1. SVS GROUP OF INSTITUTIONS
Bheemaram, Hanamkonda, warangal-506
By
BOGA BHAVANI KRUPA- 15TK1A0568
KANCHARLA SHIVA - 15TK1A0576
MYAKALA MOUNIKA - 15TK1A0580
AKULA VAMSHI - 16TK5A0501
2. A SECURED AND PRACTICAL
AUTHENTICATION SCHEME
USING
PERSONAL DEVICE
3. Authentication plays a critical role in securing
data in online activities.
Various services like online banking, online
shopping long relied on username/password
combination to verify users.
Over the years data breach reports that attackers
have created numerous high techniques to steal user
credentials.
Design and implement a novel scheme that
integrates encryption and signature without require
user.
4. The existing system uses a username/ password
combination to verify users and online activity.
This system is not immune against a wide variety
of attacks that can be launched on users, networks
or authentication servers.
The combination of username and password can
easily be identified by attackers using various
techniques
5. The existing system uses a username/ password combination to verify
users and online activity
This system is not immune against a wide variety of attacks that can
be launched on users, networks or authentication servers
The combination of username and password can easily be identified
by attackers using various techniques
To avoid the attackers this will be done through authentication by the
client.
Their will be the limitation for authentication scheme to user security.
Every device will limitation to access the security.
6. PROPOSED SYSTEM
In this system we propose a new method called “A Secure And
Practical Authentication Scheme Using Personal Devices”. In this
system we introduce a method that can generate a one time
username and password to secure the online activity of the user. We
demonstrate how smart personal device can not only enhance
security but also user experience by proposing a secure verification
code for each login session.
7. INTRODUCTION
We introduce a new method to generate one time
username and password to the user for his login session.
A smart personal device is used for verification and
generate one time username and password.
User can just generate a username/password easily
using his smart personal device.
We are introducing the security level for the user
authentication.
The data can be encrypted from the user, by providing
OTP to the user.
8. ADVANTAGES
Secure against password related attacks.
It can resist reply attacks, shoulder surfing attacks,phishing attacks,
and data breach incident.
User need not remember his username or password for web
services
A secure username and password can be easily provided by the
web server
Attackers can no longer perform phising attacks, shoulder surfing
attacks, key logger attacks and breach the data
9. DISADVANTAGES
Memorizing usernames and passwords for a lot of
accounts becomes a cumbersome and inefficient task.
It decreases the security of authentication.
Security level will not be stable untill the username and
password will be shared.
13. HOW ITS WORKS
Registered Devices:
A registered device is a smart watch or smart phone.
It is able to perform cryptographic operations. Each
user needs to register a device with server in order to
get server’s services.
Users Terminal:
It is an electronic device used to log into the server
such as laptop, desktop etc.
14. Server:
A server is an entity such as bank and it is
connected with hardware security module HSM that
safeguards and provides cryptoprocessing. The
server distributes its public key and verification code
to clients and provides services.
HOW ITS WORKS
15. MODULES
1.USER INTERFACE DESIGN:
Created for the security purposed
Enter the details for register to store in server for
authentication.
It helps for the username and password for user.
It plays an important role for the user
authentication
Cont.,
16. USER:
In user modules it helps for the user to enter
their username and password.
From the user here the OTP can be enter for
their future transaction.
The OTP can get to the user from the server for
verification their details from server.
After entering the OTP the procedure will be
activated.
Cont.,
17. ADMIN:
The admin will allow to activate the account,
view logs, view bank personal account transfer red
money like Tax, e_seva, credit card bill, LIC will
be added by admin.
Will be monitered from the admin.
The admin will add the update the authentication
scheme from the server to encrypt the data
Cont.,
18. AUTHENTICATION SERVER:
When the user need to login the user sent request to
server.
From the user the login will check the details of user
authentication.
The server is encrypted for the user details for not to
attack from others.
After completion of time the ticket will automatically
expire and user need to login for user transaction
19. DATABASE
In our database we store various
username and passwords.
These usernames and passwords are
encrypted and randomly generated to
serve various users.
A smart personal device will also be
registered in the database.
21. User Diagram:
Request admin for activate
account
Login with OTU and
OTP
DatabaseVerify Authority
View profile
Get OTP from server
User
Transfer money
View transactions
Cont.,
22. Result Displayed
Login
Admin Page
Database
Accept or decline user
activation requests
Register User &View
site logs
Admin
View LIC Details
View E_Sava Details
View Credit Card Bill Details
View Tax accounts
transactions Details
Cont.,
ADMIN:
23. SERVER AUTHENTICATION:
Authentication
Server Checking
user in active or
not
Database
If user active
give ticket
Provide OTP for
each and every
transaction
Authenticate user
entered OUT and
OTP’s
Check user holding
time in site.
If user Inactive
first activate
24. SCOPE
The main aim of this project is to provide
online security and protect the users from
data breaches
The combination of username and password
based existing system will be replaced
Efficient security will be provided to the
users
Attackers cannot hack the user information
using any techniques
25. CONCLUSION
This project will definitely provide
good security to the online users and
provide efficient security system. The
need of remembering the username
and password can be replaced by
providing one time username and
password. The attackers cannot
monitor the activities of users.