The project idea has originated from an interesting but a scientifically-proven fact, which simply states that humans have a far greater capacity for recognition than they do for recall. In other words, a user is far more adept at recognising an image that they have previously seen than recalling a word or a phrase that they have attempted to commit to memory.
2. Problem Specification and Objectives
The project explores the strengths and flaws of an authentication system that uses Random Art images for use by university students accessing their university accounts or student portals. The following steps were taken as a guide to approaching the problem.
1. Implement an experimental authentication system that uses image-based keys.15%
2. Test the experimental system by conducting surveys with real users.25%
3. Analyse the strengths and weaknesses of image-based authentication using the experimental results.
Although the project involves the design and build of an experimental authentication system, it will also focus on the discussion and the examination of the issues surrounding the use of images in this field. Depending on the progress of the work, the project may be included in an open source software project.
H-IBAS-H aims to achieve the following:
Make it difficult for students to describe their pass-images to their friends.
Eliminate the possibility of deducing the user’s image set by means of an intersection attack.
Ensure that there are a sufficient number of permutations that it is not feasible that an attacker could be authorised by guessing.
The testing stage involved the design of a questionnaire that targetted the ECE; stuff and students. Before publishing it, the developer’s hypothesis of each question in the questionnire was documented. Then afterwards, the questionnaire was made public and a group of more than 100 students were involved in the survey.
In the final stage, the analysis stage, the developer’s hypotheses were compared to the survey’s results and conclusions were drawn out. The survey results were used to deeply analyse the strengths and weaknesses of H-IBAS-H.
3. Primary User of H-IBAS-H
H-IBAS-H is designed primarily to be the login system that authenticates the University students to their Student Portals.
4. Technologies Used in H-IBAS-H
H-IBAS-H was built using the Client/Server approach in a form of a website, i.e a web-based system. The technologies employed in the project were Java, JSP, JavaScript, HTML, MySQL, JDBC, web browser like IE, and a web sever like Tomcat or O4CJ.
The decision to use Java in this project is taken from the grounds that Java is platform independent, portable, and most suitable for internet applications. Thus, it would greatly suit the work since the intention was to design the proposed project in a web-like environment.
5. H-IBAS-H
5.1 Authentication Algorithm
The pass-images are randomly distributed on the login rounds. Therefore, every round may have all, some or none of the pass-images. At least, one login round must contain no pass-images.
5.2 H-IBAS-H modes
5.2.1 Pre-set mode
The H-IBAS-H administrator is responsible for setting the number of the pass-images and the number of the training and the login rounds that the student may go through. The system admin is free to set any number that they believe it is suitable. Currently, the pre-set mode sets H-IBAS-H to operate as follows: The students may select 4 pass images from the offered 21 images and they may go through at least 2 successful training rounds. The students are free to train more if they wish. When they log in, the students may go through 4 login rounds. The students can have 3 attempts to retry to log in before their account gets locked. However, if their account gets locked, the legitimate student can check their email where they will find a reactivation link that enables them to reset their pass-images. Another scenario where the students forget their pass-images, they can click on the “forgot pass images” link where they enter their user name and a reactivation link is e-mailed to them.
5.2.2 Flexible mode
All the features included in the pre-set mode are also applicable here but the difference is that, it is the student who can decide on the number of pass images , not less than 2, they want to use and the number of the login rounds, not less than 2, they want to go through. The student can also go through as many times of training rounds, not less than 1, as they wish. This mode is primarily designed to provide full flexibility to the students.
6. Experiments
In all of the experiments, the participants were invited to authenticate with H-IBAS-H and were afterwards asked to fill in a questionnaire.
6.1 First Experiment (Pilot Survey)
This was an initial study that aimed to solve any ambiguities in the user questionnaire and to improve H-IBAS-H to be as much user-friendly as possible.
6.2 Second Experiment
Some of the objectives of this experiment are shown below:
The first objective aims to build a trust relationship between the interviewer and the interviewee(s). Thus, there are about 13 easy-to-answer questions which act as a motivator and as a filter for the interviewees.
The second objective is to assess the reasons behind the user’s choices of their pass images. Here, there is one question only which is split to 9 sub questions.
The third objective is to assess the time consumed while registering and logging with H-IBAS-H. This objectives highlights the areas where the most of the time is spent and tends to give a reasonable picture on whether users think H-IBAS-H is time consuming! Here, there are about 5 questions, with some being divided to sub questions.
The fourth objective assesses the ease of use of H-IBAS-H. This objective is of particular importance as it sheds a light on how useable H-IBAS-H. About 4 questions, with some divided into sub questions;, try to get the user’s opinions.
The fifth objective obtains the user’s opinions as in where H-IBAS-H stands in comparison with other authentication systems in terms of the speed, the ease of use and the joy of use and many more. The opinions are approximately obtained by 4 questions, with some divided into sub questions.
The sixth objective aims to find out the reasons behind the inability by some users either to register or to authenticate. This is roughly accomplished by 8 questions, with some divided into sub questions.
And last but not least, the seventh objective is to assess some other different areas that are not covered by the objectives above. An example of this is to assess the Random Art features! 8 questions here to conclude the survey.
In this part, the questionnaire targets the ECE population, stuff and students. The ECE population have been divided into 5 distinctive groups. The 5 groups are, as follows
First Year Students.
Second Year Students.
Third Year Students.
Masters and PHD students
Stuff, i.e. the lecturers, System Administrators, and the Technicians.
A sample size of equal percentage, 10% of each group, has been surveyed. There are currently almost 80 feedbacks from the 5 groups. This experiment has been run over a period of 10 days,
6.3 Third Experiment (4-week Experiment)
This experiment was run over a period of 4 weeks.
Some of the objectives of this experiment are shown below:
To inspect whether the number of experiences with H-IBAS-H has an effect on the participants’ answers.
- To examine the effects of updating the students’ pass-images after becoming familiar with the old ones in terms of whether the new pass-images would be confused with the old ones.
To study the effects of having more than one image-set.
To evaluate the participants’ ability to recognise their images over a 4-week period.
7. Findings
The flexibility in key generation should be provided if an image-based authentication system is desired to gain high success in usability.
The similar images should be eliminated if an image-based authentication system is desired to score a high percentage of success in usability.
Authentication stability can be provided even where the image-based authentication system is not frequently used.
Image-based systems that use random art as their authentication keys depend on recognition as well as recall.
8. Conclusion
The high rate of success, achieved by users attempting to authenticate with H-IBAS-H, strongly supports the arguments of those seeking to push image recognition forward as a viable alternative to the widely-used text-based systems.
9. Project Website
Please visit us on oman4ever.org to expermint with H-IBAS-H.
Feel like wanna give H-IBAS-H ago:
Please visit us on www.oman4ever.org to experiment with H-IBAS-H.
10. Acknowledgments
First of all, it would honour me to thank my supervisor, Mr. Chi Nguyen for his ever-lasting encouragements and his never-ending motivations. I would also like to thank him for his endless help and countless assistance. I know that Chi’s motivating words inspired me highly and helped me greatly to complete this project. I do firmly believe that without Chi this project would not have become reality.
Secondly, I would like to thank my moderator, Dr. Branislav, for him all the high appreciation is to be raised and the sincere thanks are to be extended for his incredible motivations and his valuable help.
I would also like to thank Dr. David Barret for helping me with my statistics. In addition, I would also like to thank Mr. Matthew Coles for his help. Mt thanks are also extended to Mr. Cedric, the ECE system administrator, for all his help.
