A

SYNOPSIS

REPORT

On

Three Layer Password

Protection
Submitted in partial fulfilment of the requirements of the

Diploma in Engineering
In
Information
Technology To
Maharashtra State Board of Technical Education,
Mumbai

Submitted By
Tejas Devanand Thorat (56)
Harshal Ravindra
Thakur(21) Bhojj Tushar
Dattu (07) Piyush Pravin
Walunj(60)

Under the Guidance of

Prof. Mrs. Sonali

Tarle
1
 Department of Information
Technology Matoshri Education
Society’s
Matoshri Aasarabai Polytechnic, Eklahare,
Nashik December 2024

2
 INDEX

Chapter no: Topics Page no:

1 Abstract 3

2 Introduction 4

3 Problem of Statement 5

4 Objective 7

5 Literature Survey 8

6 Methodology 10

7 Hardware and Software Requirements 13

8 Future Scope 14

9 References 15

Seal of Institute

Prof. M.P.Bhandakkar Mrs. S.S.Tarle Signature of Guide

Signature of Head of Department

3
  Abstract

The project is an authentication system that validates user for accessing the system only when they
have input correct password. The project involves three levels of user authentication. There are varieties of
password systems available, many of which have failed due to bot attacks while few have sustained it but to a
limit. In short, almost all the passwords available today can be broken to a limit. Hence this project is aimed
toachieve the highest security in authenticating users.
It contains three logins having three different kinds of password system. The password difficulty
increases with each level. Users have to input correct password for successful login. Users would be given
privilege to set passwords according to their wish. The project comprises of text password i.e. passphrase,
image based password and graphical password for the three levels respectively. This way there would be
negligible chances of bot or anyone to crack passwords even if they have cracked the first level or second
level, it would be impossible to crack the third one. Hence while creating the technology the emphasis was
puton the use of innovative and untraditional methods. Many users find the most widespread text‐based
password systems unfriendly, so in the case of three level password we tried creating a simple user interface
and providing users with the best possible comfort in solving password.

4
  Introduction:

The increasing reliance on digital platforms has led to a significant surge in cyber attacks. Among these,
bot attacks aimed at cracking passwords have become particularly prevalent. As businesses and individuals
movemore of their operations online, the threats to sensitive information have intensified.Many existing
authentication systems are predominantly based on traditional text-based passwords. Unfortunately, these
systems have proven inadequate in withstanding the sophistication of modern cyber attacks. Common
weaknesses in password security make it easier for attackers to gain unauthorized access tosensitive data.To
address these pressing security challenges, our project is focused on developing a robust Three-Level User
Authentication System. This innovative approach aims to enhance security through the implementation of
multiple layers of password protection.

Key Features of the System

1. Multi-Layered Security: By employing multiple layers of password security, our system aims
to significantly reduce the likelihood of unauthorized access.

2. Enhanced Protection: Each level of authentication is designed to provide additional safeguards, making
it increasingly difficult for attackers to breach the system.

3. User-Friendly Experience: While increasing security, we also strive to ensure that the
authentication process remains user-friendly and accessible.

The Goal of the Project

The ultimate goal of this project is to create a secure authentication process that can effectively withstand
modern cyber threats, providing users with peace of mind and protecting sensitive information.

5
  Problem Statement:

Current password systems are often vulnerable to brute force and bot attacks, leading to security breaches.
Even though stronger password policies have been implemented, they often reduce user convenience and are
still not foolproof. The proposed project seeks to address the shortcomings of conventional single-layer
password systems by introducing a multi-layered authentication system that drastically reduces the possibility
of a security breach.

Proposed Solution:

The Three-Level User Authentication System incorporates three distinct types of password mechanisms:

1. Level 1: Text-based passwords – Users input a traditional passphrase, which forms the first line
of defense.
2. Level 2: Image-based passwords – Users select a sequence of images as their password, providing
an additional layer of security.
3. Level 3: Graphical passwords – Users interact with a graphical interface, for example by
selecting specific points on an image, adding complexity to the authentication process.

Each level offers a progressively tougher challenge for attackers, ensuring that even if the first or second
level is compromised, the system still remains secure.

Key Features:

 Multi-Layered Authentication: A three-step process ensuring robust protection.

 User Flexibility: Users have the freedom to set their passwords for each level,
enabling personalization.
 Enhanced Security: Each level incorporates distinct password systems, adding a layer of
protection from bot attacks and brute force methods.
 Simple User Interface: Despite the complexity of security, the interface is designed to be user-
friendly and intuitive.
 Minimized Breach Possibility: The system significantly reduces the likelihood of
unauthorized access, even if one or two levels are breached.

Innovations:

 Graphical and Image-Based Passwords: Going beyond traditional passphrases, this

system incorporates non-conventional password systems that are more secure and harder to
crack.
 Layered Security: By requiring the user to authenticate through multiple steps, the system
minimizes the chances of a complete security breach.

Applications:
This authentication system is ideal for platforms requiring high security, such as banking
systems, confidential corporate applications, government databases, and other sensitive online
services. It could also be implemented in personal systems where users seek higher levels of privacy
and data protection.

6
Existing System:

1. Text-based Passwords: Users create and input a password (combination of alphanumeric characters)
to gain access. These are widely used but vulnerable to attacks like brute force, dictionary attacks, and
phishing.
2. Two-Factor Authentication (2FA): This involves an additional layer of security, such as sending a
one-time password (OTP) to the user's mobile device, or using authentication apps like Google
Authenticator. While this adds some level of security, it still has vulnerabilities, especially in cases
of SIM swapping or interception.
3. Biometric Authentication: Involves using the user's physical characteristics, such as fingerprints or
facial recognition, for authentication. While this provides a more secure option, it’s not foolproof
and can be expensive to implement.
4. Captcha-based Systems: To prevent bot attacks, many systems use CAPTCHA to verify that the
user is human. However, advancements in machine learning have made it possible for bots to crack
some CAPTCHAs.

These existing systems provide some level of security, but they are still susceptible to various types of
attacks, including brute force, phishing, and advanced bot attacks. The need for more secure, multi-level
authentication methods is apparent, especially in highly sensitive environments.

7
  Objective:

The goal of this project is to implement a multi-level authentication system that improves user security by
introducing diverse forms of password systems. These include:

1. Text-based passwords (passphrase)

2. Image-based passwords
3. Graphical passwords

Each of these levels presents increasing difficulty, making it virtually impossible for bots or unauthorized
users to breach all levels. This system not only heightens security but also enhances user experience by
offering flexibility and personalization in password selection.

8
  Literature Survey:

Section Subsection Details

1. Introduction to User User authentication is crucial for cybersecurity, ensuring only
Authentication authorized access to sensitive data. Traditional password-
based methods are becoming inadequate due to
sophisticated cyber threats.
2. Existing Text-based Research: Vulnerabilities are prevalent; common patterns
Authentication Passwords are predictable (Das et al., 2014).
Mechanisms Strengths: Familiarity and simplicity.
Weaknesses: Easily compromised; users often select weak
passwords.

Image- Research: Allows users to select images as passwords; more

based resistant to shoulder surfing (Wang et al., 2015).
Passwords Strengths: Enhanced memorability; reduced brute-force
attack risk.
Weaknesses: Not suitable for visually impaired users
or those unfamiliar with the process.
Graphical Research: Users click on specific image locations; leverages
Passwords spatial memory (Jermyn et al., 1999).
Strengths: Increased password complexity; harder to guess.
Weaknesses: Vulnerable to shoulder surfing; may need user
training.

3. Multi-Factor Research: Combines multiple credentials (passwords, tokens,

Authentication (MFA) biometrics); enhances security (Alotaibi and M. A., 2020).
Strengths: Significantly improves security; reduces
account compromise risk.
Weaknesses: Adds complexity; requires additional resources.
4. Usability and Research: Complex systems can frustrate users (Riley et al.,
User Experience 2017); balance between security and usability is crucial.
Strengths: Increases user satisfaction; boosts adherence
to protocols.
Weaknesses: Usability can compromise security; users may
choose weak passwords.
5. Recent Innovations in Behavioral
Research: Continuous authentication based on behavior,
Authentication Biometrics such as typing patterns (Khan et al., 2019).
Strengths: Non-intrusive; enhances security.
Weaknesses: Privacy concerns; requires
advanced

algorithms.

Research: Considers user context (location, device, time) to

improve security (Rao et al., 2021).
Context-Aware Strengths: Adapts to behavior; enhances security.
Authentication Weaknesses: Complex to implement; potential privacy
issues.

9
  Methodology for Three-Level User Authentication System

The methodology to develop the Three-Level User Authentication System follows a structured, step-by-step
approach. This includes requirements gathering, design, development, testing, and deployment of the system.
The key focus is on ensuring security, usability, and reliability. The methodology can be broken down into the
following phases:

1. Requirement Analysis:

 Objective: Identify the key functional and non-functional requirements of the authentication system.
 Activities:
o Gather requirements related to user authentication methods, security protocols, and
password management.
o Analyze user expectations, system performance criteria, and possible attack scenarios
(e.g., brute force, bot attacks).
o Identify the data to be stored (username, hashed passwords, images, etc.) and
choose appropriate storage mechanisms (e.g., databases).
o Finalize the types of passwords for each authentication level: text-based (passphrase),
image- based, and graphical passwords.
o Evaluate security standards like encryption (e.g., bcrypt, SHA-256) and tokenization
(e.g., JWT).

2. System Design:

 Objective: Design the architecture of the three-level authentication system.

 Activities:
o System Architecture:
 Design a multi-tier architecture with separate modules for frontend (user
interaction) and backend (authentication, password management, data storage).
 Define secure APIs for interaction between frontend and backend.
o Database Design:
 Structure the database to store user information and passwords securely,
with encryption in place.
 Use hashing algorithms (like bcrypt) for storing passwords securely.
o Level-wise Design:
 Level 1 (Text-based Password): Design the first authentication layer with
passphrase validation.
 Level 2 (Image-based Password): Design an image selection interface, where
users select a sequence of images as their password.
 Level 3 (Graphical Password): Design a graphical interface that allows users to
select specific points on an image as their password.
o User Interface (UI) Design:
 Focus on creating a simple and user-friendly UI for setting and entering passwords
at each level.
10
 Ensure the system is responsive, supporting both desktop and mobile views.
3. Development Phase:

 Objective: Implement the system based on the finalized design.

 Activities:
o Frontend Development:
 Implement the user interfaces for each level using modern web technologies
(HTML, CSS, JavaScript) or frontend frameworks like React/Angular.
 Implement user feedback mechanisms (like error messages, guidance prompts)
for password setting and validation.
o Backend Development:
 Develop APIs for handling user authentication requests at each level.
 Implement security measures, such as input validation, to prevent injection attacks.
 Set up password storage with hashing and salting techniques.
o Database Integration:
 Implement database logic for storing user credentials, ensuring data is encrypted
and secure.
 Use relational databases like MySQL/PostgreSQL or NoSQL databases like MongoDB.
o Implementation of Three Levels:
 Level 1: Implement the logic for validating the passphrase (text-based password).
 Level 2: Implement image-based password logic where users must select the
correct sequence of images.
 Level 3: Implement the graphical password logic, requiring users to interact with
an image and select specific points.

4. Security Implementation:

 Objective: Enhance the system's security to minimize vulnerabilities.

 Activities:
o Implement encryption algorithms for password storage and data communication
(using SSL/TLS).
o Add rate-limiting to restrict login attempts and mitigate brute force attacks.
o Implement CAPTCHA or other bot-detection mechanisms to prevent automated
login attempts.
o Use session management and token-based authentication (JWT) to manage user
sessions securely.
o Perform security testing, such as penetration testing, to identify potential vulnerabilities.

5. Testing and Validation:

 Objective: Ensure that the system functions correctly and is secure.

 Activities:
o Unit Testing: Test individual components (e.g., passphrase validation, image-based
and graphical password modules) for correctness.
o Integration Testing: Ensure smooth integration between the frontend, backend, and database.
o Security Testing: Conduct tests for security loopholes, such as brute force
vulnerabilities, SQL injection, or cross-site scripting (XSS).

11
 o Performance Testing: Ensure that the system can handle multiple users simultaneously
and that response times are within acceptable limits.

6. Deployment and Implementation:

 Objective: Deploy the system to a production environment.

 Activities:
o Set up the system on a cloud service provider (e.g., AWS, Azure, or Google Cloud) or a
local server.
o Configure SSL certificates to enable secure HTTPS communication.
o Conduct live testing with real users to ensure the system works as intended in a
production environment.

7. Maintenance and Updates:

 Objective: Ensure the system remains secure and up-to-date after deployment.
 Activities:
o Monitor the system for potential security threats and apply patches as necessary.
o Update security mechanisms, such as password complexity policies, if new
vulnerabilities arise.
o Maintain user support and address any usability issues reported by users.

8. Documentation:

 Objective: Create documentation for developers, system administrators, and users.

 Activities:
o Developer Documentation: Include code structure, system architecture, and
API documentation for future developers.
o User Documentation: Provide guidelines on setting and using passwords at all three
levels, along with security best practices.

12
  Software and Hardware Requirements:

Software Requirements:

1. Operating System:
o Windows, Linux, or macOS
2. Programming Languages:
o Backend: .Net
o Frontend: HTML, CSS, JavaScript (React, Angular, or Vue for modern UI)
3. Frameworks and Libraries:
o Flask/Django (for Python) or Spring Boot (for Java) for server-side development
o Express.js (for Node.js)
o React or Angular (for user interface)
o OpenCV or Pillow (for image handling)
o D3.js or p5.js (for graphical password interface)

4. Database:
o MySQL, PostgreSQL, or MongoDB for storing user information and password data securely
5. Authentication Libraries:
o Bcrypt (for password hashing)
o OAuth2.0 (if integrating with other services)
o JSON Web Tokens (JWT) for secure sessions
6. Web Server:
o Apache, Nginx, or similar
7. Integrated Development Environment (IDE):
o PyCharm, Visual Studio Code, IntelliJ, or similar
8. Other Tools:
o Version control using Git and GitHub/GitLab
o Testing framework (JUnit, pytest)

Hardware Requirements:

1. Server Hardware:
o Minimum 8 GB RAM
o Quad-core processor or higher
o 500 GB hard disk space (minimum) for small-scale deployment
o Cloud hosting (AWS, Azure, or Google Cloud) for large-scale deployment
2. Client-Side Hardware:
o Any modern desktop or laptop with internet access
o Mobile devices (if testing on mobile interfaces)

Network Requirements:

 Stable internet connection for server-client communication

 SSL certificates for encrypted communication

13
  Future Scope:

The Three-Level User Authentication System has vast potential for future improvements and applications,
including:

1. Integration with Biometric Authentication:

o Future versions of the system could integrate biometric authentication such as fingerprint,
iris scan, or facial recognition as an additional level of authentication, further strengthening
security.
2. Artificial Intelligence for Anomaly Detection:
o AI and machine learning can be incorporated to detect unusual login behavior, such as
repeated login attempts from different locations or devices, and issue security alerts or lock
down the account temporarily.
3. Blockchain for Decentralized Authentication:
o Incorporating blockchain technology can offer decentralized, tamper-proof
identity verification, making it even harder for attackers to breach user credentials.
4. Multi-Language and Cross-Platform Support:
o Expanding the system to support multiple languages and platforms (web, mobile apps)
will make it more user-friendly and accessible to a broader audience.
5. Advanced Encryption Mechanisms:
o Implementing advanced encryption algorithms (like quantum-resistant encryption) to
secure user passwords and data would make it future-proof against potential quantum
computing threats.
6. Cloud-Based Scalable Solutions:
o Future versions could move towards cloud-based authentication services that allow
businesses to implement this multi-level security on a larger scale with scalable infrastructure
and less dependency on physical servers.
7. Password-less Authentication:
o Transitioning towards more user-friendly and secure password-less authentication
methods (such as FIDO2) that combine biometrics and token-based authentication.
8. Enhanced User Experience:
o The graphical password system can be further developed to include more intuitive
user interaction designs (e.g., touch gestures on mobile) for a more seamless
experience.

By focusing on continual innovation and incorporating emerging technologies, this project can evolve into a
highly versatile and secure solution for various sensitive applications such as banking, healthcare, and
governmental systems.

14
  References:

[1] https://www.researchgate.net/publication/
347973363_User_Authentication_A_Three_Level_Password_Au thentication_Mechanism
[2] https://ijcrt.org/papers/IJCRT2006540.pdf
[3]https://www.researchgate.net/publication/329675101_Three_Level_Security_System_using_Image_Base
d
_Authentication [4]http://ieeexplore.ieee.org/xpl/articleDetails.jsp?tp=&arnumber=6076505&queryText
%3DMulti+Level+Pas sword
[5] https://ieeexplore.ieee.org/document/5522747
[6] http://en.wikipedia.org/wiki/Hue
[7] http://en.wikipedia.org/wiki/Color_vision
[8] http://en.wikipedia.org/wiki/Indigo

15