CS 5490/6490 Network Security

Final Project | Fall 2015

Music Based Authentication


This project is based on the idea that musical phrases can be effective passwords and easier to remember than standard typed passwords. See Final Report below in the Appendix. This is our implementation.

This was written in Python using the pygame lib. Our program consists of 3 parts, MBAuthServer, MBClient, and an interface that takes inputs from a midi keyboard or computer keyboard, and translates it into a string format. The client and the server do a TLS handshake, using Ephemeral Diffie Helman. Once session keys are established, the password is encrypted and passed from the client to the server. The server stores a hashed and salted version of the password, and compares the two to ensure that the password is correct. Client is notified if their password was correct. See appendix, figure 1.

This provides perfect forward secrecy, protection from an eavesdropper, server break-in, offline-dictionary attacks and a person in the middle.

How to run

  • This was written in Python 2.7
  • Install the following modules
    1. pygame (found here
    2. bcrypt (I used ‘pip’ which is python’s package control: ‘pip install bcrypt’)
  • Run the server
  • Run the client
  • Click the start to begin input of password
  • Click the done to send the password
  • See the video run-through


Christopher Johnson
Terry Kingston
Michael Anderson
Daryl Bennett


Final Report

Final Report Document

Figure 1

Keyboard Interface.png

Figure 2

revised api complete.png