Passwords have been present in information technology since the earliest days before the age of the PC. Using consumer password recovery software, the eight character password can be cracked in under an hour. More experienced hackers can crack 14 character password including alpha-numeric with special characters by using rainbow table and some free tools in less than three minutes. So adding numeric and other characters does not mean adding some level of protection but may increase the time needed [1].

In this paper we propose a new password authentication scheme based on fractal image coding scheme. Its properties are addressed and its security is analyzed and compared to some of the aforementioned methods by Lamport [2], Hwang and Li [4], and Lee et al. [8].

Fractal Space full crack [Password]

The outline of the paper is organized as follows: the theoretical concepts of fractal image coding are explained in Section 2, while a brief explanation of the methodology is provided in Section 3. The core of this paper is Section 4, which discusses the algorithm. In Section 5, the experimental results are described. Section 6, analyzes the security and evaluates the efficiency of the proposed scheme, while a security comparison between the proposed scheme and other password authentication scheme are presented in Section 7, followed by a brief conclusion in Section 8.

(1)In Client(a)Enter the user name and the password (ID, PW).(b)C sends to S the current request (login, registration, and change password).(c)C calculates the PW hashing value HS(PW).(d)The hash function HS is encrypted using nonlinear function to give (HS, ).(e)The ID and Y are captured in IM using a text to image converter.(f)Calculate , the matrix of the IFS transformation constructed from IM using fractal image coding scheme.(g) is sent to S.(2)In Server(a)Decode to find the attractor IM1 using fractal image decoding.(b)Use OCR program to read the data in IM1 and determine ID, and the encrypted .(c)Use inverse function to decrypt and find (d)For each request status (registration, login, and change password), S is authenticated as follows.

As indicated in Table 1 and Figure 4, the performance evaluation of the proposed scheme in terms of performance time and captured image size against the key size is shown. It is to conclude that the registration and login time changes is directly proportional with the key size, while the authentication time is depending on the number of users which were registered in the server. The proposed password authentication is a novel fractal based scheme which provides secure transmission of credential message over insecure communication channel. The registration and login phase in client side performs four steps: the password is hashed, encrypted, captured as an IM image, and then transformed to IFS codes using FIC scheme. Whereas, it performs three steps in server side, which are generating IM1 attractor using FID, reading data using OCR, and finally decrypting these data to find the hash function, to be used with the ID, either for authentication, or registration, depending on the request case.

If we assume that an attacker A has a total control over the communication channel between C and S, this would mean that he can insert, delete, or change any message in the channel. The first step in the proposed system is the registration process. If the attacker masquerades as C and tries to change the ID or the PW and registers in the database using the wrong ID and PW, this does not give any advantage due to the lack of information in the stolen page at this stage. Therefore, the attacking process in this part is not feasible and the authorized user will have to reregister again. We conclude that the main goal of the attacker is to get the PW. Any attempt to change the ID will do nothing. If the attacker is skilled enough to recover the original image, using fractal image decoding, he will get an encrypted hash with a nonlinear function for two variables , where is DH key exchange and is one way hash function of the user password, which is infeasible to be solved with exact values. The use of secured shared key DH that is based on the difficulty of discrete logarithm problems and it is computationally infeasible (unsolvable in polynomial time) for large prime number has a significant impact. This is in regard to increasing the security of the proposed scheme to resist many types of attacks over unsecure network.

Denial of Service AttacksIn this attack, false verification information can be updated (applied) by the attacker for more than ten times, and as a result, the legal user will be blocked, and will not be able to login successfully anymore. The most vulnerable procedure is the password changing phase. In our scheme this phase is performed on the client side. While, the server should authenticate the user with the security question using the proposed secure scheme before starting the change password process; that is, it will help to enhance the security of password changing. The attacker is not able to modify data on storage, because only the authorized user is able to change the password. This is due to the security question that is preagreed before between the legal user and the server, as well as the difficulty of knowing the encrypted key.

A password authentication system based on the advantage of fractal image coding is proposed. The system works on the captured binary image of the client information (ID, PW). After the password is hashed and encrypted, it is coded using FIC scheme and send it to the server instead of the image itself. The successful matching is performed at the server to verify the client user after the ID is recognized, and the hash is decrypted to be verified with the saved hash in database system. The security strength of the scheme relies on the security of the hash function, and DH protocol that is used as a key exchange in encryption and decryption of HS(PW), in addition to the complexity of the FIC scheme. We conclude that the proposed scheme is nontraditional password authentication, flexible to improvement, in addition to many other attributes, such as the following.(i)The user cannot freely change the password without connecting to the server (i.e., only the authorized user is able to change the password), because of the security question that is preagreed before between the legal user and the server, as well as the difficulty of knowing the encrypted key.(ii)The scheme has a facility of access denial or blocked any unauthorized user whose try to use wrong password for more than ten trials.(iii)The scheme is secured against guessing, replay, denial of service, stolen-verifier, parallel session, and many other attacks.(iv)The uses of FIC offer an advantage to increase the security because of the use of the fractal codes instead of original image.(v)The server closes the session whenever it takes more than the usual time and will request a new session.

To overcome the issue of complex passwords, various graphical password (GPs) schemes were proposed in the literature [8,9]. The GPs like Passface [10], Passhint [11], etc. makes the smartphones more compatible rather than the traditional ones as they provide a large symbol space over text-based password techniques. Therefore, they are being adopted in smart devices [2]. Research revealed that users pay more attention to technology which is easy to use [12]. The GPs schemes consist of images and icons. Users must select images or icons from the pool of images to create a password. These selected images and icons will be used for password authentication. Despite these benefits, all the present graphical schemes are still vulnerable to different attacks, e.g., brute force attacks, shoulder surfing, and smudge attacks [1].

In this research paper, we propose a novel FBAT based on Sierpinski triangles. We have developed this technique with a combination of graphical and pattern-based schemes. It consists of various levels and at each level, the user must select a triangle with a color combination to create a password as shown in Figure 2. The proposed technique is helpful in avoiding password breaches, as it is stronger than traditional text-based passwords or PIN numbers; similarly, this technique creates complexity for breaching the password because of the reduced probability of successfully breaching the password, as explained in Section 4. Simulation results proved that the proposed scheme is resilient to (i) brute force attack, (ii) shoulder surfing and (iii) smudge attack and much stronger than traditional text-based password and 4-digit PIN password. FBAT also proved the ease of use during password creation and login phase.

Table 4 below shows the results of the 30 participants who logged in successfully on the first attempt and their total login accuracy. The results depict that the percentage of total accuracy and accuracy of the first attempt is higher in the first session than the second session, as 29 out of 30 (96.66%) participants were able to log in successfully at the first attempt. Total accuracy was assumed to be 100% in the first session. It is because at that time they created a pattern and it was fresh in their mind, which helped them to log in at the first attempt. After a period of one week, participants were requested to use the application again with the same pattern which they created in the first session to unlock the device. Surprisingly, the results showed that 28 out of 30 (93.33%) participants were able to log in successfully. It includes 21 (70%) participants who logged in at the first attempt and six out of 30 (20%) who logged in after more than one attempt. Three participants (10%) took more than five attempts to log into the device. When we asked the participants about the extra attempts to login, they told that clicking on the triangles confused them because of the random motion of colors used in the pattern. They also stated that as information regarding bank account numbers etc. is confidential, and we used a complex pattern for this, it in turn increased the number of attempts required to crack the system. However, if we discuss the average successful login attempts of an individual person, it can be stated that the average single person took 3.8s for unlocking the device during the login phase. However, a few of the participants like those who were above 40 years of age took 6.1, 5.2,4.9, 7 and 5 s to unlock them. According to them, it was because three of the professors were above 55 years of age and they had weak eyesight issues and two of them selected a complex password. 2ff7e9595c