User Authentication Protocol
|
|
- Lydia Stephens
- 5 years ago
- Views:
Transcription
1 opass: A User Authentication Protocol Sao Vikram B., Gore Vishwanath P., Sankhe Bhakti A., Rananaware Rahul C., ABSTRACT Password security is significant for user authentication on small networking system as well as large networking system. Text password is the most standard form of user authentication on websites due to its convenience and ease. Though, users passwords are likely to be taken and compromised under different threats and vulnerabilities. usual user uses text passwords for authentication which select while registering accounts on a website. Weak password is selected by the user and uses that among different websites causes domino effect. Additional, typing passwords into untrusted computers undergoes password thief threat. Anrival can launch several password stealing attacks to grab passwords, such as phishing, key loggers and malware. opass named a user authentication protocol is designed in this paper.the purpose of this system is to introduce the concept and methodology which helps organization and users to implement stronger password policies. The proposed system is an OTP user authentication protocol which leverages a user s cell phone and short message service to resist password stealing and password reuse attacks.opass only requires each contributing website possesses a unique phone number, In registration and recovery phases a telecommunication service provider involved. Through opass, users only need to remember a long-term password for login on all website.after calculating the opass prototype, we believe opass is efficient and inexpensive compared with the conventional web authentication mechanisms. KEYWORDS Network security, authentication, reuse attack,telecommunication service provider(tsp), message digest 5. 1.INTRODUCTION In the current public networks, since most of the activities are available on internet, user authentication is the most important part as far as security is concerned. Text password is used as primary means of user authentication from past few decades. In order to register in websites people selects username and passwords. So that you can once you have logged into the web page successfully, users must remember these passwords.in general, password based user authentication can oppose brute force and dictionary attacks if the user choose the strong passwords. But, users have problem in memorizing the text passwords. Users choose their passwords which can be easily remembered even they know that password might be unsafe.crucial problem is that they use same password in different websites [6]. Password-reuse can causes users to lose their sensitive information stored in different websites if a hacker compromises one of their passwords. These sort of attacks are usually referred to as password-reuse attack. The problems are caused due to negative influence of human factors. When we design a user authentication, the vitalsss consideration is human factors. Alternatives used are graphical password [3] [9] [10] and other password management tool [7][9] and also three factor authentication. But graphical password cannot implement practically [4]. Apart from reuse 21 Sao Vikram B., Gore Vishwanath P., Sankhe Bhakti A., Rananaware Rahul C.,
2 attack it is important to consider about other stealing attacks like phishing. Although a lot of research has been made to protect passwords used in online accounts [5] [2] and other sites from dictionary attacks [8] using many hash visualization[11] current defenses are still limited in terms of accuracy and efficiency. In this paper we target to prevent both password reuse and password stealing attacks using a user authentication protocol called opass [1] that uses user s cell phone that is used to generate one time password and Short Message Service which is used to transmit the message. The main concept of opass is free users from having to remember or type any passwords into conventional computers for authentication. A basic user authentication, opass involves a new component, to generate one-time passwords cellphone is used and to transmit authentication messagesa communication channel, SMS, is used.opass presents the following advantages. 1) Phishing Protection- Sometimes users are forged to enter websites by cheating them using phishing attacks. Users who propose opass are able to withstand phishing attacks. 2) Anti-malware- Retrieving sensitive information from users mainly password is called Malware (e.g.,keylogger).in opass, users can enter into different sites without typing passwords on their computers.malware is not allowed here. 3) Secure Registration and Recovery- In opass, an out-of-band communication interface is SMS.oPass cooperates with the telecommunication service provider (TSP) in order to obtain the correct phone numbers of websites and users correspondingly. SMS aids opass in establishing a secure channel for message exchange in the registration and recovery phases. To deal with cases recovery phase is designed where a user loses his cellphone. With the support of new SIM cards, opass works on new cell phones. 4) Password Reuse Prevention and Weak Password Avoidance- opass performs one-time password approach. For each time login the cell phone automatically derives one time password.so there is no need of remembering the password at all. 2.IMPLEMENTATION DETAILS: The proposed system is novel architecture for a user authentication to thwart phishing and password reusing attacks. The purpose of protocol is to avoid users from typing their memorized passwords into public kiosks. By adopting one-time passwords, password information is no longer useful. A one- time password is expired when the user finishes the existing session. Different from using internet channels, leverages SMS and user s cell phones to prevent password stealing attacks. We believe SMS is a secure and suitable medium to pass on important information between cell phones and websites. On the basis of SMS, a user identity is authenticated by websites without inputting any passwords to untrusted kiosks. User password is only used to limit access on the user s cell phone. In system, each user simply memorizes a longterm password to access her cell phone. The long-term password is used to guard the information on the cell phone from a theft. The assumptions made in system are as follows. 1) Every web server owns a unique phone number. Through a SMS channel, users can interact with each website using the phone number. 2) The telecommunication service provider plays a role in the registration and recovery phases. The TSP module is a link between subscribers and web servers which 22 Sao Vikram B., Gore Vishwanath P., Sankhe Bhakti A., Rananaware Rahul C.,
3 resides at server only. It offers a service for subscribers to perform the registration and recovery progress with each web service e.g., a subscriber inputs her id and a web server s id to execute the registration phase. Afterwards, the TSP module sends the request and the subscriber s phone number to the related web server based on the received. 3) Subscriber s (i.e., users) establishes connection to the server with TSP module through 3G connections. 4) If a user loses her cell phone, he can inform his service provider (TSP) to disable her misplaced SIM card and keeps a new card with the same phone number. Hence, the user finishes the recovery phase. 3.SYSTEM ARCHITECTURE Figure 1.System Architecture 4.MODULE DESCRIPTIONS There are three modules: 5.TSP sends server information with shared key to Cellphone. 6.User enter long term password. 7.Cell phone compute secret key and generate secured registration message and sent it to server for verify the authenticity. Figure 2.Procedure of registration phase. 4.2 LOGIN PHASE: 1.Browser sends user request to server 2.Server checks information with database and generate fresh nonce. 3.Then this message pass to Cellphone 4.User enter long term password. 5.One time password is generate for current login and Cellphone generate nonce and secure login SMS. 6.Server check and verify the authenticity of login SMS. 7.Server send successful login message to Cellphone through Internet. 4.1 Registration Phase. 4.2 Login Phase. 4.3 Recovery Phase 4.1REGISTRATION PHASE: 1.User enters user id and server id. 2.Cellphone transmit this info to TSP. 3.TSP transmit user id, user phone no and shared key to server. 4.Server generates secure info and send to TSP. Figure 3.Procedure of login phase. 4.3 RECOVERY PHASE: 1.User enters user id and server id. 2.Cellphone transmit this info to TSP. 23 Sao Vikram B., Gore Vishwanath P., Sankhe Bhakti A., Rananaware Rahul C.,
4 3.TSP transmit user id, user phone no and shared key to server. 4.Server checks for existence and generates fresh nonce and replies this message to TSP. 5.TSP sends server information to Cellphone. 6.User enter long term password. 7.Cellphone compute secret key and generate one time password and prepared secured recovery message and sent it to server for verify the authenticity. Figure 4.Procedure of recovery phase. 5.PLATFORM: Windows (Windows 7, Windows XP), Tools for programming: Android 2.2 SDK and its emulator must be installed, Eclipse IDE (versions and higher), SQLite database, Apache server, MYSQL database. Hardware: Processor-Intel Core2 Duo, RAM-1GB, Android device osv2.0 and above, GSM modem. Technology: Java, Html, Xml, Android API, PHP, SMS Lib (Open source library). 6.CONCLUSION: Proposed user authentication protocol which leverages cell phone and system to thwart unusual stealing and password reuse attacks.the design principle of system is try to eliminate the negative influence of human factors as much as possible. We assume that each website possesses a unique phone number. We assume that a telecommunication service provider participates in the registration and recovery phases.through this protocol, each user only needs to remember a long-term password which has been used to protect cell phone. Users can type any passwords into untrusted computers for login on all websites. Compared with preceding schemes, this method would be the first user authentication protocol to reduce the risk of password stealing and password reuse attacks simultaneously. For the reason that Proposed opass adopts the one-time password strategy to ensure independence between each login. 7.FURTURE SCOPE: In certain countries' online banking, the bank sends to the user a list of OTPs that are printed on paper. the user is required to enter a specific OTP from that list for every transaction. In Brazil and many other countries like Austria, those OTPs are typically called TANs (for 'transaction authentication numbers'). Some banks eventransmit such TANs to the user's mobile phone via SMS, in which case they are called mtans (for 'mobile TANs'). Recently Google has started offering OTP to mobile and landline phones for all Google accounts.otp can be received through a text message. In case none of the user's registered phones is accessible, the user can even use one of a set of (up to 10) previously generated one-time backup codes as a secondary authorization factor in place of the dynamically generated OTP, once signing in with their account password. A mobile phone keeps expenses low because a large customer-base previously owns a mobile phone for purposes other than generating OTPs. The computing power and storage space required for OTPs is usually irrelevant compared to that which modern camera- phones and smart phones typically 24 Sao Vikram B., Gore Vishwanath P., Sankhe Bhakti A., Rananaware Rahul C.,
5 use. Mobile phones as well support any number of tokens within one installation of the application, allow a user the ability to authenticate to multiple resources from one device. This result also provides modelspecific applications to the user's mobile phone. Thus, our user authentication protocol is acceptable and reliable for users, and more secure than the original login system. REFERENCES: [1]Hung-Min Sun, Yao-Hsin Chen, and Yue-Hsun Lin opass: A User Authentication Protocol Resistant to Password Stealing and Password Reuse Attacks, IEEE Transactions On Information Forensics And Security, Vol. 7, No. 2, April 2012 [2]D. Florencio and C. Herley, A largescale study of web password habits, in WWW 07: Proc. 16th Int. Conf. World Wide Web., New York, 2007, pp , ACM. [3]S.Chiasson, A. Forget, E. Stobert, P. C.et.al, Multiple password interference in text passwords and click-based graphical passwords, in CCS 09: Proc. 16th ACM Conf. Computer Communications Security, New York, 2009, pp , ACM. [4]S. Wiedenbeck, J. Waters, L. Sobrado, and J.-C. Birget, Design and evaluation of a shoulder-surfing resistant graphical password scheme, in AVI 06: Proc. Working Conf. Advanced Visual Interfaces, New York, 2006, pp , ACM. [6]B. Ives, K. R. Walsh, and H. Schneider, The domino effect of password reuse, Commun. ACM, vol. 47, no. 4, pp , [7]S. Wiedenbeck, J. Waters, J.-C. Birget, A. Brodskiy, and N.Memon, Passpoints: Design and longitudinal evaluation of a graphical password system, Int. J. Human- Computer Studies, vol. 63, no. 1 2, pp , [8]B. Pinkas and T. Sander, Securing passwords against dictionary attacks, in CCS 02: Proc. 9th ACM Conf. Computer Communications Security, New York, 2002, pp , ACM. [9]J. Thorpe and P. van Oorschot, Towards secure design choices for implementing graphical passwords, presented at the 20th. Annu. Computer Security Applicat. Conf., [10] I. Jermyn, A. Mayer, F. Monrose, M. K. Reiter, and A. D. Rubin, The design and analysis of graphical passwords, in SSYM 99: Proc. 8thConf. USENIX Security Symp., Berkeley, CA, 1999, pp. 1 1, USENIX Association. [11] A. Perrig and D. Song, Hash visualization: A new technique to improve real-world security, in Proc. Int.Workshop Cryptographic Techniques-Commerce, Citeseer, 1999, pp [5]S. Gawand, E. W. Felten, Password management strategies for online accounts, in SOUPS 06: Proc. 2nd Symp. Usable Privacy. Security, New York, 2006, pp , ACM. 25 Sao Vikram B., Gore Vishwanath P., Sankhe Bhakti A., Rananaware Rahul C.,
Improved Password Authentication System against Password attacks for web Applications
Improved Password Authentication System against Password attacks for web Applications Vaishnavi Yalamanchili, Department of Computer Science & Engineering, Gudlavalleru Engineering College, Gudlavalleru,
More informationSECURED PASSWORD MANAGEMENT TECHNIQUE USING ONE-TIME PASSWORD PROTOCOL IN SMARTPHONE
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 3, Issue. 3, March 2014,
More informationEnhancing Performance of User Authentication Protocol with Resist to Password Reuse Attacks
Enhancing Performance of User Authentication Protocol with Resist to Password Reuse Attacks 1, Ms. R.R.Karthiga, 2, Mr.K.Aravindhan, 1, Final year, M.E/CSE, SNS College of Engineering 2, Asst Professor/CSE,
More informationISSN: (Online) Volume 2, Issue 2, February 2014 International Journal of Advance Research in Computer Science and Management Studies
ISSN: 2321-7782 (Online) Volume 2, Issue 2, February 2014 International Journal of Advance Research in Computer Science and Management Studies Research Article / Paper / Case Study Available online at:
More informationSecurity Enhancement Using SCTP against Password Stealing in Multi-Homed Networks P.Venkadesh, S.V.Rajalakshmi, S.V.Divya
Security Enhancement Using SCTP against Password Stealing in Multi-Homed Networks P.Venkadesh, S.V.Rajalakshmi, S.V.Divya Abstract SCTP is a young transport layer protocol. It is designed for transferring
More informationAuthentication schemes for session password using color and special characters
Authentication schemes for session password using color and special characters Rohit Jagtap1, a, Vaibhav Ahirrao2,b Vinayak Kadam3,c Nilesh Aher4 1.Department of Computer Engineering, 2 Department of Computer
More informationDefenses against Large Scale Online Password Guessing by Using Persuasive Cued Click Points
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 2, Issue. 4, April 2013,
More informationInternational Journal of Advanced Research in Computer Science and Software Engineering
Volume 3, Issue 8, August 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com An Enhanced Authentication
More informationMULTI-FACTOR AUTHENTICATION USING GRAPHICAL PASSWORDS THROUGH HANDHELD DEVICE
MULTI-FACTOR AUTHENTICATION USING GRAPHICAL PASSWORDS THROUGH HANDHELD DEVICE P.Shyam Sunder 1, Ballikonda Sai Chaitanya 2, D.Vijay Kumar 3, P.Satya Shekar Varma 4 1,2,4 Department of Computer Science
More informationSecuring Web Accounts Using Graphical Password Authentication through MD5 Algorithm
Securing Web Accounts Using Graphical Password Authentication through MD5 Algorithm Siddheshwar A. Suratkar Rahul A. Udgirkar Pratik D. Kale Amit A. Shelke Mohsin H. Shaikh Prof. D. C. Dhanwani Prof. CSE,
More informationKNOWLEDGE BASED AUTHENTICATION MECHANISM FOR SECURED DATA TRANSFER
KNOWLEDGE BASED AUTHENTICATION MECHANISM FOR SECURED DATA TRANSFER R.T.Narmadha1, R.T.Nivetha2, M.Roobia Fathima 2, P.Vijayalakshmi 2 1 Department of Information Technology, Info Institute of Engineering,
More informationMultiple Type Passwords to Overcome Online Guessing Attacks
Multiple Type Passwords to Overcome Online Guessing Attacks R. Manoj Kumar, M. Ragulvignesh, N. Sunil, M. Anu PG Scholar, Assistant Professor, PG Scholar, PG Scholar PPG IT, PPG IT, PPG IT, PPG IT ABSTRACT---
More informationDivide and Conquer Approach for Solving Security and Usability Conflict in User Authentication
Divide and Conquer Approach for Solving Security and Usability Conflict in User Authentication Shah Zaman Nizamani Waqas Ali Sahito Shafique Awan Department of IT Department of IT Department of Computer
More informationAuthentication Technology for a Smart eid Infrastructure.
Authentication Technology for a Smart eid Infrastructure. www.aducid.com One app to access all public and private sector online services. One registration allows users to access all their online accounts
More informationUsable Privacy and Security, Fall 2011 Nov. 10, 2011
Usable Privacy and Security, Fall 2011 Nov. 10, 2011 YoungSeok Yoon (youngseok@cs.cmu.edu) Institute for Software Research School of Computer Science Carnegie Mellon University picture/photo based vs.
More informationCued Click Point Technique for Graphical Password Authentication
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 3, Issue. 1, January 2014,
More informationInternational Journal of Emerging Technology in Computer Science & Electronics (IJETCSE) ISSN: Volume 14 Issue 2 APRIL 2015
Persuasive Cued Click Point Authentication Mechanism with Sound Signature MOUNESHWAR KANAMADI 1,AMIT SAWANT 2,JAMDADE MARUTI 3,4 MEGHARANI BAMBUGADE, 5 ROKADE KOMAL 1 Department of CSE, Ashokrao Mane Group
More informationCARP-A NEW SECURITY PRIMITIVE BASED ON HARD AI PROBLEMS
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 4, Issue. 6, June 2015, pg.12
More informationA New Conditional Key based Authentication for Secure Shopping
A New Conditional Key based Authentication for Secure Shopping Dr. A.V. Senthil Kumar 1, J. Thiyagarajan 2 Head and Associate Professor, Department of Computer Applications, Hindusthan College of arts
More informationGraphical User Authentication System An Overview P. Baby Maruthi 1, Dr. K. Sandhya Rani 2
Graphical User Authentication System An Overview P. Baby Maruthi 1, Dr. K. Sandhya Rani 2 1 Research Scholar: Dept of Computer Science S.P.M.V.V, Tirupati, Andhra Pradesh, India mail2maruthi03@gmail.com
More informationPassword Guessing Resistant Protocol
RESEARCH ARTICLE OPEN ACCESS Password Guessing Resistant Protocol Arya Kumar #1, A. K. Gupta *2 # Student, M.E. Computer, JSCOE, Pune, University of Pune * Associate Professor, JSCOE, Pune, University
More informationAddress for Correspondence 1 Associate Professor department o f Computer Engineering BVUCOE, Pune
Research Article THREE DIMENSIONAL VIRTUAL ENVIRONMENT FOR SECURED AND RELIABLE AUTHENTICATION 1 Gauri Rao, 2 Dr. S.H. Patil Address for Correspondence 1 Associate Professor department o f Computer Engineering
More informationGraphical User Authentication Using Random Codes
Graphical User Authentication Using Random Codes Mr.D.S.Gawande 1, Manisha P. Thote 2, Madhavi M. Jangam 3, Payal P. Khonde 4, Payal R. Katre 5, Rohini V. Tiwade 6 1Assistant Professor, Computer Science
More informationGraphical Password to Increase the Capacity of Alphanumeric Password
Graphical Password to Increase the Capacity of Alphanumeric Password Gaddam Ramu Computer Science & Engineering. S.R.Engineering College, Warangal, Telangana, India. Goje Roopa(Asst.Prof) Computer Science
More informationBank Infrastructure - Video - 1
Bank Infrastructure - 1 05/09/2017 Threats Threat Source Risk Status Date Created Account Footprinting Web Browser Targeted Malware Web Browser Man in the browser Web Browser Identity Spoofing - Impersonation
More informationA Text based Authentication Scheme for Improving Security of Textual Passwords
A Text based Authentication Scheme for Improving Security of Textual Passwords Shah Zaman Nizamani Department of Information Technology Quaid-e-Awam University of Engineering, Science & Technology, Pakistan
More informationUsing a Personal Device to Strengthen Password Authentication from an Untrusted Computer
Financial Cryptography - Feb 13, 2007 Using a Personal Device to Strengthen Password Authentication from an Untrusted Computer Mohammad Mannan and Paul C. van Oorschot Digital Security Group Carleton University,
More informationMODULE NO.28: Password Cracking
SUBJECT Paper No. and Title Module No. and Title Module Tag PAPER No. 16: Digital Forensics MODULE No. 28: Password Cracking FSC_P16_M28 TABLE OF CONTENTS 1. Learning Outcomes 2. Introduction 3. Nature
More informationA Smart Card Based Authentication Protocol for Strong Passwords
A Smart Card Based Authentication Protocol for Strong Passwords Chin-Chen Chang 1,2 and Hao-Chuan Tsai 2 1 Department of Computer Science and Information Engineering, Feng Chia University, Taichung, Taiwan,
More informationInnovative Graphical Passwords using Sequencing and Shuffling Together
Innovative Graphical Passwords using Sequencing and Shuffling Together Rashmi Wable 1, Dr.Suhas Raut 2 N.K. Orchid College of Engineering and Technology, Solapur ABSTRACT Graphical authentication technology
More informationDesign & Implementation of Online Security Using Graphical Password Systems Using Captcha Technique
Design & Implementation of Online Security Using Graphical Password Systems Using Captcha Technique ABSTRACT: Many security primitives are based on hard mathematical problems. Using hard AI problems for
More informationA Multi-Grid Graphical Password Scheme
A Multi-Grid Graphical Password Scheme Konstantinos CHALKIAS, Anastasios ALEXIADIS, George STEPHANIDES Dept. of Applied Informatics, Macedonia University, 156 Egnatia str., 540 06 Thessaloniki, Greece
More informationAuthentication Using Grid-Based Authentication Scheme and Graphical Password
Authentication Using Grid-Based Authentication Scheme and Graphical Password Vijayshri D. Vaidya 1 Department of Computer engineering SND COE & RC Yeola, India Imaran R. Shaikh 2 Department of Computer
More informationGetting Started with Duo Security Two-Factor Authentication (2FA)
Getting Started with Duo Security Two-Factor Authentication (2FA) Table of Contents What is Two-Factor Authentication (2FA)?... 1 Why 2FA at Bates College?... 2 2FA Technologies... 3 Duo Protected Resources
More informationSurvey on Various Techniques of User Authentication and Graphical Password
Survey on Various Techniques of User Authentication and Graphical Password Miss. Saraswati B. Sahu #1, Associate Prof. Angad Singh *2 1(M. Tech Scholar, Dept. of Information Technology, NIIST, Bhopal,
More informationRandomized Image Passwords and A QR Code based Circumnavigation Mechanism for Secure Authentication
IJIRST International Journal for Innovative Research in Science & Technology Volume 2 Issue 04 September 2015 ISSN (online): 2349-6010 Randomized Image Passwords and A QR Code based Circumnavigation Mechanism
More informationWhat is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource.
P1L4 Authentication What is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource. Authentication: Who are you? Prove it.
More informationEXPERIENCE SIMPLER, STRONGER AUTHENTICATION
1 EXPERIENCE SIMPLER, STRONGER AUTHENTICATION 2 Data Breaches are out of control 3 IN 2014... 708 data breaches 82 million personal records stolen $3.5 million average cost per breach 4 We have a PASSWORD
More informationQR-TAN: Secure Mobile Transaction Authentication
QR-TAN: Secure Mobile Transaction Authentication Guenther Starnberger, Lorenz Froihofer and Karl M. Goeschka Vienna University of Technology Institute of Information Systems Argentinierstrasse 8/184-1
More informationRecall Based Authentication System- An Overview
Recall Based Authentication System- An Overview P. Baby Maruthi 1, Dr. K. Sandhya Rani 2 1 Research Scholar: Dept of Computer Science S.P.M.V.V, Tirupati, Andhra Pradesh, India 2 Professor: Dept of Computer
More informationImplementing a Secure Authentication System
Implementing a Secure Authentication System BRUNO CARPENTIERI Dipartimento di Informatica Università di Salerno Via Giovanni Paolo II ITALY bc@dia.unisa.it Abstract: One of the most used techniques for
More informationDESIGN, IMPLEMENTATION AND EVALUATION OF A KNOWLEDGE BASED AUTHENTICATION SCHEME UPON COMPELLING PLAIT CLICKS
http:// DESIGN, IMPLEMENTATION AND EVALUATION OF A KNOWLEDGE BASED AUTHENTICATION SCHEME UPON COMPELLING PLAIT CLICKS Chalichima Harshitha 1, Devika Rani 2 1 Pursuing M.tech (CSE), 2 Assistant professor
More informationIntroduction...1. Authentication Methods...1. Classes of Attacks on Authentication Mechanisms...4. Security Analysis of Authentication Mechanisms...
WHITE PAPER A Security Survey of Strong Authentication Technologies Contents Introduction...1 Authentication Methods...1 Classes of Attacks on Authentication Mechanisms...4 Security Analysis of Authentication
More informationMIBA: Multitouch Image-Based Authentication on Smartphones
MIBA: Multitouch Image-Based Authentication on Smartphones Daniel Ritter daniel.ritter@uni-ulm.de Florian Schaub florian.schaub@uni-ulm.de Marcel Walch marcel.walch@uni-ulm.de Michael Weber michael.weber@uni-ulm.de
More informationNETWORK SECURITY - OVERCOME PASSWORD HACKING THROUGH GRAPHICAL PASSWORD AUTHENTICATION
NETWORK SECURITY - OVERCOME PASSWORD HACKING THROUGH GRAPHICAL PASSWORD AUTHENTICATION P.Kiruthika R.Tamilarasi Department of Computer Applications, Dr.Mahalingam College Of Engineering and Technology,
More informationStop sweating the password and learn to love public key cryptography. Chris Streeks Solutions Engineer, Yubico
1 Stop sweating the password and learn to love public key cryptography Chris Streeks Solutions Engineer, Yubico Stop Sweating the Password! 2 Agenda Introduction The modern state of Phishing How to become
More information3LAS (Three Level Authentication Scheme)
3LAS (Three Level Authentication Scheme) Kunal Mulwani 1, Saurabh Naik 2, Navinkumar Gurnani 3, Dr. Nupur Giri 4, Prof. Sharmila Sengupta 5 1, 2,3,4,5 Vivekanand Education Society's Institute of Technology,
More informationM.Ashwini 1,K.C.Sreedhar 2
Improved Persuasive Cued Click Points For Knowledge-Based Authentication M.Ashwini 1,K.C.Sreedhar 2 1 M.Tech Student, Dept of CSE, QIS College of Engineering & technology, Ongole, Prakasam Dist, A.P, India
More informationThematic Graphical User Authentication: Graphical User Authentication Using Themed Images on Mobile Devices
Int'l Conf. Security and Management SAM'17 273 Thematic Graphical User Authentication: Graphical User Authentication Using Themed Images on Mobile Devices Joshua Sherfield 1, Cheryl V. Hinds 2 1 Lawrence
More informationRobust Defenses for Cross-Site Request Forgery
University of Cyprus Department of Computer Science Advanced Security Topics Robust Defenses for Cross-Site Request Forgery Name: Elena Prodromou Instructor: Dr. Elias Athanasopoulos Authors: Adam Barth,
More informationTSPass: A Dynamic User Authentication Scheme Based On Time and Space
IJCSNS International Journal of Computer Science and Network Security, VOL.12 No.10, October 2012 45 TSPass: A Dynamic User Authentication Scheme Based On Time and Space Xuguang Ren, Xin-Wen Wu,and Kun
More informationGraphical Password Using Captcha
International Journal of Advances in Applied Sciences (IJAAS) Vol. 5, No. 2, June 2016, pp. 94~100 ISSN: 2252-8814 94 Graphical Password Using Captcha Y. Chandra Sekhar Reddy, M. Venkateswara Rao, M. Kameswara
More informationSHOULDER SURFING RESISTANT GRAPHICAL PASSWORD
SHOULDER SURFING RESISTANT GRAPHICAL PASSWORD Kruthi K 1, Kumuda B G 2, Nandhini N V 3, Mrs. R.Anitha 4 (Associate Professor) 1, 2, 3, 4 Department of Computer Science and Engineering, The National Institute
More informationAuthentication and passwords
Authentication and passwords Passwords The Key Idea Prover sends a password to a Verifier. The channel must be private If an attacker obtains a user s password, he can authenticate as her. Passwords must
More informationComputer Security 4/12/19
Authentication Computer Security 09. Authentication Identification: who are you? Authentication: prove it Authorization: you can do it Paul Krzyzanowski Protocols such as Kerberos combine all three Rutgers
More informationCaptcha as Graphical Password- Based AI Problems
Captcha as Graphical Password- Based on Hard AI Problems S.Navaneethakrishnan, P.Kumar Student, Assistant professor (CSE) Nandha College Of Technology,Erode snkrish1990@gmail.com csekumar@gmail.com ABSTRACT:
More informationThe Design and Implementation of Background Pass-Go Scheme Towards Security Threats
The Design and Implementation of Background Pass-Go Scheme Towards Security Threats L. Y. Por 1, X. T. Lim 2, M.T. Su 3, F. Kianoush 4 Faculty of Computer Science and Information Technology, University
More informationEnhanced Textual Password Scheme for Better Security and Memorability
Enhanced Textual Password Scheme for Better Security and Memorability Hina Bhanbhro Department of Computer Syst. Eng. Faculty of Electrical, Electronics & Computer Systems Engineering Shaheed Benazir Bhutto
More informationDEFENSES AGAINST LARGE SCALE ONLINE PASSWORD GUESSING ATTACKS BY USING PERSUASIVE CLICK POINTS
DEFENSES AGAINST LARGE SCALE ONLINE PASSWORD GUESSING ATTACKS BY USING PERSUASIVE CLICK POINTS Abdul Rasheed. Sk 1 Asst. Professor Narasaraopeta Engineering College, Narasaraopet. rasheed4321@gmail.com
More informationBerner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 2
Table of Contents Hacking Web Sites Broken Authentication Emmanuel Benoist Spring Term 2018 Introduction Examples of Attacks Brute Force Session Spotting Replay Attack Session Fixation Attack Session Hijacking
More informationChoCD: Usable and Secure Graphical Password Authentication Scheme
Indian Journal of Science and Technology, Vol 10(4), DOI: 10.17485/ijst/2017/v10i4/110885, January 2017 ISSN (Print) : 0974-6846 ISSN (Online) : 0974-5645 ChoCD: Usable and Secure Graphical Password Authentication
More informationCaptcha as Textual Passwords with Click Points to Protect Information
Captcha as Textual Passwords with Click Points to Protect Information Sandeep Kumar Vengala Computer Science & Engineering. S.R.Engineering College, Warangal, Telangana, India. Goje Roopa(Asst.Prof) Computer
More informationA Hybrid Password Authentication Scheme Based on Shape and Text
JOURNAL OF COMPUTERS, VOL. 5, NO. 5, MAY 2010 765 A Hybrid Password Authentication Scheme Based on Shape and Text Ziran Zheng School of Management & Economics Shandong Normal University, Jinan, China Email:
More informationChapter 1 Protecting Financial Institutions from Brute-Force Attacks
Chapter 1 Protecting Financial Institutions from Brute-Force Attacks Cormac Herley and Dinei Florêncio Abstract We examine the problem of protecting online banking accounts from password brute-forcing
More informationHighly Secure Authentication Scheme: A Review
e-issn: 2349-9745 p-issn: 2393-8161 Scientific Journal Impact Factor (SJIF): 1.711 International Journal of Modern Trends in Engineering and Research www.ijmter.com Highly Secure Authentication Scheme:
More informationDEFENSES AGAINST LARGE SCALE ONLINE PASSWORD GUESSING ATTACKS BY USING PERSUASIVE CLICK POINTS
DEFENSES AGAINST LARGE SCALE ONLINE PASSWORD GUESSING ATTACKS BY USING PERSUASIVE CLICK POINTS Chippy.T chippyrevathy@gmail.com Dhanalakshmi Srinivasan Engineering College R.Nagendran nanonagendran@gmail.com
More informationPassblot: A Highly Scalable Graphical One Time Password System
Passblot: A Highly Scalable Graphical One Time Password System Sainath Gupta, Shashank Sahni, Pruthvi Sabbu, Siddhartha Varma, Suryakanth V Gangashetty IIIT Hyderabad, Gachibowli, Hyderabad, India 500032
More informationP2_L12 Web Security Page 1
P2_L12 Web Security Page 1 Reference: Computer Security by Stallings and Brown, Chapter (not specified) The web is an extension of our computing environment, because most of our daily tasks involve interaction
More informationAuthentication. Steven M. Bellovin January 31,
Authentication Another trilogy: identification, authentication, authorization ACLs and the like are forms of authorization: what you re allowed to do Identification is whom you claim to be be Authentication
More informationA Novel Graphical Password Authentication Scheme
A Novel Graphical Password Authentication Scheme 1 L. Lakshmi reddy & 2 J. Nagamuneiah 1 M.Tech (CSE), CREC, Tirupati, Email Id: lakshmireddy49@gmail.com 2 Associate professor, CREC, Tirupati, Email Id:
More informationSecurity Weaknesses of a Biometric-Based Remote User Authentication Scheme Using Smart Cards
Security Weaknesses of a Biometric-Based Remote User Authentication Scheme Using Smart Cards Younghwa An Computer Media Information Engineering, Kangnam University, 111, Gugal-dong, Giheung-gu, Yongin-si,
More informationarxiv: v1 [cs.cr] 5 Sep 2013
Automated Password Extraction Attack on Modern Password Managers Raul Gonzalez Carnegie Mellon University Eric Y. Chen Carnegie Mellon University Collin Jackson Carnegie Mellon University arxiv:1309.1416v1
More informationAn Ancient Indian Board Game as a Tool for Authentication
An Ancient Indian Board Game as a Tool for Authentication Sreelatha Malempati 1 and Shashi Mogalla 2 1 Department of Computer Science and Engineering RVR & JC College of Engineering, Guntur, A.P. e-mail:
More informationPaystar Remittance Suite Tokenless Two-Factor Authentication
Paystar Remittance Suite Tokenless Two-Factor Authentication Introduction Authentication is the process by which a computer system positively identifies a user It is commonly considered to be one of the
More informationSDD: A Novel Technique for Enhancing Cloud Security with Self Destructing Data
SDD: A Novel Technique for Enhancing Cloud Security with Self Destructing Data Kishore K, Ramchand V M.Tech Student, Dept. of CSE, The Oxford College Of Engineering, Bangalore, India Associate Professor,
More informationMinimizing Shoulder Surfing Attack using Text and Color Based Graphical Password Scheme
Minimizing Shoulder Surfing Attack using Text and Color Based Graphical Password Scheme 1 Prof. S. K. Sonkar, 2 Prof. R. L. Paikrao Computer Engineering Dept. Amrutvahini College of engineering Sangamner,
More informationAuthentication Methods
CERT-EU Security Whitepaper 16-003 Authentication Methods D.Antoniou, K.Socha ver. 1.0 20/12/2016 TLP: WHITE 1 Authentication Lately, protecting data has become increasingly difficult task. Cyber-attacks
More informationSmart-card-loss-attack and Improvement of Hsiang et al. s Authentication Scheme
Smart-card-loss-attack and Improvement of Hsiang et al. s Authentication Scheme Y.. Lee Department of Security Technology and Management WuFeng niversity, hiayi, 653, Taiwan yclee@wfu.edu.tw ABSTRAT Due
More informationA Model to Restrict Online Password Guessing Attacks
A Model to Restrict Online Password Guessing Attacks Aqib Malik, Dr. Sanjay Jamwal Department of Computer Science, Baba Ghulam Shah Badshah University, Rajouri, J&K, India Abstract Passwords are a critical
More informationEXPERIENCE SIMPLER, STRONGER AUTHENTICATION
1 EXPERIENCE SIMPLER, STRONGER AUTHENTICATION 2 Data Breaches are out of control 3 IN 2014... 783 data breaches >1 billion records stolen since 2012 $3.5 million average cost per breach 4 We have a PASSWORD
More informationWeb Security, Summer Term 2012
IIG University of Freiburg Web Security, Summer Term 2012 Brocken Authentication and Session Management Dr. E. Benoist Sommer Semester Web Security, Summer Term 2012 7 Broken Authentication and Session
More informationWeb Security, Summer Term 2012
Table of Contents IIG University of Freiburg Web Security, Summer Term 2012 Brocken Authentication and Session Management Dr. E. Benoist Sommer Semester Introduction Examples of Attacks Brute Force Session
More informationTowards Identifying Usability and Security Features of Graphical Password in Knowledge Based Authentication Technique
Second Asia International Conference on Modelling & Simulation Towards Identifying Usability and Security Features of Graphical Password in Knowledge Based Authentication Technique Muhammad Daniel Hafiz
More informationWelcome Guide for MP-1 Token for Microsoft Windows
Welcome Guide for MP-1 Token for Microsoft Windows Protecting Your On-line Identity Authentication Service Delivery Made EASY Copyright 2013 SafeNet, Inc. All rights reserved. All attempts have been made
More informationKeywords security model, online banking, authentication, biometric, variable tokens
Volume 4, Issue 11, November 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Authentication
More informationApplying Context to Web Authentication
Applying Context to Web Authentication John Linn, Burt Kaliski, and Moti Yung, RSA Laboratories; Magnus Nyström, RSA Security Inc. Prepared for W3C Workshop on Transparency and Usability of Web Authentication,
More informationNovel Shoulder-Surfing Resistant Authentication Schemes using Text-Graphical Passwords
Institute of Advanced Engineering and Science International Journal of Information & Network Security (IJINS) Vol.1, No.3, August 2012, pp. 163~170 ISSN: 2089-3299 163 Novel Shoulder-Surfing Resistant
More informationModern two-factor authentication: Easy. Affordable. Secure.
Modern two-factor authentication: Easy. Affordable. Secure. www.duosecurity.com Your systems and users are under attack like never before The last few years have seen an unprecedented number of attacks
More informationSecurity Improvements of Dynamic ID-based Remote User Authentication Scheme with Session Key Agreement
Security Improvements of Dynamic ID-based Remote User Authentication Scheme with Session Key Agreement Young-Hwa An* * Division of Computer and Media Information Engineering, Kangnam University 111, Gugal-dong,
More informationNetwork Security Issues and Cryptography
Network Security Issues and Cryptography PriyaTrivedi 1, Sanya Harneja 2 1 Information Technology, Maharishi Dayanand University Farrukhnagar, Gurgaon, Haryana, India 2 Information Technology, Maharishi
More informationSHOULDER SURFING ATTACK PREVENTION USING COLOR PASS METHOD
SHOULDER SURFING ATTACK PREVENTION USING COLOR PASS METHOD Bagade Om, Sonawane Anuja, Patil Akash, Patil Yogita, Maurya Jagruti Department of Computer Engineering Shram sadhana trust s college of engineering
More informationA Secure Graphical Password Authentication System
International Journal of Computational Intelligence Research ISSN 0973-1873 Volume 12, Number 2 (2016), pp. 197-201 Research India Publications http://www.ripublication.com A Secure Graphical Password
More informationA Graphical PIN Authentication Mechanism for Smart Cards and Low-Cost Devices
A Graphical PIN Authentication Mechanism for Smart Cards and Low-Cost Devices Luigi Catuogno Dipartimento di Informatica ed Applicazioni Università di Salerno - ITALY [luicat@dia.unisa.it] Clemente Galdi
More informationA New Graphical Password: Combination of Recall & Recognition Based Approach
A New Graphical Password: Combination of Recall & Recognition Based Approach Md. Asraful Haque, Babbar Imam International Science Index, Computer and Information Engineering waset.org/publication/9997703
More informationBreaking FIDO Yubico. Are Exploits in There?
Breaking FIDO Are Exploits in There? FIDO U2F (Universal 2nd Factor) Analyzing FIDO U2F Attack and Countermeasures Implementation Considerations Resources 2 User Experience 1. Enter username/pwd 2. Insert
More informationRethinking Authentication. Steven M. Bellovin
Rethinking Authentication Steven M. https://www.cs.columbia.edu/~smb Why? I don t think we understand the real security issues with authentication Our defenses are ad hoc I regard this as a step towards
More informationAbstract. 1. Introduction
Supporting Signatures in Mobile Environments Scott Campbell Department of Computer Science and Systems Analysis, Miami University scott@cc-campbell.com Abstract s, like physical s, can verify that a specific
More informationSafelayer's Adaptive Authentication: Increased security through context information
1 Safelayer's Adaptive Authentication: Increased security through context information The password continues to be the most widely used credential, although awareness is growing that it provides insufficient
More informationComputer Security 3/20/18
Authentication Identification: who are you? Authentication: prove it Computer Security 08. Authentication Authorization: you can do it Protocols such as Kerberos combine all three Paul Krzyzanowski Rutgers
More informationTwo-Factor User Authentication with SMS and Voiceprint Challenge Response
Two-Factor User Authentication with SMS and Voiceprint Challenge Response Haruhiko Fujii 1, Yukio Tsuruoka 2 NTT Secure Platform Laboratories 1 NTT Software Innovation Center 2 Japan Abstract Two-step
More information