Implementation of Visual Cryptography and OCR Techniques for Processing the Enhanced Password Mechanism

Hamsalatha J, Alisha Erum K, Janani G S Dept of CSE Dr.TTIT, KGF

Abstract-- In recent past conversion of password for user authentication is to convert the password into hash values. But these passwords based on hash values are simple and fast because those are in form of text and famed cryptography. Due to this the password can be easily cracked by making use of cracking tool or hash- cracking online sites. Attackers can easily hack the original password if they are aware of the hash value when they are plain and simple. To overcome all these limitations, a scheme for processing the enhanced password based on visual cryptography and OCR was suggested. This cryptographic scheme is completely different from the existing one, where the user ID of text type is transformed into the two encrypted images. The server will have a user ID and one of the encrypted image, user sends the another image to the server when it needs to login then the server extracts the ID by making use of OCR(Optical Character Recognition).

Finally by comparing the extracted ID with the saved one the exact user is identified. This scheme helps in authentication prevents cyber attack and has low computation when compared with other schemes.

Index terms—Hashing, Optical Character Recognition (OCR), Password Processing Scheme, Visual Cryptography.

I. INTRODUCTION

User authentication in general systems has processed basically by the verification of user ID and password.

The system makes use of hash-based password scheme to send and verify the password and this scheme converts the original password to hash value. The benefits of this scheme are it can be adapted in system without any difficulty and it can process very fast because it is based on hash function such as SHA256, MD5. But it is easily exposed to brute force attack or dictionary attack and the passwords can be easily cracked by making use of hash-cracking online sites. For example we define a password “1qaz2wsx” in a system,

if attacker is aware of the hash value

“1c63129ae9db9c60c3e8aa94d3e00495” then he can simple crack the password by using crack site as shown in figure 1:Even if the attackers are not aware of the hash value he or she can cause the damage to the system just by guessing the hash function that is adapted in the system.

Figure 1: Result of cracked password in

“crackstation.net”

Users are responsible for this kind of attacks, where researchers have done a lot research work on the password management and most of the people’s responses were based on following negative behaviour:

 Rarely changing passwords

 Computer password chosen for the first time

 Allowing others to use our password

 Sharing passwords with friends and family

 Writing password next to the computer

 Using of easy password

Password reuse, length, entropy level, frequency of changing password is the factors of password security.

Figure 1.2 how the password is managed by the people based on the factors.

Figure 2: Survey result about password management (a) First graph represents the frequency for people

to reuse own password, were 14 of 31 people (45.16%) answered often reuse of password.

(b) Second graph represents the length of the password that is often used by the people, most of them have 9 letter password.

(c) Third graph represents people who create their passwords based on their personal details or information.

(d) Fourth graph represents the people who don’t change their password.

All these behaviors are the weak point for the entire system. By these draw backs the hackers can easily crack the password, by this the entire details of the users can be easily hacked this leads to the privacy leakage.

Many researchers worked to improve this hash-based password processing scheme by introducing salt values in hash function, but the salts prefixed to password cannot obstruct the brute force attack to an unknown password. To overcome all these criteria’s we suggest a scheme for processing the enhanced password based on visual cryptography for encrypting the images and OCR for recognizing the character. The main aim of this scheme is to avoid the privacy leakage and to prevent cyber attack.

II. LITERATURE SURVEY

2.1 Visual Cryptography

In 1994 Naor and Shamir suggested a cryptographic technique called as Visual Cryptography. From this technique two images are derived from the original image by converting pixels to pattern, the images are shared with others if we want to regain the original image we need to gather and stack up the image pixel to view the original one.

When compared to other technique this scheme as low

method does not require any computation it is dependent only on sight of human eye.

To build the shared images, first we need to prepare an original image along with a secret message “0129” as shown in the picture (a) of figure3. It is composed of white background and black letter. The research is extended to colour picture, but we need to explain basic VC based on this paper. The patterns of 4 sub pixels are arranged into 2x2 array format for encryption. The half of the pattern of sub pixels are filled with black and rest half becomes transparent. It can form 6 patterns such as horizontal vertical and diagonal. VC converts each and every pixel to the original image, once the VC based original image is formed the sub pixels become as noise.

The shared images are the combination of collected patterns. In shared image the background pixel and message must be different from each other.

If we want to convert the background pixel of original image it should be as shown in the figure 3.1. The patterns are randomly determined by the pattern numbers, for example if we want to convert the background pixel of image to pattern number 3 the sub pixel has to developed as same as that of pattern 3 which is of left vertical pattern. The second shared image pixel position should be same as that of first image which finally represents the background as grey with a mixed form of white and black.

Figure 3: Picture related with VC

Figure 4: shows how to make pixel pattern in shared image

Similarly message part in the shared image is represented at the second part of the figure 4 which is completely opposite of background pixel representation.

The first image sub pixels position should be in antitypical format for the second shared image. These images overlap with each other and message are represented in black.

Finally the conclusion is represented as the first shared image and the second shared image appear as gray as shown in figure 4 and when they overlap with each other the message are displayed in black, but these shared images does not reveal message “0129” until they overlap with each other. If the shared image does not match with each other then the message may not be revealed. To recognize the character overlapped in image we make use of a technique called OCR.

Figure 5: 4 sub pixels arranged in a 2x2 array As shown in figure 5 the 4 sub pixels are arranged in a 2x2 array where one is for image formation while the other shows how the image can be got back from the stored background pixel and message pixels.

2.2 OCR (Optical Character Recognition)

OCR is a character recognition technique or algorithm that is used to convert the printed text into text by making use of OCR user is able to recognize the text from the pictures there are few algorithms specifies the OCR. Basic OCR algorithm is a template matching technique were algebraic values are added to acquire the letter that are present within the segment of input characters. Other method is not based on mathematical rule to recognize the various font based characters.

There several problems during the development of OCR method:

 It is difficult to distinguish the characters which are closely related (example number “1” and lowercase L “l”).

 If the background is dark or printed with whole image than the text visibility leads to difficulty.

Tesseract is an OCR engine with support for Unicode and the ability to recognize more than 100 languages out of the box. It can be trained to recognize other languages. This was developed by HP in 1984 and now it is possessed by Google. There are certain programs based on Tesseract “FreeOCR” program and

“newocr.com”.

Character Recognition in Free OCR: The program calling “Free OCR” perfectly reads, and distinguishes number and string from test image.

Figure 6: Character Recognition in Free OCR Character Recognition in newocr.com: But the site calling “newocr.com” does not exactly reads because it recognizes number “0” as capital “O”.

Figure 7: Character Recognition in newocr.com

III. IMPLEMENTATION

3.1 Processing Enhanced Password Mechanism User identified for user authentication by the server in the general system. This section explains the interaction between the user and the server along with enhanced password processing mechanism based on VC and OCR.

 The Proposed Scheme

The user has to register himself or herself to the server system before the user authentication. The user registration process is shown in the figure 8.

Figure 8: Initial registration processes

First the user provides the ID and password as an input to the device. The device accepts the input and creates the original image consisting of black letters with white

back ground. The user saves the derived image in the device.

Then the device generates the first shared image based on VC, these images are determined by pseudorandom generator with SEED which has password and ID as salts. After developing the first shared image the device sends the ID and the image to the server instead of password. The user can save or delete the image after sending it to the server. Once the server saves the data that is sent by the user the registration process is completed. This clearly represents that the server does not know about the password until the second shared image is overlapped with the first.

Figure 9: Process of enhanced password scheme Proposed password processing scheme is as follows:

1) The user provides ID and password as input.

2) The device of user creates an original image based on white background and black character. If the original image exists in the device then there is no need to create the original image again.

3) If the device does not possess the first shared image it can possess the second shared image referred to the original image.

4) The user sends the second shared image to the server.

5) The first saved image in the server overlaps with the second shared image received.

6) The server removes the background from the image to obtain the data from the image.

7) ID is recognized by making use OCR algorithm.

8) The server checks extracted ID with the saved ID and the result is obtained as success or fail.

9) Then finally the result is sent to the user.

IV. EVALUATION

Enhanced password processing scheme has certain difference when compared to traditional hash based scheme. In this scheme VC is used instead of hash based text, even though the input value is password but the

output value is user’s ID as in traditional scheme. At last for authentication user sends only one image to the server having ID and password. There are certain advantages based on these features:

 Prevents cyber attack using vulnerable points of hash function.

 Lower computational cost.

 Supporting privacy of users.

By using VC random pattern number per pixels are generated for encryption. Generation random number has lower computational complexity than hash function because a pseudorandom number is obtained just by repeating exclusive-or (XOR).

This scheme is mostly used to prevent cyber attack such as brute force attack and dictionary attack as that often occurs in hash based scheme. Even if the attackers hack the saved image he or she may not be able to extract the original password because they are in the form of array of sub pixels. Even if the shared images are expanded and viewed the hackers may not get the entire information it resembles just like a mosaic model as shown in figure 10. Even if the attackers knew that it is made of certain shapes but they cannot identify what it is and how the patterns are arranged.

Figure 10: Expansion of shared image

Lastly, this scheme supports the privacy of user. The server saves only one shared image instead of the password and receives another shared image not to expose ID from user. As a result, no information of user such as ID or password is revealed in each shared image.

V. CONCLUSION

Most of the users make use of same and short length passwords for multiple accounts by this password management is affected which leads to cyber attacks.

Hence we suggest distinctive method different from conventional password scheme. It is based on encoded images by VC with SEED number and OCR and more strong protection from cyber attacks. Our proposal is light weight and more secure in the aspect that hashed values of important information are not stored in the system.

The combination of visual cryptography provides a better security during communication as there is no much difference observed in the image quality the cover image. .Further this can be applied on colour images with the combination of techniques of visual cryptography methods and compared for quality. This method could be converted as application.

FUTURE SCOPE:

The Visual cryptography scheme is

a cryptographic technique which allows visual information (e.g. printed text, handwritten notes, and picture) to be encrypted in such a way that the decryption can be performed by the human visual system, without the aid of computers.

Security is the primary concern of today’s communication world. Various visual cryptography schemes are studied and their performance is evaluated on four criteria: number of secret images, pixel expansion, image format and type of share generated.

The scope of the System provides a friendly environment to deal with images.

This application supports .gif and .png (portable network graphics) formatted images and the application has been developed using swing and applet technologies, hence provides a friendly environment to users.

The existing method may be further strengthened by encrypting the initial secret message using some standard cryptographic methods.

REFERENCES

[1] Gaw, Shirley, and Edward W. Felten, "Password management strategies for online accounts", Proceedings of the second symposium on Usable privacy and security. ACM, 2006.

[2] Nguyen, Thi Thu Trang, and Quang Uy Nguyen,

"An analysis of Persuasive Text Passwords", Information and Computer Science (NICS), 2015 2nd National Foundation for Science and Technology Development Conference on. IEEE, 2015.

[3] Tam, Leona, Myron Glassman, and Mark Vandenwauver, "The psychology of password management: a tradeoff between security and convenience", Behaviour & Information Technology 29.3 (2010): 233-244.

[4] Wang, Luren, Yue Li, and Kun Sun, "Amnesia:

A Bilateral Generative Password Manager", 2016 IEEE 36th International Conference on Distributed Computing Systems.

[5] Gauravaram, Praveen, "Security Analysis of salt||

password Hashes", Advanced Computer Science Applications and Technologies (ACSAT),2012 International Conference on. IEEE, 2012.

