Enhancing Login Security Using VSS and OCRAsst. Prof. Anitha MShreyansh Doshi, Hardik shah, Hari Krishnan R, Sharat Rao MDepartment of Computer Science and Engineering, Dayananda Sagar College of Engineering, Kumarswamy Layout, Bangalore 560078, IndiaAbstract” Traditional password conversion scheme for userauthentication is to transform the passwords into hash values.These hash-based password schemes are comparatively simpleand fast because those are based on text and famed cryptogra-phy. However, those can be exposed to cyber-attacks utilizingpassword by cracking tool or hash-cracking online sites. Inthis work, we suggest enhanced password processing schemebased on image using visual cryptography (VC).
Different fromthe traditional scheme based on hash and text, our schemetransforms a user ID of text type to two images encryptedby VC. Our proposal has lower computation, prevents cyber-attack aimed at hashcracking, and supports authentication notto expose personal information such as ID to attackers.I. INTRODUCTIONUser authentication in general systems has proceededbasically through verication of the ID and password. Inorder to send and verify password, the system uses a hash-based password scheme that transforms original passwordto hash value by famed function.
The advantages are thatit can be adapted in system without difculty, and com-putational velocity of process is fast because a type ofhash-based scheme is fundamentally based on text utilizingpopular hash function such as MD5, SHA256. But it isvulnerable to attacks such as brute force attack or dictionary-based attack plainly by password cracking tool or hash-cracking online sites. Assume that someone denes password1qaz2wsx in a system. If an attacker is aware of the hashvalue 1c63129ae9db9c60c3e8aa94d3e00495, the value canbe sufciently cracked simply by free crack site . Eventhough the attacker doesnt know any information about hashfunction, he or she can easily guess which kind of hashfunction is adapted in the system. As the result, the attackercan cause secondary damage to the system.Given the widespread use of password authentication inon-line correspondence, subscription services, and searching,there’s growing concern regarding fraud. once folks applytheir passwords across multiple accounts, they increase theirvulnerability; compromising one arcanum will facilitate ANoffender take over many accounts. what is more, over time,arcanum apply rates enlarged as a result of folks accumulatedadditional accounts however didn’t produce additional pass-words. Users justied their habits. whereas they wished toshield money knowledge and private communication, reusingpasswords created passwords easier to manage. Users visu-alised threats from human attackers, signicantly viewingthose on the point of them because the most actuated and ready attackers; but, participants didn’t separate the humanattackers from their probably machine-driven tools. theygenerally didn’t notice that customized passwords like phonenumbers may be cracked given an oversized enough lexiconand enough tries. we have a tendency to discuss howevercurrent systems support poor arcanum practices. we have atendency to additionally present potential changes in web siteauthentication systems and password managers.Nowadays, the wide use of media data such as digitalimages or videos attracts attention to security issues. In thepast few years, various cryptographic schemes have been pro-posed as possible solutions to the security of digital images.Cryptography provides a very powerful method to protectboth condentiality and robustness. Traditional cryptographicalgorithms can be directly applied to protect the images,videos, and audios in these applications. But these schemesare not loss-tolerant and have a great lot of calculation. Atthe meanwhile, users need to pay attention to the security ofthe key used for encryption.Secret sharing(SS) techniques are able to solve these issuesabove, which are the natural drawbacks of the traditionalcryptography. Secret sharing, which was rst proposed byBlakley and Shamir independently. In the encryption process,it splits the secret image into noise-like shadow images (alsocalled shares or shadows), and then distributes them amongthe authorized participants. When collecting sufcient shadowimages, authorized participants can recover the secret. Thistechnique has value of better theoretical and practical re-search.Visual secret sharing (VSS) and Shamirs polynomial basedscheme are the current main branches of secret sharing. InVSS scheme, the secret image is visually revealed by humanvisual system (HVS) without the aid of computers by stack-ing sufcient shares together.Except for simple recovery of theshadow images, current VSS and random grids(RG)basedVSS can realize many other good properties, such as nopixel expansion, meaningful shares and so on. Since theyare designed only for the binary images, they still have along way to be applied in the greyscale images-orientedencryption. In addition, their recovered secret images areusually lossy. At the same time, some other schemes based onShamirs polynomial and Lagrange interpolation, have beenproposed to realize the secret image sharing. These schemeshave the advantages of (k,n) threshold, lossless recovery andless pixel expansion for grey-scale images. However, theysuffer from All-or-Nothing, complex recovery and knownorder of the shadow images.In this paper we proposed a new password sharing schemeby making use of the visual secret sharing scheme and opticalcharacter recognition schemes. this method overcomes theproblem of traditional schemes as the password generatedare in the form of visual pictures which are later transformedto gray scale image and then encrypted before sending it tointended user. then we further suggest to make use OCRtechniques to give aditional security to the entire mechanismThe rest of the paper is organized as follows. Section 2presents the basic denitions and preliminaries of the proposedPSS scheme. Section 3 introduces the proposed PSS scheme.Section 4 is devoted to the experimental results and analysis.Finally, Section 5 concludes this paper.II. PRELIMINARIESIn this section we just introduce all the required prelimi-naries and denation that will be required to understand thispaper thoroughly.A. grayscale image Grayscale images consist of solely gray tones of color,which are 256 steps. In other words, there are solely 256gray colors. The main fundamentals of grayscale imagesare the equality of the red, green, and blue color levels.The color codes will be like RGB(R,R,R), RGB(G,G,G), orRGB(B,B,B) where R,G,B is a number between 0 and 255individually.There are many mechanism to convert an binary imageinto a gray scale image. we have made use of the AND andXOR methods available.In the generation of the grayscale images and in thereconstruction of the secret, Boolean operations XOR ( )and AND (&) are used. For easy lookup, the truth-tables ofXOR and AND for binary scalar inputs are given below. B. Visual Secret SharingVisual secret sharing (VSS) scheme is a perfect securemethod that protects a secret image by breaking it intoshadow images (called shadows).In the given example, thepicture has been split into two component images. Eachcomponent image had a pair of pixel for each pixel in theoriginal image. These pixel pairs are shaded in black or white according to the following rule: if the original image pixelare black, the pixel pairs in the component images must becomplementary that is white . When these complementarypairs are overlapped, they will seem to be dark gray. Andif the original image pixel was white, the pixel pairs in thecomponent images must match. When these matching pairsare overlapped, they will appear light gray.So, when the two component images are superimposed,the original image appears. However if the other compo-nent is not present, a single component image reveals noinformation about the original image; it is indistinguishablefrom a random pattern of pairs. Moreover, if you have onecomponent image, we can use the shading rules above toproduce a counterfeit component image that combines withit to produce any image at all. C. Optical Character Recognitionoptical character recognition commonly referred as OCR isa mechanism of converting a hand written , typed or printedtextual images into a machine-understandable encoded text.by the help of OCR one can extract the textual data presentin an image.III. THE PROPOSED SCHEMEIn this section, the proposed enhancing login securityusing OCR and Visual Secret Sharing schemes is presented.If the scheme has to be generalized, we could group theoperations section wise and present them as three differentphases: 1) Implementation of VSS, (2) Sharing of Image,(3) Implementation of the OCR. VSS deals with secretsbeing shared using the image(s). The rst phase deals withthe process used for splitting the image, converting it tograyscale images and the encryption process. After this, thesecond phase deals with the distribution of the images to theend user and the server which has to be downloaded andmerged during the login process. The nal phase deals withthe authentication of the user where the OCR technique isused. The ow diagram of the proposed scheme is illustratedin the gure.A. Implementation of VSSVisual cryptography is a cryptographic technique whichallows visual information (pictures, text, etc.) to be encryptedin such a way that the decrypted information appears asa visual image. A visual secret sharing scheme can bedemonstrated as follows; an image is broken up into nshares so that only someone with all n shares could decryptthe image, while any n 1 shares revealed no information about the original image. Each share was printed on separatetransparency, and decryption was performed by overlayingthe shares. When all n shares were overlaid, the originalimage would appear.In our solution, the image has been split into two com-ponent images called shares. Each component image has apair of pixels for every pixel in the original image. And isthen converted into grayscale images which are then usedfor encryption. Grayscale images are distinct from one-bitbi-tonal black-and-white images which, in the context ofcomputer imaging, are images with only two colors: blackand white. Grayscale images have many shades of grayin between. After splitting the image into two images andconversion to grayscale images, encryption is done wherethe information in the images are converted in such a waywhich prevents unauthorized access.B. Sharing of Image Now, after the encryption is done, we have to store oneshare in the system server and give the other share to theuser. The share 1 is stored in the server which should bedownloaded by the user during logging in. The share 2 wouldbe sent to the user when he/she registers via the valid mailid provided. This is done using the library functions andGoogle APIs provided. Every login process happens in this ow: First, the user downloads the share 1 form the server,following which he has to get the share 2 sent in the mail.After that, the user would be asked to upload both the images.The rest of the process is explained in the next phase whichis the nal phase in our proposed scheme.C. Implementation of the OCR Optical character recognition termed as OCR is a me-chanical or electrical conversion of images which are typed,handwritten or printed text into machine-encoded text. Thiscan be done from any scanned documents or images whichcould have some text present in them. In the previousversions, it was necessary to be trained with the images ofeach character and was possible to work with only one fontat a time where as now, as technology has been improvised inmany different ways, advanced systems are now capable ofproviding a high degree of recognition accuracy with manydifferent fonts which are commonly used and also providesupport for different format of images to be uploaded.As stated in the previous phase, the shares have to bedownloaded by the user and should be uploaded during thelogin process. When both the images are uploaded, they arerst merged together to form a single image. After the imagesare merged, an authenticate image is formed after which,OCR technique is implemented.The physical form of the image is rst processed and isthen analyzed for light and dark areas in the image wherethe dark areas are identied as characters that are to berecognized and the light areas are identied as background.The dark areas are further processed to nd alphabetic letterand numerical digits. OCR programs can have different tech-niques but they particularly focus on targeting one character,word or block at a time. When a character is identied,it is then converted to its ASCII code which is used bythe computer systems for further manipulations. Now, theauthenticated image having the user id is processed whichgenerates an OCR id. If the OCR id matches thee user id,authentication is successfully completed after which the useris redirected to other functions which are to be followed. Ifthere is a mismatch in the OCR id and the user id, the usercannot continue further as that could suggest a possible hack.IV. EXPERIMENTAL RESULTS AND DISCUSSION The user has to input his/her the ID and password. Thedevice of user creates an original image composed of blackcharacters and white background. If the saved original imageexists on users device, it dose not have to create the originalimage again.So here for example we created the image withtext rohan in it which will be the user id. Now, one of the major technology which we are usingcomes handy i.e. visual secret sharing schemes.The VSStransforms a user ID of jpeg/png kind to two images en-crypted by visual cryptography. The user ought to maketwo images consisted of sub-pixels by random functionwith SEED which includes personal information. These twoimages would be grayscale images so that the data of theoriginal image would not be revealed. Grayscale image 1 Graysacale image 2After the user logs in and sends another image, the servercan extract ID by utilizing OCR (Optical Character Recogni-tion).The server overlaps the rst shared image saved and thesecond shared image received. As a result, it can authenticateuser by comparing extracted ID with the saved one.Theserver should remove the background of the overlappedimage to gain original image. The database consist of various elds like user id, userpassword, name,sex, address, email, phone number, imageand OCR id. If the user id and OCR id matches then only wecan say that login authentication of the user is successful.Thesnapshot of the database can be found below. V. CONCLUSIONSMany people use the same or short length of passwordsin multiple systems and are neglectful password manage-ment. Consequentially cyber-accidents are occurred often.We suggested a distinctive method different from conven-tional password scheme. It is based on encoded imagesby VC with a SEED number and OCR and more strongprotection from cyberattacks. We evaluated security aspecton attacks, computational cost and privacy. Our proposal islight weight and more secure in the aspect that hashed valuesof important information are not stored in the system.RE F E R E N C E S[1] G. O. Young, Synthetic structure of industrial plastics (Book style with paper title and editor), in Plastics, 2nd ed. vol. 3, J. Peters, Ed. NewYork: McGraw-Hill, 1964, pp. 1564.[2] W.-K. Chen, Linear Networks and Systems (Book style). Belmont,CA: Wadsworth, 1993, pp. 123135.[3] H. Poor, An Introduction to Signal Detection and Estimation. NewYork: Springer-Verlag, 1985, ch. 4.[4] B. Smith, An approach to graphs of linear forms (Unpublished work style), unpublished.[5] E. H. Miller, A note on re ector arrays (Periodical styleAccepted for publication), IEEE Trans. Antennas Propagat., to be publised.[6] J. Wang, Fundamentals of erbium-doped ber ampliers arrays (Pe-riodical styleSubmitted for publication), IEEE J. Quantum Electron.,submitted for publication.[7] C. J. Kaufman, Rocky Mountain Research Lab., Boulder, CO, private communication, May 1995.[8] Y. Yorozu, M. Hirano, K. Oka, and Y. Tagawa, Electron spec-troscopy studies on magneto-optical media and plastic substrate in-terfaces(Translation Journals style), IEEE Transl. J. Magn.Jpn., vol. 2,Aug. 1987, pp. 740741 [Dig. 9th Annu. Conf. Magnetics Japan, 1982,p. 301].[9] M. Young, The Techincal Writers Handbook. Mill Valley, CA: Uni- versity Science, 1989.[10] J. U. Duncombe, Infrared navigationPart I: An assessment of feasibil-ity (Periodical style), IEEE Trans. Electron Devices, vol. ED-11, pp.3439, Jan. 1959.[11] S. Chen, B. Mulgrew, and P. M. Grant, A clustering techniquefor digital communications channel equalization using radial basisfunction networks, IEEE Trans. Neural Networks, vol. 4, pp. 570578,July 1993.[12] R. W. Lucky, Automatic equalization for digital communication, Bell Syst. Tech. J., vol. 44, no. 4, pp. 547588, Apr. 1965.[13] S. P. Bingulac, On the compatibility of adaptive controllers (Published Conference Proceedings style), in Proc. 4th Annu. Allerton Conf.Circuits and Systems Theory, New York, 1994, pp. 816.[14] G. R. Faulhaber, Design of service systems with priority reservation, in Conf. Rec. 1995 IEEE Int. Conf. Communications, pp. 38.[15] W. D. Doyle, Magnetization reversal in lms with biaxial anisotropy,in 1987 Proc. INTERMAG Conf., pp. 2.2-12.2-6.[16] G. W. Juette and L. E. Zeffanella, Radio noise currents n short sections on bundle conductors (Presented Conference Paper style), presentedat the IEEE Summer power Meeting, Dallas, TX, June 2227, 1990,Paper 90 SM 690-0 PWRS.[17] J. G. Kreifeldt, An analysis of surface-detected EMG as an amplitude- modulated noise, presented at the 1989 Int. Conf. Medicine andBiological Engineering, Chicago, IL.[18] J. Williams, Narrow-band analyzer (Thesis or Dissertation style), Ph.D. dissertation, Dept. Elect. Eng., Harvard Univ., Cambridge, MA, 1993.[19] N. Kawasaki, Parametric study of thermal and chemical nonequilib-rium nozzle ow, M.S. thesis, Dept. Electron. Eng., Osaka Univ.,Osaka, Japan, 1993.[20] J. P. Wilkinson, Nonlinear resonant circuit devices (Patent style), U.S. Patent 3 624 12, July 16, 1990.