International Conference on security and management. Las Vegas, NV, 2003 [10] A. Adams and M. A. Sasse, "Users are not the enemy: why users compromise computer security mechanisms and how to take remedial measures," Communications of the ACM, vol. 42, pp. 41-46, 1999 [11] I. Jermyn, A. Mayer, F. Monrose, M. K.Reiter and A.D. Rubin, "The Design and Analysis of Graphical Passwords," in Proceedings of the 8th USENIX Security Symposium, 1999 [12] Alain Forget, Sonia Chiasson, and Robert Biddle, Shoulder-Surfing Resistance with Eye Gaze Entry in Cued-Recall Graphical Passwords, ACM 978- 1-60558-929-9/10/04, April 10 15, 2010 [13] Md. Asraful Haque, Babbar Imam and Nesar Ahmad, 2-Round Hybrid Password Scheme International journal of Computer Engineering & Technology (IJCET), Volume3, Issue2, 2012, pp. 579 - 587, Published by IAEME [14] Kapil Tomar, Niraj Singhal and Sunil Kumar, Software As A Service Security: Challenges And Solutions International journal of Computer Engineering & Technology (IJCET), Volume2, Issue1, 2011, pp. 53 - 60, Published by IAEME [15] Gurudatt Kulkarni, Jayant Gambhir and Amruta Dongare, Security In Cloud Computing International journal of Computer Engineering & Technology (IJCET), Volume3, Issue1, 2012, pp. 258 - 265, Published by IAEME [16] Srikanth T.N. and Prabhudeva S, Explicit Study On Security Issues In Multimedia Streaming In Peer To Peer Network International journal of Computer Engineering & Technology (IJCET), Volume3, Issue2, 2012, pp. 588 - 602, Published by IAEME

500