PASS POINT SELECTION OF AUTOMATIC GRAPHICAL PASSWORD AUTHENTICATION TECHNIQUE BASED ON HISTOGRAM METHOD

- Graphical passwords, as opposed to textual passwords, require the user to pick pictures or draw symbols rather than input written letters. They are an option that may be explored in order to get over the issues that are caused by the system of passwords that are based on text. It has been hypothesized that graphical passwords are more difficult to crack using a brute force technique or to figure out through guessing. This paper proposes an authentication system based on a graphical password method. The proposed system computes the password points using histogram arithmetic and encrypts the chosen password points using SHA512. The envisioned system has been realized as an android application and evaluated with existing research considering multiple measurements such as required login time, password space, and entropy. The findings reveal that the new suggested system outperforms the reference work by more than 85% in terms of login latency and more than 72% in terms of entropy results..

their vocabulary or numbers from their date of birth. Hackers can take advantage of these simple patterns, such as using a starting capital. Many password approaches can be breached using commonly used passwords, letter frequencies, or frequency-based attacks.
Classical textual passwords are still extensively used in many fields, and one well-known security and usability flaw [2] is required because a poor password can be readily guessed by attackers, reducing authentication security significantly [3].
Therefore, using a graphical password reduces the issues of text passwords and has many problems that need to be solved.
The graphical password requires much more storage space; password registration and login take a long time to process.
Thus, in this work, a new pass point select automatic technique based on the graphical password histogram method is proposed to improve performance evaluation for this password. This work aims to introduce a new automatic pass point selection password instead of a large number of manual systems that exist and overcome problems that face it, such as long processing time, inaccurate selection of points and forgetting their places, large storage space for images, etc. The proposed system meets these requirements by determining points automatically based on the histogram.

II. RELATED WORK
Greg E. Blonder conceptualized and designed the Blonder in 1996. During the registration process, the user must construct a password by clicking on various locations on a picture. During the authentication session, the image is displayed to the user. To be authorized, the user must click on the tough spots in a predetermined order. The downside of this approach is that it only allows for a limited number of unique passwords. Because the number of pre-defined clickable locations is restricted, the password must be lengthy to be safe [5]. Wiedenbeck et al. (2005) [4], designed and implemented the PassPoints method, which consists of presenting a picture to the user and asking him to choose a set of points on the image. Each point entered during the authentication procedure is matched to the matching point in the original registration set and must be within a specific acceptable limit of that point. Hemavathy et al., (2017) [6], The histogram is created in this module based on the query picture from the image collection. The graph's horizontal axis indicates tonal dissimilarities, while the number of pixels making up that color is shown along the vertical axis. Black and dark areas are represented by the leftmost horizontal axis, while the middle range of gray is in the middle, and the rightmost axis is white. The vertical axis indicates the size of the seized territory in each of these zones. As a result, the histogram for an extremely dark image will have most of its data on the graph's left side and center. The user can register by uploading the image, and once the photo is uploaded, it will be compared to the LDN code that is used to store features of the original image.  [7], The 'PassPositions' graphical password system, as well as its upgraded variant, the 'PassPosi-tionsII,' are described in detail. The PassPositions system has been adapted to function in the Android environment with the Galaxy Tab, and it is now available. Because it is currently compatible with a wide range of Android mobile devices, it is simple to deploy, and it is a light system. It can be used to replace text-based password schemes in a wide range of mobile applications, including mobile games.
Wiangsripanawan (2018) [8], HapticPoints suggested graphic password authentication using PassPoints, where the user clicks on a series of fake click points in the password image by randomly adding haptic input to the image. It has also been improved in its capacity to avoid dictionary attacks, in particular hotspot attacks, by including picture saliency during the registration process, which informs the user about the suitability of the password image selection made by the user.
As a result of PassPoint and HapticPoints being studied for their usability, Compared to PassPoints, HapticPoints provide a more secure password and better protection against the vulnerabilities described by the threat model. Ali et al., (2019) [9], Fractal-Based Authentication Technique (FBAT) uses a Sierpinski triangle to overcome shoulder surfing, brute force, and smudgingÂ attacks. Password guessing is weak in this scheme, making it resistant to attacks. As a result, this technique may be deployed on any device that requires authentication, such as ATM machines, smartphones, and computers. Kumar  [13], introduced a graphical password system. The proposed scheme for authenticating IoT system resources applies to all IoT-related domains. For secure access to IoT resources, this paper suggests a visual password scheme called Two Clicks per Character (TCpC) . Important aspects of authentication systems like password resets and replacements are also discussed.
Abdalkareem et al., (2021) [14], To protect confidential information, this paper suggests a novel method of password generation based on mouse movement and a special case location recognized by the number of clicks. It has been suggested that users click in two or three distinct places to require more complex passwords. This approach was developed to reduce the likelihood of a user's password being guessed by increasing the number of possible mouse motion combinations used in graphical password generation.

III. BACKGROUND A. Histogram equalization
In order to produce the highest possible picture quality, the varying It is preferable for light intensities captured by pixels in a digital image to fill the full range of tonalities. It follows that the lowest possible light intensities in a picture should be assigned the value zero, while the highest possible light intensities should be assigned the highest possible value of the discrete mapping range. A wide range of image intensity values that are evenly distributed ensures strong image contrast [15] [16]. This is the histogram equalization for an individual pixel that occupies the position (x,y) and which has an initial associated intensity I(x,y), as shown in the following [histogram] equation [15]: Where L.is the number of potential intensity values, Cf (I) denotes the cumulative frequency distribution of the pixel intensity I, and N represents the total number of pixels contained within the image. The cumulative frequency distribution is the total of all image histogram values in the range [0, L 1] across time [17].

B. Hash function
A hash function is a technique that accepts an arbitrary amount of data as input and returns an output of a specified size in return [18]. Hash functions are extremely significant in network security and cryptography because they may be used to verify data. A check is performed in order to ensure the integrity and authenticity of information or data transmitted between the source and the destination. In both symmetric and asymmetric key cryptosystems, the hash function is utilized for key generation. According to how difficult it is to break different algorithms, different levels of security are provided by each of them. The integrity of the data in a highly protected system is extremely important. Users of the system can construct a message digest with the help of a cryptographic hash function, which can be used to detect unauthorized changes in the files. It is especially vital when dealing with mission-critical systems and sensitive databases. Several traditional hashing algorithms include SHA-1, SHA-2, SHA-3, MD4, MD5, Whirlpool, etc. [19]. The Hash in our proposed system is SHA-512. The primary purpose of this work is to develop and construct an authentication system using the graphical password mechanism. The proposed system has two major phases. The first is referred to as the registration step, and the second as the login stage. The last stage is used by all the mentioned stages and is called "Compute Hash Value of Password Points".
Each of these phases is comprised of several steps. This section will depict every saga.

A. Registration Stage
The first phase is known as the "registration phase. When a user creates a new account, they must first provide the required registration information, including their username, email address, and text password. After confirming the provided information, the system prompts the user to choose an image and security level. The chosen image is then split into NxN blocks, and the system computes the histogram of each block following applying the threshold to select all points over the predefined threshold. and displays them on the image. The user must pick a password consisting of an arbitrary number of non-ordered points from the available points. The system next computes the hash value of all chosen points and stores it, together with all other user data, with the selected image, threshold value, and security level, in the database for use during the login process. The diagrams depict the main phases of the registration process. The authentication system's content-adding processes involve answering hint questions to guarantee that a lost password can be retrieved. As seen in Fig. 3.

B. Login Stage
The login phase of the proposed system is the second phase. At this stage, the user will be requested to provide basic login information, such as a username or email address, along with a text password. The system will next submit the information to the database to check whether the user already exists, and it will reply with all of the user information that was provided during the registration process. Once the picture has been received from the database, it will be split into NxN blocks and the histogram of each block will be generated, revealing the points to be selected. The system will then generate the hash of the chosen points and transmit it to the database so that the values may be compared. If they are identical , the user will be able to login successfully. Otherwise, they need to reselect the point. The number of password selections is limited. If the number of attempts is exceeded, the system advances to the hint question stage. Fig. 3 demonstrates the login stage of the system.

C. Hash Computed
Multiple hash algorithms are used to produce the text hash. In the approach we propose, SHA512 is used to compute the hash of the selected points. The number of points awarded varies based on the degree of security. Our system has three security levels: 4x4, 5x5, and 6x6. After selecting the points, the system stores them in an array and computes SHA512 for each one. Next, the hash value is concatenated. The combined hash value is then stored in the database. Fig. 4 illustration depicts the hash creation process.

A. Application Used
The application is created using the programming language Kotlin and the integrated development environment Android Studio. The graphic demonstrates the process of the proposed application. As seen in Fig. (5, a), after being downloaded, the application asks the user for permission to use it. Then, all the installed programs will be shown. To protect them, a graphical password must first be set. Fig. (5, d) depicts the proposed application inviting the user to choose an image and security level, as illustrated in Fig. (5, c). The chosen image will then be divided into NxN blocks, and the user will be presented with the resulting points. In addition, the estimated time required to create the displayed points will be shown in Fig. (5, e). Choosing a hint question is the last step in choosing a graphic password. As seen in Fig. (5, f), the user is provided with a list from which to choose a particular hint question. As shown in Fig. (5, g), when a user returns and signs in, he or she must use the same points that were used during registration. The user is then able to choose programs and lock them so that they cannot be accessed without first entering a graphical password.

Figure 5: Application use steps
The calculation of the password space and the entropy in the proposed system depends on the dp (pixel density), which varies from one screen to another, as in Fig. 6, which shows the error when using a certain number of pixels and not depending on the pixel density to calculate the px for correctness area of the finger press on each screen within the specified area for each point using the following equation [20] to make the application suitable for use with all mobile devices: Where (dp = 16), px = pixel number, dpi = dots per inch. The login time is included in the proposed system's performance calculation. The results demonstrate that the suggested system outperforms all cited techniques. As seen in Fig. (7, a), the application login time achieved a 43% improvement over Ref [24] and an 85% improvement over Ref [25]. The suggested system exhibited better performance as compared to the Ref [25] when the password space was taken into consideration. As a result, the system is more secure as it takes longer to decipher the produced password, as illustrated in Fig. (7, b). The entropy of a system is a measurement of how random and disordered it is; a high entropy indicates a high level of disorder. As illustrated in Fig. (7, c), the proposed system outperforms Refs [24, 25] by 76% and 72%, respectively. In terms of the number of click points, the application that was developed offers up to ten available click points that can be chosen during the process of selecting a password.
On the other hand, both of the references only permit six points, which is significantly less efficient than our system.

VI. CONCLUSION
In this paper, an efficient authentication algorithm is proposed. The implementation is done in an effective Android application. The authentication methods have been proposed based on histogram image processing and click-point graphical passwords. A histogram has been applied based on the texture of the image. In addition, a series of equations and operations were used, starting with dividing images and applying histogram equations to find points and encrypting them. Testing of several images has been done to provide the string values of password space, entropy, and time. Three cases have been implemented and compared with different scenarios, each with a different block size. Based on the results of the three cases, Case 1 with 4 × 4 blocks, Case2 with 5 × 5 blocks, and Case3 with 6 × 6 blocks. Case2 provides the best result compared with the other cases. the most accurate point location is due to the method of distributing points and the number of blocks in this case. The results show an improved performance of the cued click points technique in the Android application. A proposed system improves flexibility and efficiency. The user's password is quickly remembered. It is more resistant to hacking than other passwords and works better for memorization points than manual click-point passwords. In addition, we can see through the given results the significant difference in the values of password space, time, and entropy, and that's considering an improvement in the graphical password system to be safer to use by the user. According to our observation, the two significant challenges for researchers are the security and usability of graphical passwords. In Future work, texture features will be used in a new model to get a large key space size.