Security Enhancement Using SCTP against Password Stealing in Multi-Homed Networks P.Venkadesh, S.V.Rajalakshmi, S.V.Divya
|
|
- Cory Allen
- 5 years ago
- Views:
Transcription
1 Security Enhancement Using SCTP against Password Stealing in Multi-Homed Networks P.Venkadesh, S.V.Rajalakshmi, S.V.Divya Abstract SCTP is a young transport layer protocol. It is designed for transferring public switched telephone network signaling over IP networks. SCTP provide improved security mechanism in addition with DTLS. Password stealing attack is the major problem in the web environment. Passwords are stolen by attackers using several methods. An attacker uses this stolen to log into the authenticated users websites. In this paper security against stealing is provided using SCTP in multi-homed networks. Registration, login and recovery are the three processes required for securing the. The registration phase is the initial phase and mandatory. The user s information s are gathered along with the long-term and stored into the server database. Mail address is given as additional input in registration phase. Login process helps the authenticated users to log into the particular website. The recovery process is the final process. It is not mandatory. It is used only in case of either the user wants to change his mobile number or his mobile phone is lost. The mail address is used only during the recovery process. In addition to SCTP a new protocol named opass is also used for processing. Secret exchange mechanism is used to securely transfer the long-term. Index Terms stream control transmission protocol (SCTP), one-time (opass), Datagram transport layer security (DTLS). I. INTRODUCTION Password stealing attack leads to major problems in web environment. Password stealing can be done in several ways they are loggers, phishing attack etc., basically are encrypted using hashed function and stored into the database. Eavesdroppers easily identify and decrypt those hashed. Reusing also leads to many problems. Once the is stolen by eavesdroppers they can make use of it to access several login sites that already used by the authenticated users. There are several methods such as loggers, malware, phishing attack [9], dictionary attack [14], guessing attack etc., which are used for stealing the [1].It is difficult for the users to remember tough so most probably the user choose weak. Some users chooses which relates their date of birth, nick names, user name etc., this becomes easier for the attackers to find the. Reusing a single for several website also leads to many problems. Nowadays hiding as they are typed is the common practice. Hiding the as they are typed is the process to avoid bystanders reading the. The rate at which an attacker can submit the guessed s to the system is the factor in determining system security. Some system uses time out process after a small number of failed entry attempts. Such systems can be effectively secure with relatively simple s, if they have been well chosen and not easily guessed. II. SCTP SCTP is the new transport layer protocol. SCTP supports wireless transmission process [2].compared to other protocols such as TCP, UDP etc., SCTP has additional features such as multi-homing and multi-streaming [2].SCTP places information in chunk. Original message is placed in the data chunk and other information is placed into the control chunk [4]. The differentiation between the chunks is identified using the chunk header. A. Multi-Homing SCTP has additional features such as multi-homing and multi-streaming [4]. In this paper we use multi-homing technique. Consider a message is to be transmitted between two nodes in multi-homed networks i.e., node A wants to transmit message to node B, the message is passed through transport layer, IP layer, access point of node A to the transport layer, IP layer, access point of node B. IP Point A Transport AP IP AP Point B Transport AP1 INTERNE Fig.1. Multi-Homing IP layer consist of several access point. Messages are passed through these access points. If transmission fails retransmission is done via another access point [4]. If any one of the access point continuously fails in transmitting message then that access point is considered to be the failed one and not used further. Point A and Point B has several access point which is helpful to transmitte multiple messages at a time. III. SECRET KEY EXCHANGE MECHANISM Secret exchange mechanism [15] is used to transfer information securely between the two end points. There are several secret exchange scheme they are simple IP AP2 AP3 66
2 exponent exchange scheme (SPEKE), Elliptical curve exponent exchange scheme (ECEKE) etc., In this paper the long-term is encrypted using secret exponent exchange scheme (DHEKE). It uses five values such as G, S, P, and R1and R2 where G stands for great prime number S stands for sequence number, P stands for small prime number R1and R2 is a value not shared through any network. G, S R 1 Q1 P K1 = K1%P K0=K1 IV. IMPLEMENTATION PROCESS This paper uses an existing protocol named opass [1] in addition to SCTP protocol. The implementation process requires a mobile phone, short message service, internet connection, mail service and un-trusted browsers. It includes three process such as registration process, login process and recovery process. A. Registration process In this phase the user must open the mobile in his cell phone and select new registration. Now the registration process begins. During the registration process the user is requested to give information s such as secret question, user name and long term. Q1=Enc (Q1) Q1=Dec (Q1) R2 Open mobile G, s P Select new registration Q2=Dec (Q2) Q2 Q2=Enc (Q2) Registration process with -id Secret exponent exchange QR QR Long term passwor d encrypti Key k0 generation Key k1 generation Multipath data sending Server database Registration success User side Server Fig.2. Secret Exponent Key Exchange Scheme The above specified values are used to generate Q1 and Q2 Q1=Enc (G+S+R1%P) (1) Encryption of Q1 is done using a fixed. After encryption Q1 is send to the receiver end. Receiver decrypts Q1 with the same fixed. Q2 is generated using G, S, P and R2. Q2= Enc (G+S+R2%P) (2) This Q2 value is send back to the sender and decrypted using the same fixed. The intermediate of sender and receiver is generated as follows. Intermediate of sender =QR%P K0= K0%P Intermediate of sender =QR%P side Fig.3. Registration Process In this paper along with that information address is given as additional information. The long-term is encrypted using secret exponent exchange scheme. This encrypted is divided into several pieces and sends through multiple paths of multi-homed networks [4]. The registration process is successful only if this information reaches the server database. If registration fails the message is retransmitted. Registering information is an initial process. Only after registration phase the user can enter into the login phase. All the required information s are given as input and stored into the server database. Encrypting the log-term is the one among process of the registration phase. The encrypted data is send to the server database via multiple paths. Registration success notification comes to the user s cell phone only if the information s are properly stored into the database. 67
3 B. Login process ISSN: In this phase open the particular website and enter user name within Internet browser. The user name is matched with the name present in the server database. Enter userna me with browse r Server database Decryption process Recovery phase is not mandatory. It is used only if it is required by the users, with the help of recovery process it becomes easier for the users to regain the service in case of forgetting the mobile phone number or in case of losing their cell phone. Recovery can be done in two conditions they are forgetting the long-term and if the user changes his mobile number. Recovery process Longterm with mobile User name matchin g process Login failed Loggin g failed Sending onetime to user mobile Matchin g process Onetime Generation In case of forgetting Open mobile Select forget In case of changed mobile number Open mobile Select mobile number changed Secret exponent exchange scheme Encryp tion process Enter one-ti me passw ord with interne t brows Onetime matching Login success Fill out form and submit Server database Matching process Fill out form and submit Server database Matching process Multi path sendin g Login failed Fig.4. Login Process If particular match is found then the user is requested for typing long-term in their mobile. If username does not matches with the name s present in the server database login fails. In case of login success the user types long-term in his mobile phone. This long-term s is encrypted using DHEKE scheme and send via multiple path using multi-homing technique to server database. Server decrypts the information and matches it with the database information. If correct match is found then one-time s [13] is generated and send to users mobile phone. The login process fails if the long term does not match the database information. User now types the onetime in the browser. If this one time matches the server generated one-time then login process is successful. Login fails if a user one-time does not match the server generated one-time. Logging into the corresponding website is the process next to the registration phase. Recovery Process Send new to Recovery success Fig.5.Recovery process In case of forgetting the long-term the first step is to open the mobile and select forget. Fill out the form and submit it. After submission the information reaches the server and matching process is done. If the information matches new one-time is send to . In other case that is changing mobile number the user must initially open the mobile and select mobile number change option. Fill out the form and submit it. The information is send to the server database and matching process is done. If the information matches then the old phone number is replaced by new one and the recovery process is successful. Recovery can be done in two conditions they are forgetting the long-term and if the user changes his mobile number. In case of forgetting the long-term the first step is to open the mobile and select forget. Fill out the form and submit it. After submission the information reaches the server and matching process is done. If the information matches new one-time is send to . In other case that is changing mobile number the user must initially open the mobile and select mobile number change option. Fill out the form and submit it. The information is send to the server database and matching 68
4 process is done. If the information matches then the old phone number is replaced by new one and the recovery process is successful. V. PERFORMANCE ANALYSIS The analysis is conducted in order to identify the effectiveness of SCTPOpass.20 persons are selected and asked to work on the and the time required to send the SMS during the registration and login phase is noted. Table I Performance Analysis Of Registration Process REGISTRATION PROCESS SMS DELAY TOTAL OPASS Fig.8. SMS delay of login process SCTPOPASS Table II.Performance Analysis Of Login Process LOGIN PROCESS SMS DELAY TOTAL OPASS SCTPOPASS Fig.6. SMS Delay Of Registration Process Fig.9.Total Time of Login Process Based on the speed of typing and sending SMS the time varies. The person who types faster registers and login into the website first compared to others. The average time calculated for the SMS delay in registration phase is 8.3second which is less compared to the previous OPass method. As the encrypted long-term are splitted into several pieces and send via multiple paths so the data travels little bit faster. Similarly the average time calculated for SMS delay in login phase is 8.2seconds.In both the case the SMS delay time of SCTPOpass is less compared to previous OPass is less compared to previous OPass phases. The SMS delay, total time of OPass and SCTPOpass is compared and represented in the graphical format.fig.5 and Fig.6 denotes the comparison chart of registration process and where as Fig.7 and Fig.8 denotes the comparison chart of login process. Table I, II represents the values noted during the analysis process of registration and login phase.fig.9. represents the web security. OPass contains 2level security process they are SMS and ordinary encryption process where as SCTPOpass contains 4level security. It includes sms service, , encryption and Key sharing process. Fig.7.Total Time Of Registration Process 69
5 Fig.10.Security Level Indication. V. CONCLUSION In our proposed system named SCTPOPass protocol uses the cell phone, computer browser and service to avoid the stealing and reuse attacks. A unique phone number is assigned with the website for entry process. The registration, login and recovery phases are included in this work. In this SCTPOpass the long-term is the only thing they must remember for logging to website. In this paper the average time spend on registration and login is very less. The login success rate is over 91% except for a few typing errors. Finally it is concluded that the SCTPOpass is more secure than the original login system. REFERENCES [1] Hung-Min Sun, Yao-Hsin Chen, and Yue-Hsun Lin (2012), opass: A User Authentication Protocol Resistant to Password Stealing and Password Reuse Attacks, IEEE Transactions on Information Forensics and Security, Vol. 7, No. 2, pp [2] Assad Moini and Azad M. Madni, Fellow (2009), Leveraging Biometrics for User Authentication in Online Learning: A Systems Perspective, IEEE SYSTEMS JOURNAL, VOL. 3, NO. 4, pp [3] P.Venkadesh, Julia Punitha Malar Dhas, S.V.Divya A Simplified Method to Enhance Security of Data Transmission in SCTP Using Hidden Digital Signature Jan 2013, PP [4] Thomas Dreibholz and Erwin P.Rathgeb (2011). Stream control Transmission Protocol:Past, Current, and Future Standardization Activities, IEEE COMMUNICATION MAGAZINE. [5] J. Thorpe and P. van Oorschot, Towards secure design choices for implementing graphical s, presented at the 20th. Annu. Computer Security Applicat. Conf., [6] S. Wiedenbeck, J. Waters, J.-C. Birget, A. Brodskiy, and N. Memon, Passpoints: Design and longitudinal evaluation of a graphical system, Int. J. Human-Computer Studies, vol. 63, no. 1 2, pp , [7] S. Wiedenbeck, J. Waters, L. Sobrado, and J.-C. Birget, Design and evaluation of a shoulder-surfing resistant graphical scheme, in AVI 06: Proc. Working Conf. Advanced Visual Interfaces, NewYork, 2006, pp , ACM. [8] J. A. Halderman, B. Waters, and E. W. Felten, A convenient methodfor securely managing s, in WWW 05: Proc. 14th Int. Conf.World Wide Web, New York, 2005, pp , ACM. [9] K.-P. Yee and K. Sitaker, Passpet: Convenient managementand phishing protection, in SOUPS 06: Proc. 2nd Symp. Usable PrivacySecurity, New York, 2006, pp , ACM. [10] S. Chiasson, R. Biddle, and P. C. van Oorschot, A second look at theusability of click-based graphical s, in SOUPS 07: Proc. 3rdSymp. Usable Privacy Security, New York, 2007, pp. 1 12, ACM. [11] J. Thorpe and P. C. van Oorschot, Graphical dictionaries and the memorable space of graphical s, in SSYM 04: Proc. 13th Conf.USENIX Security Symp., Berkeley, CA, 2004, pp , USENIX Association. [12] J. Thorpe and P. C. van Oorschot, Human-seeded attacks and exploiting hot-spots in graphical s, in SS 07: Proc. 16thUSENIX Security Symp. USENIX Security, Berkeley, CA, 2007, pp.1 16, USENIX Association. [13] Kristin S.Fuglerud, Øystein Dale (2011) Secure and Inclusive Authentication with a Talking Mobile One-Time- client IEEE security & privacy selected CS articles and columns are also available for free at http;//computingnow.computer.org. [14] Taekyoung Kwon, Young-Ho park and Hee Jungn Lee(2005), Security Analysis and Improvement of the Efficient Password_based Authentication Protocol IEE communications letters, vol. 9,no.1 [15] Junghyun Nam, Juryon Paik, Ung Mo Kim, and Dongho Won (2008) Security Enhancement to a -Authenticated Group Key Exchange Protocol for Mobile Ad-hoc Networks IEE communications Letters, vol.12, no.2. [16] S.M.Furnell, P.S.Dowland, H.M.Illingworth (2000), and P.l.Reynolds, Authentication and Supervision:A Survey of user attitudes, comput.security,vol.19, no.6,pp AUTHOR S PROFILE P. Venkadesh was born in Nagercoil, TamilNadu, India in 1980.He studied Computer Science & Engineering at C.S.I Institute of Technology, Thovalai,TamilNadu,India.He received Bachelor degree from M.S University, Tirunelveli,in 2001.He received his Master degree from Sathyabama University, Chennai, TamilNadu, India in 2007.Currently, he is working as an Assistant Professor in the Department of Computer Science & Engineering at Noorul Islam Centre for Higher Education, Noorul Islam University, Kumaracoil, TamilNadu,India. He is pursuing his research in the area of Network Security under the supervision of Dr. Julia Punitha Malar Dhas. He had presented a no.of.papers in National Conference and International Conference and his research area includes Network Security, Wireless Communications and Cloud Computing. S.V.Rajalakshmi was born in Nagercoil, TamilNadu India in 1987.She Studied Bachelor 70
6 of computer at Vivekananda College, Agasteeswaram, and TamilNadu, India. She received her Bachelor degree from M.S University, Thirunelveli in 2008; she also received her master degree in Computer from PSN College of engineering affiliated to Anna University during the year 2011 and currently doing ME computer science in Noorul Islam University, kumaracoil, India. She had presented no of papers in National and International Conference and her research area includes Network Security and Wireless networks. S.V.Divya was born in Nagercoil, TamilNadu, and India in 1983.She Studied Information Technology at Jeyamatha Engineering College, Aralvoimozhi, TamilNadu, India. She received Bachelor degree from Anna University, Chennai in 2005 and Master degree from Mepco Schlenk Engineering College, Sivakasi, and TamilNadu, India in Currently, she is working as a Assistant Professor in the Department of Information Technology at Noorul Islam Centre for Higher Education, Noorul Islam University, Kumaracoil, TamilNadu, India. Her research area includes Cloud computing, Wireless Communications and Data Mining. 71
User Authentication Protocol
opass: A User Authentication Protocol Sao Vikram B., Gore Vishwanath P., Sankhe Bhakti A., Rananaware Rahul C., ABSTRACT Password security is significant for user authentication on small networking system
More informationImproved Password Authentication System against Password attacks for web Applications
Improved Password Authentication System against Password attacks for web Applications Vaishnavi Yalamanchili, Department of Computer Science & Engineering, Gudlavalleru Engineering College, Gudlavalleru,
More informationDefenses against Large Scale Online Password Guessing by Using Persuasive Cued Click Points
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 2, Issue. 4, April 2013,
More informationISSN: (Online) Volume 2, Issue 2, February 2014 International Journal of Advance Research in Computer Science and Management Studies
ISSN: 2321-7782 (Online) Volume 2, Issue 2, February 2014 International Journal of Advance Research in Computer Science and Management Studies Research Article / Paper / Case Study Available online at:
More informationSECURED PASSWORD MANAGEMENT TECHNIQUE USING ONE-TIME PASSWORD PROTOCOL IN SMARTPHONE
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 3, Issue. 3, March 2014,
More informationAuthentication schemes for session password using color and special characters
Authentication schemes for session password using color and special characters Rohit Jagtap1, a, Vaibhav Ahirrao2,b Vinayak Kadam3,c Nilesh Aher4 1.Department of Computer Engineering, 2 Department of Computer
More informationKNOWLEDGE BASED AUTHENTICATION MECHANISM FOR SECURED DATA TRANSFER
KNOWLEDGE BASED AUTHENTICATION MECHANISM FOR SECURED DATA TRANSFER R.T.Narmadha1, R.T.Nivetha2, M.Roobia Fathima 2, P.Vijayalakshmi 2 1 Department of Information Technology, Info Institute of Engineering,
More informationEnhancing Performance of User Authentication Protocol with Resist to Password Reuse Attacks
Enhancing Performance of User Authentication Protocol with Resist to Password Reuse Attacks 1, Ms. R.R.Karthiga, 2, Mr.K.Aravindhan, 1, Final year, M.E/CSE, SNS College of Engineering 2, Asst Professor/CSE,
More informationCued Click Point Technique for Graphical Password Authentication
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 3, Issue. 1, January 2014,
More informationGraphical Password to Increase the Capacity of Alphanumeric Password
Graphical Password to Increase the Capacity of Alphanumeric Password Gaddam Ramu Computer Science & Engineering. S.R.Engineering College, Warangal, Telangana, India. Goje Roopa(Asst.Prof) Computer Science
More informationMultiple Type Passwords to Overcome Online Guessing Attacks
Multiple Type Passwords to Overcome Online Guessing Attacks R. Manoj Kumar, M. Ragulvignesh, N. Sunil, M. Anu PG Scholar, Assistant Professor, PG Scholar, PG Scholar PPG IT, PPG IT, PPG IT, PPG IT ABSTRACT---
More informationAddress for Correspondence 1 Associate Professor department o f Computer Engineering BVUCOE, Pune
Research Article THREE DIMENSIONAL VIRTUAL ENVIRONMENT FOR SECURED AND RELIABLE AUTHENTICATION 1 Gauri Rao, 2 Dr. S.H. Patil Address for Correspondence 1 Associate Professor department o f Computer Engineering
More informationGraphical User Authentication System An Overview P. Baby Maruthi 1, Dr. K. Sandhya Rani 2
Graphical User Authentication System An Overview P. Baby Maruthi 1, Dr. K. Sandhya Rani 2 1 Research Scholar: Dept of Computer Science S.P.M.V.V, Tirupati, Andhra Pradesh, India mail2maruthi03@gmail.com
More informationDESIGN, IMPLEMENTATION AND EVALUATION OF A KNOWLEDGE BASED AUTHENTICATION SCHEME UPON COMPELLING PLAIT CLICKS
http:// DESIGN, IMPLEMENTATION AND EVALUATION OF A KNOWLEDGE BASED AUTHENTICATION SCHEME UPON COMPELLING PLAIT CLICKS Chalichima Harshitha 1, Devika Rani 2 1 Pursuing M.tech (CSE), 2 Assistant professor
More informationAuthentication Using Grid-Based Authentication Scheme and Graphical Password
Authentication Using Grid-Based Authentication Scheme and Graphical Password Vijayshri D. Vaidya 1 Department of Computer engineering SND COE & RC Yeola, India Imaran R. Shaikh 2 Department of Computer
More informationComparison of ZKP based Authentication Mechanisms for securing the web server
Comparison of ZKP based Authentication Mechanisms for securing the web server Kayathri Devi D #1, Akilan S S *2 # Department of Information technology, Kamaraj College of Engineering and technology Virudhunagar,
More informationMULTI-FACTOR AUTHENTICATION USING GRAPHICAL PASSWORDS THROUGH HANDHELD DEVICE
MULTI-FACTOR AUTHENTICATION USING GRAPHICAL PASSWORDS THROUGH HANDHELD DEVICE P.Shyam Sunder 1, Ballikonda Sai Chaitanya 2, D.Vijay Kumar 3, P.Satya Shekar Varma 4 1,2,4 Department of Computer Science
More informationSecure Token Based Storage System to Preserve the Sensitive Data Using Proxy Re-Encryption Technique
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 3, Issue. 2, February 2014,
More informationGraphical User Authentication Using Random Codes
Graphical User Authentication Using Random Codes Mr.D.S.Gawande 1, Manisha P. Thote 2, Madhavi M. Jangam 3, Payal P. Khonde 4, Payal R. Katre 5, Rohini V. Tiwade 6 1Assistant Professor, Computer Science
More informationCARP-A NEW SECURITY PRIMITIVE BASED ON HARD AI PROBLEMS
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 4, Issue. 6, June 2015, pg.12
More informationDivide and Conquer Approach for Solving Security and Usability Conflict in User Authentication
Divide and Conquer Approach for Solving Security and Usability Conflict in User Authentication Shah Zaman Nizamani Waqas Ali Sahito Shafique Awan Department of IT Department of IT Department of Computer
More informationA Secure Graphical Password Authentication System
International Journal of Computational Intelligence Research ISSN 0973-1873 Volume 12, Number 2 (2016), pp. 197-201 Research India Publications http://www.ripublication.com A Secure Graphical Password
More informationInternational Journal of Advanced Research in Computer Science and Software Engineering
Volume 3, Issue 8, August 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com An Enhanced Authentication
More informationCaptcha as Textual Passwords with Click Points to Protect Information
Captcha as Textual Passwords with Click Points to Protect Information Sandeep Kumar Vengala Computer Science & Engineering. S.R.Engineering College, Warangal, Telangana, India. Goje Roopa(Asst.Prof) Computer
More informationUsable Privacy and Security, Fall 2011 Nov. 10, 2011
Usable Privacy and Security, Fall 2011 Nov. 10, 2011 YoungSeok Yoon (youngseok@cs.cmu.edu) Institute for Software Research School of Computer Science Carnegie Mellon University picture/photo based vs.
More informationA Smart Card Based Authentication Protocol for Strong Passwords
A Smart Card Based Authentication Protocol for Strong Passwords Chin-Chen Chang 1,2 and Hao-Chuan Tsai 2 1 Department of Computer Science and Information Engineering, Feng Chia University, Taichung, Taiwan,
More informationA Secure Routing Protocol for Wireless Adhoc Network Creation
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 3, Issue. 6, June 2014, pg.88
More informationSecuring Web Accounts Using Graphical Password Authentication through MD5 Algorithm
Securing Web Accounts Using Graphical Password Authentication through MD5 Algorithm Siddheshwar A. Suratkar Rahul A. Udgirkar Pratik D. Kale Amit A. Shelke Mohsin H. Shaikh Prof. D. C. Dhanwani Prof. CSE,
More information3LAS (Three Level Authentication Scheme)
3LAS (Three Level Authentication Scheme) Kunal Mulwani 1, Saurabh Naik 2, Navinkumar Gurnani 3, Dr. Nupur Giri 4, Prof. Sharmila Sengupta 5 1, 2,3,4,5 Vivekanand Education Society's Institute of Technology,
More informationDesign & Implementation of Online Security Using Graphical Password Systems Using Captcha Technique
Design & Implementation of Online Security Using Graphical Password Systems Using Captcha Technique ABSTRACT: Many security primitives are based on hard mathematical problems. Using hard AI problems for
More informationAdvanced Spam Detection Methodology by the Neural Network Classifier
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 3, Issue. 2, February 2014,
More informationFORTIFICATION AGAINST PASSWORD GUESSING ATTACKS IN ONLINE SYSTEM
FORTIFICATION AGAINST PASSWORD GUESSING ATTACKS IN ONLINE SYSTEM V Anusha 1, T Lakshmi Priya 2 1 M.Tech Scholar (CSE), Nalanda Institute of Tech. (NIT), Siddharth Nagar, Guntur, A.P, (India) 2 Assistant
More informationChoCD: Usable and Secure Graphical Password Authentication Scheme
Indian Journal of Science and Technology, Vol 10(4), DOI: 10.17485/ijst/2017/v10i4/110885, January 2017 ISSN (Print) : 0974-6846 ISSN (Online) : 0974-5645 ChoCD: Usable and Secure Graphical Password Authentication
More informationKNOWLEDGE BASED AUTHENTICATION SYSTEM DESIGN BASED ON PERSUASIVE CUED CLICK POINTS
http:// KNOWLEDGE BASED AUTHENTICATION SYSTEM DESIGN BASED ON PERSUASIVE CUED CLICK POINTS G Anil Kumar 1, K Devika Rani 2 1 Pursuing M.tech (CSE), 2 Assistant professor (CSE), Nalanda Institute of Engineering
More informationA weakness in Sun-Chen-Hwang s three-party key agreement protocols using passwords
A weakness in Sun-Chen-Hwang s three-party key agreement protocols using passwords Junghyun Nam Seungjoo Kim Dongho Won School of Information and Communication Engineering Sungkyunkwan University 300 Cheoncheon-dong
More informationNovel Shoulder-Surfing Resistant Authentication Schemes using Text-Graphical Passwords
Institute of Advanced Engineering and Science International Journal of Information & Network Security (IJINS) Vol.1, No.3, August 2012, pp. 163~170 ISSN: 2089-3299 163 Novel Shoulder-Surfing Resistant
More informationPassword. authentication through passwords
Password authentication through passwords Human beings Short keys; possibly used to generate longer keys Dictionary attack: adversary tries more common keys (easy with a large set of users) Trojan horse
More informationRecall Based Authentication System- An Overview
Recall Based Authentication System- An Overview P. Baby Maruthi 1, Dr. K. Sandhya Rani 2 1 Research Scholar: Dept of Computer Science S.P.M.V.V, Tirupati, Andhra Pradesh, India 2 Professor: Dept of Computer
More informationISSN: ISO 9001:2008 Certified International Journal of Engineering and Innovative Technology (IJEIT) Volume 3, Issue 10, April 2014
Two Way User Authentication Using Biometric Based Scheme for Wireless Sensor Networks Srikanth S P (Assistant professor, CSE Department, MVJCE, Bangalore) Deepika S Haliyal (PG Student, CSE Department,
More informationM.Ashwini 1,K.C.Sreedhar 2
Improved Persuasive Cued Click Points For Knowledge-Based Authentication M.Ashwini 1,K.C.Sreedhar 2 1 M.Tech Student, Dept of CSE, QIS College of Engineering & technology, Ongole, Prakasam Dist, A.P, India
More informationA New Hybrid Graphical User Authentication Technique based on Drag and Drop Method
A New Hybrid Graphical User Authentication Technique based on Drag and Drop Method Salim Istyaq, Khalid Saifullah Assistant Professor, Dept. of Computer Engineering, EES, University Polytechnic, Faculty
More informationA compact Aggregate key Cryptosystem for Data Sharing in Cloud Storage systems.
A compact Aggregate key Cryptosystem for Data Sharing in Cloud Storage systems. G Swetha M.Tech Student Dr.N.Chandra Sekhar Reddy Professor & HoD U V N Rajesh Assistant Professor Abstract Cryptography
More informationSurvey on Various Techniques of User Authentication and Graphical Password
Survey on Various Techniques of User Authentication and Graphical Password Miss. Saraswati B. Sahu #1, Associate Prof. Angad Singh *2 1(M. Tech Scholar, Dept. of Information Technology, NIIST, Bhopal,
More informationMinimizing Shoulder Surfing Attack using Text and Color Based Graphical Password Scheme
Minimizing Shoulder Surfing Attack using Text and Color Based Graphical Password Scheme 1 Prof. S. K. Sonkar, 2 Prof. R. L. Paikrao Computer Engineering Dept. Amrutvahini College of engineering Sangamner,
More informationA Novel Approach for Software Implementation of Graphical Authentication Methodology
A Novel Approach for Software Implementation of Graphical Authentication Methodology Murtaza Alamshah School Of Information Technology Vellore Institute of Technology Vellore, India murtazaalamshah@gmail.com
More informationImplementation of Knowledge Based Authentication System Using Persuasive Cued Click Points
IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661, p- ISSN: 2278-8727Volume 12, Issue 2 (May. - Jun. 2013), PP 39-46 Implementation of Knowledge Based Authentication System Using Persuasive
More informationImplementing a Secure Authentication System
Implementing a Secure Authentication System BRUNO CARPENTIERI Dipartimento di Informatica Università di Salerno Via Giovanni Paolo II ITALY bc@dia.unisa.it Abstract: One of the most used techniques for
More informationInternational Journal of Emerging Technology in Computer Science & Electronics (IJETCSE) ISSN: Volume 14 Issue 2 APRIL 2015
Persuasive Cued Click Point Authentication Mechanism with Sound Signature MOUNESHWAR KANAMADI 1,AMIT SAWANT 2,JAMDADE MARUTI 3,4 MEGHARANI BAMBUGADE, 5 ROKADE KOMAL 1 Department of CSE, Ashokrao Mane Group
More informationAES and DES Using Secure and Dynamic Data Storage in Cloud
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 3, Issue. 1, January 2014,
More informationStrong Password Protocols
Strong Password Protocols Strong Password Protocols Password authentication over a network Transmit password in the clear. Open to password sniffing. Open to impersonation of server. Do Diffie-Hellman
More informationMODULE NO.28: Password Cracking
SUBJECT Paper No. and Title Module No. and Title Module Tag PAPER No. 16: Digital Forensics MODULE No. 28: Password Cracking FSC_P16_M28 TABLE OF CONTENTS 1. Learning Outcomes 2. Introduction 3. Nature
More informationMIBA: Multitouch Image-Based Authentication on Smartphones
MIBA: Multitouch Image-Based Authentication on Smartphones Daniel Ritter daniel.ritter@uni-ulm.de Florian Schaub florian.schaub@uni-ulm.de Marcel Walch marcel.walch@uni-ulm.de Michael Weber michael.weber@uni-ulm.de
More informationComputer Security 4/12/19
Authentication Computer Security 09. Authentication Identification: who are you? Authentication: prove it Authorization: you can do it Paul Krzyzanowski Protocols such as Kerberos combine all three Rutgers
More informationDEFENSE AGAINST PASSWORD GUESSING ATTACK IN SMART CARD
DEFENSE AGAINST PASSWORD GUESSING ATTACK IN SMART CARD A. Shakeela Joy., Assistant Professor in Computer Science Department Loyola Institute of Technology of Science Dr. R. Ravi., Professor & Research
More informationSHOULDER SURFING RESISTANT GRAPHICAL PASSWORD
SHOULDER SURFING RESISTANT GRAPHICAL PASSWORD Kruthi K 1, Kumuda B G 2, Nandhini N V 3, Mrs. R.Anitha 4 (Associate Professor) 1, 2, 3, 4 Department of Computer Science and Engineering, The National Institute
More informationAuthentication Technology for a Smart eid Infrastructure.
Authentication Technology for a Smart eid Infrastructure. www.aducid.com One app to access all public and private sector online services. One registration allows users to access all their online accounts
More informationImage Password Based Authentication in an Android System
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology ISSN 2320 088X IMPACT FACTOR: 5.258 IJCSMC,
More informationA Two-Fold Authentication Mechanism for Network Security
Asian Journal of Engineering and Applied Technology ISSN 2249-068X Vol. 7 No. 2, 2018, pp. 86-90 The Research Publication, www.trp.org.in A Two-Fold for Network Security D. Selvamani 1 and V Selvi 2 1
More informationAn efficient and practical solution to secure password-authenticated scheme using smart card
An efficient and practical solution to secure password-authenticated scheme using smart card R. Deepa 1, R. Prabhu M.Tech 2, PG Research scholor 1, Head of the Department 2 Dept.of Information Technology,
More informationCARP: CAPTCHA as A Graphical Password Based Authentication Scheme
CARP: CAPTCHA as A Graphical Password Based Authentication Scheme Shraddha S. Banne 1, Prof. Kishor N. Shedge 2 Student, Dept. of Computer Engg, S.V.I.T, Chincholi, Sinnar, Nashik, India 1 Assistant Professor,
More informationA GRAPHICAL PASSWORD BASED AUTHENTICATION BASED SYSTEM FOR MOBILE DEVICES
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 3, Issue. 4, April 2014,
More informationII. LITERATURE SURVEY
Secure Transaction By Using Wireless Password with Shuffling Keypad Shweta Jamkavale 1, Ashwini Kute 2, Rupali Pawar 3, Komal Jamkavale 4,Prashant Jawalkar 5 UG students 1,2,3,4, Guide 5, Department Of
More informationEnhancing CAPTCHA based Image Authentication for ID and Password
ISSN (O): 2349-7084 International Journal of Computer Engineering In Research Trends Available online at: www.ijcert.org Enhancing CAPTCHA based Image Authentication for E-mail ID and Password 1MACHARLA
More informationNovel Security Method Using Captcha as Graphical Password
International Journal of Emerging Engineering Research and Technology Volume 3, Issue 2, February 2015, PP 18-24 ISSN 2349-4395 (Print) & ISSN 2349-4409 (Online) Novel Security Method Using Captcha as
More informationSecure Smart Card Based Remote User Authentication Scheme for Multi-server Environment
Secure Smart Card Based Remote User Authentication Scheme for Multi-server Environment Archana P.S, Athira Mohanan M-Tech Student [Cyber Security], Sree Narayana Gurukulam College of Engineering Ernakulam,
More informationTECHNIQUES FOR COMPONENT REUSABLE APPROACH
TECHNIQUES FOR COMPONENT REUSABLE APPROACH Sukanay.M 1, Biruntha.S 2, Dr.Karthik.S 3, Kalaikumaran.T 4 1 II year M.E SE, Department of Computer Science & Engineering (PG) sukanmukesh@gmail.com 2 II year
More informationA Text based Authentication Scheme for Improving Security of Textual Passwords
A Text based Authentication Scheme for Improving Security of Textual Passwords Shah Zaman Nizamani Department of Information Technology Quaid-e-Awam University of Engineering, Science & Technology, Pakistan
More informationENCRYPTED DATA MANAGEMENT WITH DEDUPLICATION IN CLOUD COMPUTING
ENCRYPTED DATA MANAGEMENT WITH DEDUPLICATION IN CLOUD COMPUTING S KEERTHI 1*, MADHAVA REDDY A 2* 1. II.M.Tech, Dept of CSE, AM Reddy Memorial College of Engineering & Technology, Petlurivaripalem. 2. Assoc.
More informationEfficient password authenticated key agreement using bilinear pairings
Mathematical and Computer Modelling ( ) www.elsevier.com/locate/mcm Efficient password authenticated key agreement using bilinear pairings Wen-Shenq Juang, Wei-Ken Nien Department of Information Management,
More informationCryptanalysis of Two Password-Authenticated Key Exchange. Protocols between Clients with Different Passwords
International Mathematical Forum, 2, 2007, no. 11, 525-532 Cryptanalysis of Two Password-Authenticated Key Exchange Protocols between Clients with Different Passwords Tianjie Cao and Yongping Zhang School
More informationSSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1
SSL/TLS & 3D Secure CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk CS470, A.A.Selçuk SSL/TLS & 3DSec 1 SSLv2 Brief History of SSL/TLS Released in 1995 with Netscape 1.1 Key generation algorithm
More informationMitigating Malicious Activities by Providing New Acknowledgment Approach
Mitigating Malicious Activities by Providing New Acknowledgment Approach G. S. Devi Lakshmi, J. Rajasekaran 2 PG Student, Sri Subramanya College of Engineering and Technology, Palani, Tamilnadu, India
More informationROBUST AND ANONYMOUS AUTHENTICATION OF DATA STORED IN CLOUDS WITH DECENTRALIZED ACCESS CONTROL
ROBUST AND ANONYMOUS AUTHENTICATION OF DATA STORED IN CLOUDS WITH DECENTRALIZED ACCESS CONTROL S.Vijaya Madhavi 1, G.Rama Subba Reddy 2 1 M.tech Scholar (CSE), 2 Headof Department (CSE), Vignana Bharathi
More informationOnline Version Only. Book made by this file is ILLEGAL. Design and Implementation of Binary File Similarity Evaluation System. 1.
, pp.1-10 http://dx.doi.org/10.14257/ijmue.2014.9.1.01 Design and Implementation of Binary File Similarity Evaluation System Sun-Jung Kim 2, Young Jun Yoo, Jungmin So 1, Jeong Gun Lee 1, Jin Kim 1 and
More informationInternational Journal of Pure and Applied Sciences and Technology
Int. J. Pure Appl. Sci. Technol., 1(2) (2010), pp. 60-66 International Journal of Pure and Applied Sciences and Technology ISSN 2229-6107 Available online at www.ijopaasat.in Research Paper Security Analysis
More informationA Hybrid Password Authentication Scheme Based on Shape and Text
JOURNAL OF COMPUTERS, VOL. 5, NO. 5, MAY 2010 765 A Hybrid Password Authentication Scheme Based on Shape and Text Ziran Zheng School of Management & Economics Shandong Normal University, Jinan, China Email:
More informationEnhancing Reliability and Scalability in Dynamic Group System Using Three Level Security Mechanisms
Enhancing Reliability and Scalability in Dynamic Group System Using Three Level Security Mechanisms A.Sarika*1, Smt.J.Raghaveni*2 M.Tech Student, Dept of CSE, S.R.K.R Engineering college, Bhimavaram, AP,
More informationSecurity in Voip Network Using Neural Network and Encryption Techniques
2011 International Conference on Information and Network Technology IPCSIT vol.4 (2011) (2011) IACSIT Press, Singapore Security in Voip Network Using Neural Network and Encryption Techniques Ashwini Galande
More informationSHOULDER SURFING ATTACK PREVENTION USING COLOR PASS METHOD
SHOULDER SURFING ATTACK PREVENTION USING COLOR PASS METHOD Bagade Om, Sonawane Anuja, Patil Akash, Patil Yogita, Maurya Jagruti Department of Computer Engineering Shram sadhana trust s college of engineering
More informationA BIOMETRIC FUSION OF HAND AND FINGER VEIN APPROACH FOR AN EFFICIENT PERSONAL AUTHENTICATION IN HEALTH CARE
A BIOMETRIC FUSION OF HAND AND FINGER VEIN APPROACH FOR AN EFFICIENT PERSONAL AUTHENTICATION IN HEALTH CARE N S Priya 1, A Lenin Fred 2 1 Assistant Professor, Department of Computer Science and Engineering,
More informationTrouble Shooting Guide Universal Jobmatch
Trouble Shooting Guide Universal Jobmatch Section 1 Problems Logging In with your password and user ID 1. You have three attempts to login to universal Jobmatch, the first two you will receive a message
More informationKeywords security model, online banking, authentication, biometric, variable tokens
Volume 4, Issue 11, November 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Authentication
More informationISSN: (Online) Volume 2, Issue 10, October 2014 International Journal of Advance Research in Computer Science and Management Studies
ISSN: 2321-7782 (Online) Volume 2, Issue 10, October 2014 International Journal of Advance Research in Computer Science and Management Studies Research Article / Survey Paper / Case Study Available online
More informationCaptcha as Graphical Password- Based AI Problems
Captcha as Graphical Password- Based on Hard AI Problems S.Navaneethakrishnan, P.Kumar Student, Assistant professor (CSE) Nandha College Of Technology,Erode snkrish1990@gmail.com csekumar@gmail.com ABSTRACT:
More informationISSN: (Online) Volume 2, Issue 2, February 2014 International Journal of Advance Research in Computer Science and Management Studies
ISSN: 2321-7782 (Online) Volume 2, Issue 2, February 2014 International Journal of Advance Research in Computer Science and Management Studies Research Article / Paper / Case Study Available online at:
More informationA Multi-Grid Graphical Password Scheme
A Multi-Grid Graphical Password Scheme Konstantinos CHALKIAS, Anastasios ALEXIADIS, George STEPHANIDES Dept. of Applied Informatics, Macedonia University, 156 Egnatia str., 540 06 Thessaloniki, Greece
More informationChallenges in Mobile Ad Hoc Network
American Journal of Engineering Research (AJER) e-issn: 2320-0847 p-issn : 2320-0936 Volume-5, Issue-5, pp-210-216 www.ajer.org Research Paper Challenges in Mobile Ad Hoc Network Reshma S. Patil 1, Dr.
More informationInnovative Graphical Passwords using Sequencing and Shuffling Together
Innovative Graphical Passwords using Sequencing and Shuffling Together Rashmi Wable 1, Dr.Suhas Raut 2 N.K. Orchid College of Engineering and Technology, Solapur ABSTRACT Graphical authentication technology
More informationP2_L12 Web Security Page 1
P2_L12 Web Security Page 1 Reference: Computer Security by Stallings and Brown, Chapter (not specified) The web is an extension of our computing environment, because most of our daily tasks involve interaction
More informationInternational Journal of Advance Engineering and Research Development
Scientific Journal of Impact Factor (SJIF): 5.71 International Journal of Advance Engineering and Research Development Volume 5, Issue 03, March -2018 e-issn (O): 2348-4470 p-issn (P): 2348-6406 BATCH
More informationISSN Vol.04,Issue.05, May-2016, Pages:
WWW.IJITECH.ORG ISSN 2321-8665 Vol.04,Issue.05, May-2016, Pages:0737-0741 Secure Cloud Storage using Decentralized Access Control with Anonymous Authentication C. S. KIRAN 1, C. SRINIVASA MURTHY 2 1 PG
More informationNetwork Security CHAPTER 31. Solutions to Review Questions and Exercises. Review Questions
CHAPTER 3 Network Security Solutions to Review Questions and Exercises Review Questions. A nonce is a large random number that is used only once to help distinguish a fresh authentication request from
More informationCaptcha Authenticated Unwanted Message Filtering Technique for Social Networking Services
Captcha Authenticated Unwanted Message Filtering Technique for Social Networking Services Fathimath Shahistha M., Prabhakara B. K. 4 th Sem M.Tech, Dept. of CSE., SCEM, Visvesvaraya Technological University,
More informationEnhancing Click-Draw Based Graphical Passwords Using Multi-Touch on Mobile Phones
Enhancing Click-Draw Based Graphical Passwords Using Multi-Touch on Mobile Phones Yuxin Meng 1, Wenjuan Li 2,andLam-ForKwok 1 1 Department of Computer Science, City University of Hong Kong, Hong Kong,
More informationENHANCEMENT OF SECURITY FEATURE IN GRAPHICAL PASSWORD AUTHENTICATION
International Journal of Computer Science Engineering and Information Technology Research (IJCSEITR) ISSN 2249-6831 Vol. 3, Issue 2, Jun 2013, 395-402 TJPRC Pvt. Ltd. ENHANCEMENT OF SECURITY FEATURE IN
More informationEnhanced Textual Password Scheme for Better Security and Memorability
Enhanced Textual Password Scheme for Better Security and Memorability Hina Bhanbhro Department of Computer Syst. Eng. Faculty of Electrical, Electronics & Computer Systems Engineering Shaheed Benazir Bhutto
More informationRandomized Image Passwords and A QR Code based Circumnavigation Mechanism for Secure Authentication
IJIRST International Journal for Innovative Research in Science & Technology Volume 2 Issue 04 September 2015 ISSN (online): 2349-6010 Randomized Image Passwords and A QR Code based Circumnavigation Mechanism
More informationAn Improved Remote User Authentication Scheme with Smart Cards using Bilinear Pairings
An Improved Remote User Authentication Scheme with Smart Cards using Bilinear Pairings Debasis Giri and P. D. Srivastava Department of Mathematics Indian Institute of Technology, Kharagpur 721 302, India
More informationSecure Usable Authentication Using Strong Pass text Passwords
I. J. Computer Network and Information Security, 2015, 3, 57-64 Published Online February 2015 in MECS (http://www.mecs-press.org/) DOI: 10.5815/ijcnis.2015.03.08 Secure Usable Authentication Using Strong
More informationEnsuring Trustworthiness and Security during Data Transmission in Multihop Wireless Networks
Ensuring Trustworthiness and Security during Data Transmission in Multihop Wireless Networks 1 S.Nandhini, 2 Mr.S.Franson Varun Richo, 1 PG Student, 2 Assistant professor, Francis Xavier Engineering college,
More information