CS 5490/6490 Network Security
Final Project | Fall 2015
Music Based Authentication
This project is based on the idea that musical phrases can be effective passwords and easier to remember than standard typed passwords. See Final Report below in the Appendix. This is our implementation.
This was written in
Python using the
pygame lib. Our program consists of 3 parts,
MBClient, and an interface that takes inputs from a midi keyboard or computer keyboard, and translates it into a string format. The client and the server do a TLS handshake, using Ephemeral Diffie Helman. Once session keys are established, the password is encrypted and passed from the client to the server. The server stores a hashed and salted version of the password, and compares the two to ensure that the password is correct. Client is notified if their password was correct. See appendix, figure 1.
This provides perfect forward secrecy, protection from an eavesdropper, server break-in, offline-dictionary attacks and a person in the middle.
How to run
- This was written in Python 2.7
- Install the following modules
- pygame (found here http://www.pygame.org/download.shtml)
- bcrypt (I used ‘pip’ which is python’s package control: ‘pip install bcrypt’)
- Run the server
- Run the client
- Click the start to begin input of password
- Click the done to send the password
- See the video run-through