Académique Documents
Professionnel Documents
Culture Documents
BACHELOR OF TECHNOLOGY
in
Certified that this project report REVISITING PRIOR PROPOSALS FOR DEFENSES AGAINST LARGE-SCALE ONLINE PASSWORD GUESSING ATTACKS is the bonafide work of ARUL ISAI.U.S, PRIYADHARSHINI.S and SUDHA.S who carried out the project work under my supervision.
SIGNATURE
SIGNATURE
Mrs.S.Rama (M.E.)
SUPERVISOR
Department of Information Technology Meenakshi College of Engineering West K.K.Nagar Chennai-600 078.
Assistant Professor Department of Information Technology Meenakshi College of Engineering West K.K.Nagar Chennai-600 078.
INTERNAL EXAMINER
EXTERNAL EXAMINER
ii
ACKNOWLEDGEMENT
We sincerely and whole heartedly express our gratitude and indebtness to our esteemed founder, chair person and the authorities of MEENAKSHI AMMAL EDUCATIONAL TRUST for the patronage and parental care showered on our welfare rooted in the academic career. We deeply thank our Director Mrs.R.PREMALATHA KANIKANNAN, M.E., MBA, for providing immense laboratory and library facilities that helped us to complete our project successfully. We express our deep sense of gratitude for to his our principal and
support
We express our sincere thanks to Mr.UPENDRA BABU, M.E., (Ph.D) Head of the Department, Information Technology for giving constructive ideas and valuable criticism on our project. We immensely oblige to our internal project guide Mrs.S.RAMA, M.E., for her valuable suggestion, guidance and sustained interest in completing the project successfully. We extend our gratitude to all our department teaching, non-teaching staff members and friends and for their immense guidance throughout our project work.
iii
ABSTRACT Nowadays, there is an alarming increase of certain Brute Force and dictionary attacks on password by remote login services. It is a difficult problem to prevent such attacks in the real-time network so that the legitimate users will find a convenient login. The widely used method is Automated Turing Tests (ATTs). It is an easy approach to identify automated malicious login attempts with reasonable cost of inconvenience, to users. One effective defense against automated online password guessing attacks is to restrict the number of failed trials without ATTs to a very small number (e.g., three),limiting automated programs as used by attackers to three free password guesses for target account , even if different machines from a botnet are used. However, this inconveniences the legitimate user who then must answer an ATT on the next login attempt. Here we analyze the inadequacy of existing protocols and the proposed login protocols designed to prevent large scale online dictionary attacks. We propose a new Password Guessing Resistant Protocol (PGRP) derived upon revisiting prior proposals to restrict such attacks. It limits the total number of login attempts from unknown remote hosts to as low as a single attempt per username. Legitimate users can make several failed login proposals before being challenged with an ATT. We shall prove that this method is more promising than all the existing proposals.
iv
PAGE NO
iv viii ix xi
30 34
4.3 Introduction to UML Representation 4.4 Activity Diagram 4.5 Sequence Diagram 4.6 Use Case Diagram 4.7 Class Diagram 5. SYSTEM DESCRIPTION 5.1 List of Modules 5.1.1 Captcha Security 5.1.2 Password Guessing Resistant Protocol 5.1.3 Implementation of captcha security 6. SYSTEM TESTING 6.1 Types of Testing 6.2 Software Testing Strategies 6.3 Objectives of Testing 6.4 Error finding Test Methods 6.5 Test Case 6.5.1 Test Case Format 6.5.2 Purpose of a good Test Case 6.5.3 Review of Software Test Cases 6.5.4 Structure of Test Case 6.5.5 Test Case Design
36 40 42 43 44
46 46 47 49
53 64 65 69 70 70 71 72 74 74
vi
6.5.6 Guidelines To Prepare Test Case 6.6 Test Case Report Generation 7. CODING 7.1 Coding standards 7.2 Source code 8. 9. 10. 10. SCREENSHOTS CONCLUSION FUTURE ENHANCEMENT REFERENCES
75 77
vii
LIST OF TABLES TABLE NO. 1 2 3 4 5 6 7 TITLE Description of UML Diagrams Error Finding Test Methods Test Case Report for the Entire Project Test Case Report for Negative Testing Test Case Report for Positive Testing Test Case Report for Black-Box Testing Test Case Report for White-Box Testing PAGE NO. 38 69 77 78 79 80 80
viii
LIST OF FIGURES
TITLE EXISTING CAPTCHA PROPOSED ARCHITECTURE FLOW OF PLATFORM INDEPENDENT JAVA CODE BETWEEN DIFFERENT PLATFORM JAVA PROGRAM USING JAVA PLATFORM TO GAIN PLATFORM INDEPENDENCY SDLC Life Cycle OVERALL ARCHITECTURE TYPES OF UML DIAGRAMS ACTIVITY DIAGRAM SEQUENCE DIAGRAM USECASE DIAGRAM CLASS DIAGRAM CAPTCHA GENERATION USER LOGIN PAGE EXAMPLE OF IMAGE CAPTCHA SNAPSHOT FOR HOME PAGE SNAPSHOT FOR LOGIN PAGE
ix
PAGE NO. 10 11 24
3.2
25
4.1 4.2 4.3 4.4 4.5 4.6 4.7 5.1 5.2 5.3 8.1 8.2
32 34 37 40 42 43 44 47 50 50 147 148
8.3
SNAPSHOT FOR REGISTRATION PAGE SNAPSHOT FOR LOGIN PAGE WITH USERNAME FIELD ENABLED SNAPSHOT FOR CAPTCHA GENERATION SNAPSHOT FOR IDENTIFYING CAPTCHA SNAPSHOT OF LOGIN PAGE WITH PASSWORD FIELD ENABLED SNAPSHOT OF THE WEBPAGE FOR THE DESIRD USER
149
8.4
150
8.5
151
8.6
152
8.7
153
8.8
154
LIST OF ABBREVATIONS
Automated Turing Tests Java Virtual Machine Java Server Pages Java Server Faces Model Viewing Controller View Description Language Application Programming Interface Hyper Text Markup Language Password Guessing Resistant Protocol
xi