This document summarizes a proposed authentication system called the Implicit Password Authentication System (IPAS). IPAS aims to address weaknesses in existing authentication schemes like passwords, tokens, biometrics and graphical passwords. It proposes using a set of questions and answers during registration that are then implicitly embedded into images by the server during authentication. The server randomly selects questions and images, requiring the user to demonstrate knowledge of their prior answers without directly reproducing them. The system is intended for mobile banking but could generalize to other client-server environments.
In most networks and distributed systems, security
has always been of a major concern and authentication is the core
issue as it provides protection from unauthorized use and ensures
proper functioning of the system. This paper investigates and
proposes DS-NIZKP, an approach for authenticating users by
three factors, (namely password, smart-card and biometrics)
based on the concept of Zero Knowledge Proof (ZKP), so that no
sensitive information can be revealed during a communication.
The proposal employs the concept of digital signature (DS) to
authenticate the identity of the sender or the signer within a
single communication. Given that DS employs asymmetric
encryption, a one-way hash of the user’s identity is created then
signed using the private key. Hashing prevents from revealing
information about the user while signing provides authentication,
non-repudiation and integrity. This approach not only saves time
since just a single message between the prover and the verifier is
necessary but also defends privacy of the user in distributed
systems.
Graphical Based Password for Android Phones using Keystroke Dynamics - A SurveyIJSRD
Technology has elevated to grab an important position in humans life, the best example is smartphones. They offer access to network as well as online banking transactions, where simplification of human labour affects security and user authentication, and passwords are first line of defense, it’s crucial to pick a strong password. Online banking applications currently use alphanumerical usernames and passwords for authentication, which are exposed to eves dropping, attacks, and shoulder surfing. Users often choose either easy to remember passwords, which can be easily guessed or difficult ones, which tend to be forgotten. The paper revolves around the views, limitation of current system and offers a dynamic biometrics, as it can be easily integrated into the existing computer security systems with minimal alteration and user intervention. The main objective is to secure using cued click point (CCP), which is one click based graphical password scheme for sequence of images and measuring, assessing humans typing rhythm, it’s based upon the human tendency to memorize graphical passwords more comfortably.
A novel multifactor authentication system ensuring usability and securityijsptm
User authentication is one of the most important part of information security. Computer security most
commonly depends on passwords to authenticate human users. Password authentication systems will be
either been usable but not secure, or secure but not usable. While there are different types of authentication
systems available alphanumeric password is the most commonly used authentication mechanism. But this
method has significant drawbacks. An alternative solution to the text based authentication is Graphical
User Authentication based on the fact that humans tends to remember images better than text. Graphical
password authentication systems provide passwords which are easy to be created and remembered by the
user. However, the main issues of simple graphical password techniques are shoulder surfing attack and
image gallery attack. Studies reveals that most of the graphical passwords are either secure but not usable
or usable but not secure. . In this paper, a new technique that uses cued click point graphical password
method along with the use of one-time session key is proposed. The goal is to propose a new authentication
mechanism using graphical password to achieve higher security and better usability levels. The result of
the system testing is evaluated and it reveals that the proposed system ensures security and usability to a
great extent.
Passblot: A Highly Scalable Graphical One Time Password SystemIJNSA Journal
User authentication is necessary to secure the data and process on Internet and in digital devices. Static text based authentication are most widely employed authentication systems for being inexpensive and highly scalable. But they are prone to various types of active and passive attacks. The constant need of extending them to increase security is making them less usable. One promising alternative is Graphical
authentication systems, which if implemented properly are more secure but have their own drawbacks. In this paper, we discuss in detail the extension of our previous work Passblot [18], a unique graphical authentication system. It generates pseudo random one time passwords using a set of inkblots, unique to
each user. Properties of one time passwords ensure the resistance towards various common attacks and the uniqueness of human perception makes it usable. We demonstrate how our system effectively mitigates various attacks and analyse the results from various experiments conducted.
Enhancing Security of Multimodal Biometric Authentication System by Implement...IOSR Journals
Abstract : Conventional personal identification techniques for instance passwords, tokens, ID card and PIN
codes are prone to theft or forgery and thus biometrics isa solution thereto. Biometrics is the way of recognizing
and scrutinizing the physical traits of a person. Automated biometrics verification caters as a conducive and
legitimate method, but there must be an assurance to its cogency. Furthermore, in most of the cases unimodal
biometric recognition is not able to meet the performance requirements of the applications. According to recent
trends, recognition based on multimodal biometrics is emerging at a greater pace. Multimodal biometrics
unifies two or more biometric traits and thus the issues that emerge in unimodal recognition can be mitigated in
multimodal biometric systems. But with the rapid ontogenesis of information technology, even the biometric
data is not secure. Digital watermarking is one such technique that is implemented to secure the biometric data
from inadvertent or premeditated attacks.This paper propounds an approach that is projected in both the
directions of improving the performance of biometric identification system by going multimodal and, increasing
the security through watermarking. The biometric traits are initially transformed using Discrete Wavelet and
Discrete Cosine Transformation and then watermarked using Singular Value Decomposition. Scheme depiction
and presented outcomes justifies the effectiveness of the scheme.
Keywords: Discrete Cosine Transform (DCT), Discrete Wavelet Transform (DWT), Multimodal biometrics,
Singular Value Decomposition, Watermarking
In most networks and distributed systems, security
has always been of a major concern and authentication is the core
issue as it provides protection from unauthorized use and ensures
proper functioning of the system. This paper investigates and
proposes DS-NIZKP, an approach for authenticating users by
three factors, (namely password, smart-card and biometrics)
based on the concept of Zero Knowledge Proof (ZKP), so that no
sensitive information can be revealed during a communication.
The proposal employs the concept of digital signature (DS) to
authenticate the identity of the sender or the signer within a
single communication. Given that DS employs asymmetric
encryption, a one-way hash of the user’s identity is created then
signed using the private key. Hashing prevents from revealing
information about the user while signing provides authentication,
non-repudiation and integrity. This approach not only saves time
since just a single message between the prover and the verifier is
necessary but also defends privacy of the user in distributed
systems.
Graphical Based Password for Android Phones using Keystroke Dynamics - A SurveyIJSRD
Technology has elevated to grab an important position in humans life, the best example is smartphones. They offer access to network as well as online banking transactions, where simplification of human labour affects security and user authentication, and passwords are first line of defense, it’s crucial to pick a strong password. Online banking applications currently use alphanumerical usernames and passwords for authentication, which are exposed to eves dropping, attacks, and shoulder surfing. Users often choose either easy to remember passwords, which can be easily guessed or difficult ones, which tend to be forgotten. The paper revolves around the views, limitation of current system and offers a dynamic biometrics, as it can be easily integrated into the existing computer security systems with minimal alteration and user intervention. The main objective is to secure using cued click point (CCP), which is one click based graphical password scheme for sequence of images and measuring, assessing humans typing rhythm, it’s based upon the human tendency to memorize graphical passwords more comfortably.
A novel multifactor authentication system ensuring usability and securityijsptm
User authentication is one of the most important part of information security. Computer security most
commonly depends on passwords to authenticate human users. Password authentication systems will be
either been usable but not secure, or secure but not usable. While there are different types of authentication
systems available alphanumeric password is the most commonly used authentication mechanism. But this
method has significant drawbacks. An alternative solution to the text based authentication is Graphical
User Authentication based on the fact that humans tends to remember images better than text. Graphical
password authentication systems provide passwords which are easy to be created and remembered by the
user. However, the main issues of simple graphical password techniques are shoulder surfing attack and
image gallery attack. Studies reveals that most of the graphical passwords are either secure but not usable
or usable but not secure. . In this paper, a new technique that uses cued click point graphical password
method along with the use of one-time session key is proposed. The goal is to propose a new authentication
mechanism using graphical password to achieve higher security and better usability levels. The result of
the system testing is evaluated and it reveals that the proposed system ensures security and usability to a
great extent.
Passblot: A Highly Scalable Graphical One Time Password SystemIJNSA Journal
User authentication is necessary to secure the data and process on Internet and in digital devices. Static text based authentication are most widely employed authentication systems for being inexpensive and highly scalable. But they are prone to various types of active and passive attacks. The constant need of extending them to increase security is making them less usable. One promising alternative is Graphical
authentication systems, which if implemented properly are more secure but have their own drawbacks. In this paper, we discuss in detail the extension of our previous work Passblot [18], a unique graphical authentication system. It generates pseudo random one time passwords using a set of inkblots, unique to
each user. Properties of one time passwords ensure the resistance towards various common attacks and the uniqueness of human perception makes it usable. We demonstrate how our system effectively mitigates various attacks and analyse the results from various experiments conducted.
Enhancing Security of Multimodal Biometric Authentication System by Implement...IOSR Journals
Abstract : Conventional personal identification techniques for instance passwords, tokens, ID card and PIN
codes are prone to theft or forgery and thus biometrics isa solution thereto. Biometrics is the way of recognizing
and scrutinizing the physical traits of a person. Automated biometrics verification caters as a conducive and
legitimate method, but there must be an assurance to its cogency. Furthermore, in most of the cases unimodal
biometric recognition is not able to meet the performance requirements of the applications. According to recent
trends, recognition based on multimodal biometrics is emerging at a greater pace. Multimodal biometrics
unifies two or more biometric traits and thus the issues that emerge in unimodal recognition can be mitigated in
multimodal biometric systems. But with the rapid ontogenesis of information technology, even the biometric
data is not secure. Digital watermarking is one such technique that is implemented to secure the biometric data
from inadvertent or premeditated attacks.This paper propounds an approach that is projected in both the
directions of improving the performance of biometric identification system by going multimodal and, increasing
the security through watermarking. The biometric traits are initially transformed using Discrete Wavelet and
Discrete Cosine Transformation and then watermarked using Singular Value Decomposition. Scheme depiction
and presented outcomes justifies the effectiveness of the scheme.
Keywords: Discrete Cosine Transform (DCT), Discrete Wavelet Transform (DWT), Multimodal biometrics,
Singular Value Decomposition, Watermarking
ABSTRACT
Authentication based on passwords is used largely in applications for computer security and privacy. However, human actions such as choosing bad passwords and inputting passwords in an insecure way are regarded as ”the weakest link” in the authentication chain. Rather than arbitrary alphanumeric strings, users tend to choose passwords either short or meaningful for easy memorization. With web applications and mobile apps piling up, people can access these applications anytime and anywhere with various devices. This evolution brings great convenience but also increases the probability of exposing passwords to shoulder surfing attacks. Attackers can observe directly or use external recording devices to collect users’ credentials. To overcome this problem, we proposed a novel authentication system PassMatrix, based on graphical passwords to resist shoulder surfing attacks. With a one-time valid login indicator and circulative horizontal and vertical bars covering the entire scope of pass-images, PassMatrix offers no hint for attackers to figure out or narrow down the password even they conduct multiple camera-based attacks. We also implemented a PassMatrix prototype on Android and carried out real user experiments to evaluate its memorability and usability. From the experimental result, the proposed system achieves better resistance to shoulder surfing attacks while maintaining usability.
Keywords:- Graphical Passwords, Authentication, Shoulder Surfing Attack.
Implementing High Grade Security in Cloud Application using Multifactor Auth...IJwest
As a high
-
speed internet foundation is being developed and people are informationized, most
of the tasks are engaged in internet field so there is
a risk that any private data like personal information or
applications for managing money can be wiretapped or eavesdropped. The consolidation of One Time
Passwords (OTPs) and Hash encryption algorithms are used to evolve a more secured password
-
protected
web sites and data storage systems. The new outlined scheme had higher security, small system overhead
and is easy to implement.
Computer Security science and enggineering Sashank Dara
This talk is intended for Graduate or Under graduate students as an attempt to motivate them into this exciting field of computer security
This talk is by no means complete although constantly evolves to be comprehensive
Graphical Password by Watermarking for securityIJERA Editor
The most common authentication method is to use alphanumerical usernames and passwords. This method has
been shown to have considerable disadvantage. For example, users tend to pick passwords that can be easily
guessed. On the other hand, if a password is very difficult to guess, then it is often difficult to remember. To
address this problem, some researchers have developed authentication methods that use pictures as passwords.
Graphical Password based on the fact that humans tend to remember images better. In this paper, we will
propose a new algorithm that using watermarking technique as the solution to solving image gallery attacks and
using the random character set generation for each image for resistance to shoulder surfing attack to provide
better system security. All the information images in registration phase will be process by copy right protection
of watermarking where the login page will check this information for security purposes.
Database Security Two Way Authentication Using Graphical PasswordIJERA Editor
As data represent a key asset for today's organizations. The problem is that how to protect this data from
attackers, theft and misuse is at the forefront of any organization’s mind. Even though today several data
security techniques are available to protect database and computing infrastructure, many such as network
security and firewalls tools are unable to prevent attacks from insider. Insider is a person working in
organization who can try to access the sensitive data. This paper proposes a two-way authentication method
which fuses knowledge-based secret and personal trait information.
Graphical password authentication using Pass facesIJERA Editor
Authentication is one of the most important security primitive. Alphanumeric password authentication is most widely used authentication mechanism. This mechanism has been shown to have several drawbacks and is prone to various attacks such as brute force attack, shoulder surfing attack, dictionary attack. Thus to overcome the drawbacks of alphanumeric passwords, we propose Graphical passwords as an alternative to alphanumeric passwords. This is because humans tend to remember visuals better than text. This paper attempts to highlight the existing graphical Passface system, its usability features and then develop a new graphical password system that combines both graphic and texts passwords to fortify the authentication process on desktop systems.
Graphical Password Authentication using image Segmentation for Web Based Appl...ijtsrd
One of the most important topics in information security today is user authentication. User authentication is a fundamental component in most computer security contexts. It provides the basis for access control and user accountability. While there are various types of user authentication systems, alphanumeric passwords are the most common type of user authentication. They are versatile and easy to implement and use. However, it can either be long and secure or short and hard to remember. A graphical based password is one promising alternatives of textual passwords. According to human psychology, humans are able to remember pictures easily. In this paper, graphical passwords have been designed to try to make password more memorable and easier for people to use, and it is less vulnerable to brute force attacks than a text based password. The aim of the system is to implement a strong security. The proposed system segments the image like a grid, which has a maximum four fragments. Then, each segment of the image is dragged in a particular sequence onto an empty grid of size 6x6 and placed on a particular segment of the empty grid, to form the user' password. When the user logs into the system, the user needs to drag each segment of the image onto the same empty grid of size 6x6 in the correct sequence and position of the segments that user had specified during registration. Maw Maw Naing | Ohnmar Win ""Graphical Password Authentication using image Segmentation for Web Based Applications"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-4 , June 2019, URL: https://www.ijtsrd.com/papers/ijtsrd25184.pdf
Paper URL: https://www.ijtsrd.com/engineering/electronics-and-communication-engineering/25184/graphical-password-authentication-using-image-segmentation-for-web-based-applications/maw-maw-naing
STAGE STAFFING SCHEME FOR COPYRIGHT PROTECTION IN MULTIMEDIAIJNSA Journal
Copyright protection has become a need in today’s world. To achieve a secure copyright protection we embedded some information in images and videos and that image or video is called copyright protected. The embedded information can’t be detected by human eye but some attacks and operations can tamper that information to breach protection. So in order to find a secure technique of copyright protection, we have analyzed image processing techniques i.e. Spatial Domain (Least Significant Bit (LSB)), Transform Domain (Discrete Cosine Transform (DCT)), Discrete Wavelet Transform (DWT) and there are numerous algorithm for watermarking using them. After having a good understanding of the same we have proposed a novel algorithm named as Stage Staffing Algorithm that generates results with high effectiveness, additionally we can use self extracted-watermark technique to increase the security and automate the process of watermark image. The proposed algorithm provides protection in three stages. We have implemented the algorithm and results of the simulations are shown. The various factors affecting spatial domain watermarking are also discussed.
Biometric Template Protection With Robust Semi – Blind Watermarking Using Ima...CSCJournals
This paper addresses a biometric watermarking technology sturdy towards image manipulations, like JPEG compression, image filtering, and additive noise. Application scenarios include information transmission between client and server, maintaining e-database and management of signatures through insecure distribution channels. Steps involved in this work are, a) generation of binary signature code for biometric, b) embedding of the binary signature to the host image using intrinsic local property, that ensures signature protection, c) host image is then made exposed to various attacks and d) signature is extracted and matched based on an empirical threshold to verify the robustness of proposed embedding method. Embedding relies on binary signature manipulating the lower order AC coefficients of Discrete Cosine Transformed sub-blocks of host image. In the prediction phase, DC values of the nearest neighbor DCT blocks is utilized to predict the AC coefficients of centre block. Surrounding DC values of a DCT blocks are adaptively weighed for AC coefficients prediction. Linear programming is used to calculate the weights with respect to the image content. Multiple times embedding of watermark ensures robustness against common signal processing operations (filtering, enhancement, rescaling etc.) and various attacks. The proposed algorithm is tested for 50 different types of host images and public data collection, DB3, FVC2002. FAR and FRR are compared with other methods to show the improvement.
Graphical Based Password for Android Phones using Keystroke Dynamics - A SurveyIJSRD
Technology has elevated to grab an important position in humans life, the best example is smartphones. They offer access to network as well as online banking transactions, where simplification of human labour affects security and user authentication, and passwords are first line of defense, it’s crucial to pick a strong password. Online banking applications currently use alphanumerical usernames and passwords for authentication, which are exposed to eves dropping, attacks, and shoulder surfing. Users often choose either easy to remember passwords, which can be easily guessed or difficult ones, which tend to be forgotten. The paper revolves around the views, limitation of current system and offers a dynamic biometrics, as it can be easily integrated into the existing computer security systems with minimal alteration and user intervention. The main objective is to secure using cued click point (CCP), which is one click based graphical password scheme for sequence of images and measuring, assessing humans typing rhythm, it’s based upon the human tendency to memorize graphical passwords more comfortably.
Behavioural biometrics and cognitive security authentication comparison studyacijjournal
Behavioural
biometrics is a scien
tific study with the primary purpose of identifying the authenticity of a
user based on the way they interact with an authentication mechanism. While Association based password
authentication is a cognitive model of authentication system.
The work done shows the implementation of Keyboard Latency technique for Authentication,
implementation of Association Based Password authentication and comparison among two. There are
several forms of behavioural biometrics such as voice analysis, signat
ure verification, and keystroke
dynamics. In this study, evidence is presented indicating that keystroke dynamics is a viable method not
only for user verification, but also for identification as well. The work presented in this model borrows
ideas from th
e bioinformatics literature such as position specific scoring matrices (motifs) and multiple
sequence alignments to provide a novel approach to user verification and identification within the context
of a keystroke dynamics based user authentication system
. Similarly Cognitive approach can be defined in
many ways of which one is association based Technique for authentication
ABSTRACT
Authentication based on passwords is used largely in applications for computer security and privacy. However, human actions such as choosing bad passwords and inputting passwords in an insecure way are regarded as ”the weakest link” in the authentication chain. Rather than arbitrary alphanumeric strings, users tend to choose passwords either short or meaningful for easy memorization. With web applications and mobile apps piling up, people can access these applications anytime and anywhere with various devices. This evolution brings great convenience but also increases the probability of exposing passwords to shoulder surfing attacks. Attackers can observe directly or use external recording devices to collect users’ credentials. To overcome this problem, we proposed a novel authentication system PassMatrix, based on graphical passwords to resist shoulder surfing attacks. With a one-time valid login indicator and circulative horizontal and vertical bars covering the entire scope of pass-images, PassMatrix offers no hint for attackers to figure out or narrow down the password even they conduct multiple camera-based attacks. We also implemented a PassMatrix prototype on Android and carried out real user experiments to evaluate its memorability and usability. From the experimental result, the proposed system achieves better resistance to shoulder surfing attacks while maintaining usability.
Keywords:- Graphical Passwords, Authentication, Shoulder Surfing Attack.
Implementing High Grade Security in Cloud Application using Multifactor Auth...IJwest
As a high
-
speed internet foundation is being developed and people are informationized, most
of the tasks are engaged in internet field so there is
a risk that any private data like personal information or
applications for managing money can be wiretapped or eavesdropped. The consolidation of One Time
Passwords (OTPs) and Hash encryption algorithms are used to evolve a more secured password
-
protected
web sites and data storage systems. The new outlined scheme had higher security, small system overhead
and is easy to implement.
Computer Security science and enggineering Sashank Dara
This talk is intended for Graduate or Under graduate students as an attempt to motivate them into this exciting field of computer security
This talk is by no means complete although constantly evolves to be comprehensive
Graphical Password by Watermarking for securityIJERA Editor
The most common authentication method is to use alphanumerical usernames and passwords. This method has
been shown to have considerable disadvantage. For example, users tend to pick passwords that can be easily
guessed. On the other hand, if a password is very difficult to guess, then it is often difficult to remember. To
address this problem, some researchers have developed authentication methods that use pictures as passwords.
Graphical Password based on the fact that humans tend to remember images better. In this paper, we will
propose a new algorithm that using watermarking technique as the solution to solving image gallery attacks and
using the random character set generation for each image for resistance to shoulder surfing attack to provide
better system security. All the information images in registration phase will be process by copy right protection
of watermarking where the login page will check this information for security purposes.
Database Security Two Way Authentication Using Graphical PasswordIJERA Editor
As data represent a key asset for today's organizations. The problem is that how to protect this data from
attackers, theft and misuse is at the forefront of any organization’s mind. Even though today several data
security techniques are available to protect database and computing infrastructure, many such as network
security and firewalls tools are unable to prevent attacks from insider. Insider is a person working in
organization who can try to access the sensitive data. This paper proposes a two-way authentication method
which fuses knowledge-based secret and personal trait information.
Graphical password authentication using Pass facesIJERA Editor
Authentication is one of the most important security primitive. Alphanumeric password authentication is most widely used authentication mechanism. This mechanism has been shown to have several drawbacks and is prone to various attacks such as brute force attack, shoulder surfing attack, dictionary attack. Thus to overcome the drawbacks of alphanumeric passwords, we propose Graphical passwords as an alternative to alphanumeric passwords. This is because humans tend to remember visuals better than text. This paper attempts to highlight the existing graphical Passface system, its usability features and then develop a new graphical password system that combines both graphic and texts passwords to fortify the authentication process on desktop systems.
Graphical Password Authentication using image Segmentation for Web Based Appl...ijtsrd
One of the most important topics in information security today is user authentication. User authentication is a fundamental component in most computer security contexts. It provides the basis for access control and user accountability. While there are various types of user authentication systems, alphanumeric passwords are the most common type of user authentication. They are versatile and easy to implement and use. However, it can either be long and secure or short and hard to remember. A graphical based password is one promising alternatives of textual passwords. According to human psychology, humans are able to remember pictures easily. In this paper, graphical passwords have been designed to try to make password more memorable and easier for people to use, and it is less vulnerable to brute force attacks than a text based password. The aim of the system is to implement a strong security. The proposed system segments the image like a grid, which has a maximum four fragments. Then, each segment of the image is dragged in a particular sequence onto an empty grid of size 6x6 and placed on a particular segment of the empty grid, to form the user' password. When the user logs into the system, the user needs to drag each segment of the image onto the same empty grid of size 6x6 in the correct sequence and position of the segments that user had specified during registration. Maw Maw Naing | Ohnmar Win ""Graphical Password Authentication using image Segmentation for Web Based Applications"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-4 , June 2019, URL: https://www.ijtsrd.com/papers/ijtsrd25184.pdf
Paper URL: https://www.ijtsrd.com/engineering/electronics-and-communication-engineering/25184/graphical-password-authentication-using-image-segmentation-for-web-based-applications/maw-maw-naing
STAGE STAFFING SCHEME FOR COPYRIGHT PROTECTION IN MULTIMEDIAIJNSA Journal
Copyright protection has become a need in today’s world. To achieve a secure copyright protection we embedded some information in images and videos and that image or video is called copyright protected. The embedded information can’t be detected by human eye but some attacks and operations can tamper that information to breach protection. So in order to find a secure technique of copyright protection, we have analyzed image processing techniques i.e. Spatial Domain (Least Significant Bit (LSB)), Transform Domain (Discrete Cosine Transform (DCT)), Discrete Wavelet Transform (DWT) and there are numerous algorithm for watermarking using them. After having a good understanding of the same we have proposed a novel algorithm named as Stage Staffing Algorithm that generates results with high effectiveness, additionally we can use self extracted-watermark technique to increase the security and automate the process of watermark image. The proposed algorithm provides protection in three stages. We have implemented the algorithm and results of the simulations are shown. The various factors affecting spatial domain watermarking are also discussed.
Biometric Template Protection With Robust Semi – Blind Watermarking Using Ima...CSCJournals
This paper addresses a biometric watermarking technology sturdy towards image manipulations, like JPEG compression, image filtering, and additive noise. Application scenarios include information transmission between client and server, maintaining e-database and management of signatures through insecure distribution channels. Steps involved in this work are, a) generation of binary signature code for biometric, b) embedding of the binary signature to the host image using intrinsic local property, that ensures signature protection, c) host image is then made exposed to various attacks and d) signature is extracted and matched based on an empirical threshold to verify the robustness of proposed embedding method. Embedding relies on binary signature manipulating the lower order AC coefficients of Discrete Cosine Transformed sub-blocks of host image. In the prediction phase, DC values of the nearest neighbor DCT blocks is utilized to predict the AC coefficients of centre block. Surrounding DC values of a DCT blocks are adaptively weighed for AC coefficients prediction. Linear programming is used to calculate the weights with respect to the image content. Multiple times embedding of watermark ensures robustness against common signal processing operations (filtering, enhancement, rescaling etc.) and various attacks. The proposed algorithm is tested for 50 different types of host images and public data collection, DB3, FVC2002. FAR and FRR are compared with other methods to show the improvement.
Graphical Based Password for Android Phones using Keystroke Dynamics - A SurveyIJSRD
Technology has elevated to grab an important position in humans life, the best example is smartphones. They offer access to network as well as online banking transactions, where simplification of human labour affects security and user authentication, and passwords are first line of defense, it’s crucial to pick a strong password. Online banking applications currently use alphanumerical usernames and passwords for authentication, which are exposed to eves dropping, attacks, and shoulder surfing. Users often choose either easy to remember passwords, which can be easily guessed or difficult ones, which tend to be forgotten. The paper revolves around the views, limitation of current system and offers a dynamic biometrics, as it can be easily integrated into the existing computer security systems with minimal alteration and user intervention. The main objective is to secure using cued click point (CCP), which is one click based graphical password scheme for sequence of images and measuring, assessing humans typing rhythm, it’s based upon the human tendency to memorize graphical passwords more comfortably.
Behavioural biometrics and cognitive security authentication comparison studyacijjournal
Behavioural
biometrics is a scien
tific study with the primary purpose of identifying the authenticity of a
user based on the way they interact with an authentication mechanism. While Association based password
authentication is a cognitive model of authentication system.
The work done shows the implementation of Keyboard Latency technique for Authentication,
implementation of Association Based Password authentication and comparison among two. There are
several forms of behavioural biometrics such as voice analysis, signat
ure verification, and keystroke
dynamics. In this study, evidence is presented indicating that keystroke dynamics is a viable method not
only for user verification, but also for identification as well. The work presented in this model borrows
ideas from th
e bioinformatics literature such as position specific scoring matrices (motifs) and multiple
sequence alignments to provide a novel approach to user verification and identification within the context
of a keystroke dynamics based user authentication system
. Similarly Cognitive approach can be defined in
many ways of which one is association based Technique for authentication
Count based hybrid graphical password to prevent brute force attack and shoul...eSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
Three Step Multifactor Authentication Systems for Modern Securityijtsrd
Three factor authentication includes all major features in password authentication such as one factor authentication. Using passwords and two factor authentication is not enough to provide the best protection in the digital age significantly. Advances in the field of information technology. Even when one or two feature authentication was used to protect the remote control system, hacking tools, it was a simple computer program to collect private keys, and private generators made it difficult to provide protection. Security threats based on malware, such as key trackers installed, continue to be available to improve security risks. This requires the use of safe and easy to use materials. As a result, Three Level Security is an easy to use software. Soumyashree RK | Goutham S "Three Step Multifactor Authentication Systems for Modern Security" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-6 | Issue-3 , April 2022, URL: https://www.ijtsrd.com/papers/ijtsrd49785.pdf Paper URL: https://www.ijtsrd.com/computer-science/computer-security/49785/three-step-multifactor-authentication-systems-for-modern-security/soumyashree-rk
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
An Enhanced Security System for Web Authentication IJMER
Web authentication has low security in these days. Todays, For Authentication purpose,
Textual passwords are commonly used; however, users do not follow their requirements. Users tend to
choose meaningful words from dictionaries, which make textual passwords easy tobreak and vulnerable
to dictionary or brute force attacks. Also, Textual passwords can be identified by 3rd
party software’s.
Many available graphicalpasswords have a password space that is less than or equal to the textual
passwordspace. Smart cards or tokens can be stolen.There are so many biometric authentications have
been proposed; however, users tend to resistusing biometrics because of their intrusiveness and the effect
on their privacy. Moreover,biometrics cannot be evoked.In this paper, we present and evaluate our
contribution,i.e., the OTP and 3-D password. A one-time password (OTP) is a password that isvalid for
only one login session or transaction. OTPs avoid a number of shortcomingsthat are associated with
traditional (static) passwords. The most important shortcoming that is addressed by OTPs is that, in
contrast to static passwords, they are not vulnerable to replay attacks. It means that a potential intruder
who manages to record an OTPthat was already used to log into a service or to conduct a transaction
will not be able toabuse it, since it will be no longer valid. The 3-D password is a multifactor
authenticationscheme. To be authenticated, we present a 3-D virtual environment where the
usernavigates and interacts with various objects. The sequence of actions and interactionstoward the
objects inside the 3-D environment constructs the user’s 3-D password.
Security for Hard AI Problems Using CaRP Authenticationpaperpublications3
Abstract: Using hard AI problems for security is emerging as an exciting new paradigm, but has been underexplored. This approach present a new security primitive based on hard AI problems, namely, a novel family of graphical password systems built on top of Captcha technology, which is called Captcha as graphical passwords (CaRP). CaRP is both a Captcha and a graphical password scheme. CaRP addresses a number of security problems altogether, such as online guessing attacks, relay attacks, and, if combined with dual-view technologies, shoulder-surfing attacks. Notably, a CaRP password can be found only probabilistically by automatic online guessing attacks even if the password is in the search set.
Many security primitives are supported hard
mathematical problems. Passwords remain the foremost
widely used authentication method despite their well-known
security weaknesses. CAPTCHA authentication is clearly a
practical problem.
2. traditional password based system. Token based systems are not completely secure. It needs several rounds of image
vulnerable to man-in-the middle attacks where an intruder recognition for authentication to provide a reasonably large
intercepts the user’s session and records the credentials by password space, which is tedious [7]. Also, it is obvious that
acting as a proxy between the user and the authentication recognition based systems are vulnerable to replay attack
device without the knowledge of the user [3]. Thus as an and mouse tracking because of the use of a fixed image as a
alternative, graphical based passwords are introduced to password. Thus, we consider these drawbacks in our
resolve security and usability limitations mentioned in the proposed system, which overcomes the problems of recall
above schemes. based schemes too.
Graphical-based password techniques have been
B. Recall-Based Systems
proposed as a potential alternative to text-based techniques,
supported partially by the fact that humans can remember In recall-based systems, the user is asked to reproduce
images better than text [4]. Psychologists have confirmed something that he/she created or selected earlier during the
that in both recognition and recall scenarios, images are registration phase. Recall based schemes can be broadly
more memorable than text [2]. Therefore, graphical-based classified into two groups, viz: pure recall-based technique
authentication schemes have higher usability than other and cued recall-based technique.
authentication techniques. On the other hand, it is also
difficult to break graphical passwords using normal attacks 1) Pure Recall-Based Techniques
such as dictionary attack, brute force and spyware which In this group, users need to reproduce their passwords
have been affecting text-based and token-based without any help or reminder by the system. Draw-A-Secret
authentication [5]. Thus, the security level of graphical- technique [8], Grid selection [9], and Passdoodle [10] are
based authentication schemes is higher than other common examples of pure recall-based techniques.
authentication techniques. In 1999, Jermyn et al. [8] proposed DAS (Draw-A-
In general, the graphical password techniques can be Secret) scheme, in which the password is a shape drawn on
classified into two categories: recognition-based and recall- a two-dimensional grid of size G * G as in Figure 1. Each
based graphical techniques [4]. cell in this grid is represented by distinct rectangular
coordinates (x, y). The values of touch grids are stored in
temporal order of the drawing. If exact coordinates are
A. Reconition-Based Systems crossed with the same registered sequence, then the user is
In recognition-based systems, a group of images are authenticated. As with other pure recall-based techniques,
displayed to the user and an accepted authentication requires DAS has many drawbacks. In 2002, Goldberg [11]
a correct image being clicked or touched in a particular conducted a survey which concluded that most users forget
order. Some examples of recognition-based system are their stroke order and they can remember text passwords
Awase-E system [6], AuthentiGraph [3, 5], and Passfaces easier than DAS. Also, the password chosen by users are
system [4]. vulnerable to graphical dictionary attacks and replay attack.
An image password called Awase-E [6] is a new system
which enables users to use their favorite image instead of a
text password for authentication purpose. Even though
Awase-E system has a higher usability, it is difficult to
implement due to the storage space needed for images and
also the system cannot tolerate replay attack. Adding to this,
a user may always tend to choose a well-known (or
associated with the user through some relation, like son,
wife or a place visited etc.) image which may be prone to
guessing attacks.
Weinshall and Kirkpatrick [7] studied a recognition-based
scheme and concluded that users can still remember their
graphical password with 90% accuracy even after one or
two months. Their study supports the theory that human
remember images better than text. In addition for example,
Figure 1. Example of DAS
the commercial system Passfaces [4] uses images of human
faces. Davis, et al. [7] worked on such A scheme and
concluded that user’s password selection is affected by race
and gender. This makes the Passfaces’s password somewhat
predictable.
Although a recognition-based graphical password seems
to be easy to remember, which increases the usability, it is
431
3. 2) Cued Recall-Based Techniques
In this technique, the system gives some hints which
help users to reproduce their passwords with high accuracy.
These hints will be presented as hot spots (regions) within
an image. The user has to choose some of these regions to
register as their password and they have to choose the same
region following the same order to log into the system. The
user must remember the “chosen click spots” and keep them
secret. There are many implementations, such as Blonder
algorithm [12] and PassPoint scheme [13].
Figure 2. . Example of Grid Selection Model In 1996, Blonder [12] designed a method where a pre-
determined image is shown to the user on a visual display
and the user should “click” on some predefined positions on
In 2004, the Grid selection technique was proposed by
the image in a particular order to be authenticated as in
Thorpe and Van Oorschot [9] to enhance the password
Figure 4. This method was later modified and presented as
space of DAS. Their study showed the impact of stroke-
Passpoint [13].
count on DAS password space which decreases significantly
In 2005, the PassPoint [13] scheme was created to be
with less strokes for a fixed password length. To improve
similar to the Blonder's scheme while overcoming some of
the DAS security level, they suggested the "Grid Selection"
its main limitations. In Passpoint, the image can be an
technique, where the selection grid is large at the beginning,
arbitrary photograph or paintings with many clickable
A fine grained grid from which the person selects a drawing
regions as shown in Figure 5. This will increase the
grid, a rectangular area to zoom in on, in which they may
password space of Passpoint scheme which in turn will
enter their password as shown in Figure 2. This technique
increase the security level. Another source of difference is
would increase the password space of DAS, which improves
that there is no predefined click area with clear boundaries
the security level at the same time. Actually, this technique
like the Blonder algorithm. The user password could
only improves the password space of DAS but still carries
contain any chosen sequence of points in the image, which
over DAS weaknesses and drawbacks as mentioned above.
increases the usability level of this scheme.
Passdoodle [11], is a graphical password of handwritten
drawing or text, normally sketched with a stylus over a
touch sensitive screen as shown in Figure 3. In [11],
Goldberg et.al have shown that users were able to recognize
a complete doodle password as accurately as text-based
passwords. Unfortunately, the Passdoodle scheme has many
drawbacks. As mentioned in [9], users were fascinated by
other users' drawn doodles, and usually entered other users'
password merely to a different doodles from their own. In
[1], the authors concluded that the Passdoodle scheme is
vulnerable to several attacks such as guessing, spyware,
key-logger, and shoulder surfing.
Figure 4. Example of Blinder Scheme
Figure 3. Example of Passdoodle
Figure 5 Example of PassPoint System
432
4. The Passpoint system has a large password space, which remotely. Since all the image based password schemes
improves the security level compared with other similar known to us use static passwords, the recorded movie may
systems. For example, five or six click points on an image be replayed and with some human-interaction, the user’s
can produce more passwords than 8-character text-based password may be decoded.
passwords with standard 26-character alphabet [13]. For
more security, the Passpoint system stores the image
password in a hashed (encrypted) form in the password file. IV. IMPLICIT PASSWORD AUTHENTICATION SYSTEM
Moreover, hashing does not allow approximation e.g. two In this section, we propose our Implicit Password
passwords that are almost the same but not fully identical Authentication System. IPAS is similar to the PassPoint
will be hashed differently. In order to be authenticated, the scheme with some finer differences. In every “what you
user has to click close to the selected points, within some know type” authentication scheme we are aware of, the
measured tolerance distance from the pass point. server requests the user to reproduce the fact given to the
Wiedenbeck et al. [14] proposed the best tolerance server at the time of registration. This is also true in
around the click point in such an image. To log in, the user graphical passwords such as PassPoint. In IPAS, we
should click with the tolerance of such a click point. In fact, consider the password as a piece of information known to
a larger password space leads to a smaller tolerance size e.g. the server at the time of registration and at the time of
2 to 5 mm2 around the chosen click point or pixel. For authentication, the user give this information in an implicit
example, an image of size 330 x 260 mm2 with tolerance form that can be understood only by the server. We explain
areas of size 6 x 6 mm2 gives more than 590 tolerance areas this through a Mobile Banking case-study.
[14]. It is clear that password space depends on the tolerance
size or system choice. This enhancement makes the A. Study Case of IPAS (Mobile Banking)
Passpoint system more flexible, especially for people using In our case study, we consider mobile banking as our
mobile devices. domain. However, our proposed (IPAS) may also be
implemented in any client-server environment, where we
need to authenticate a human as a client (IPAS will not work
III. PROBLEMS WITH THE EXITING SCHEMES in machine-to-machine authentication). We also assume that
Traditional alphanumeric passwords are always the server has enough hardware resources like RAM and
vulnerable to guessing and dictionary attack. There may CPU. This is not un-realistic as high-end servers are
even be a rogue program that may record the key strokes becoming cheaper day-by-day. The bank may have a
and publish it on a remote website. In order to overcome the database of 100 to 200 standard questions. During the time
key logger based attacks, newer systems may show a of registration, a user should pick 10-20 questions from the
graphical keyboard and the user has to press the correct database (depending upon the level of security required) and
password using “mouse clicks”. This may also be defeated provide answers to the selected questions. For example, the
if the attacker uses a screen capture mechanism, rather than user may choose the following questions:
using a key logger. Since new video-codec is providing
higher compression ratio, an attacker may use a screen x The maker of your first car?
capture program and record a short video clip and send it to x The city you love to visit or visited?
a remote server for publishing. So, as an alternative, a token x Date of birth?
based authentication method may be used either as a stand-
alone authentication or used in addition to the traditional For each question, the server may create an intelligent
alphanumeric password. But this technology is not authentication space using images, where the answers to the
pervasive. The user may have to carry a trusted token card particular question for various users are implicitly
reader. With unknown token readers, a user may not be embedded into the images. During the time of
aware whether they are using a trusted legitimate reader or authentication, the server may pick one or more questions
using an un-trusted one that may clone the token (similar to selected by the users at the time of registration randomly
the recent ATM card scam). (the number of questions depends on the level of service
Although image based authentication systems reviewed in requested). For each chosen question, the server may choose
our paper address most of the threats, still they suffer from an image randomly from the authentication space and
the following attacks: replay, Shoulder-surfing, and present IT to the user as a challenge. Using the stylus or the
recording the screen. mouse, the user needs to navigate the image and click the
One may argue that replay attack can be prevented using right answer. For example, the server may present the user
encryption and tamper-proof time stamps, and physical with the picture of the Globe. The user should correlate to
shoulder-surfing may be known to the user as this process is Question 2. If Sydney is the city the user loves to visit or
invasive. However, due to the availability of high- has visited, he needs to click on to Australia. It will then
bandwidth to mobile devices and light-weight, high-efficient enlarge Australia. Then in the map, the user needs to click
video codecs, a rogue program may still capture and publish Sydney as shown in Figure 6.
433
5. the correct “clickable area”. Then based on the function f(I),
the image I and the area the user clicked, the client will then
generate a key K. The function f(I) is chosen in such a way
that S(Qi) = K if and only if the user and the server has
exactly the same area of interest in the image. The user then
decrypts S(Qi)[p] to get the random number. He then
transmits p+1 to the server for authentication and to the next
level. In this way, the user is authenticated implicitly and
no confidential information is exchanged over the network.
When the server is executing the last question in the
authentication process, instead of encrypting a pseudo
Figure 6. Example of an IPAS random number, it will pick a session key and encrypt with
the derived key. When the client decrypts it, he gets an
implicit message from the server to use this session key for
Next time, if the same question is chosen by the server, transmission. This procedure not only authenticates a user
the same scenario may not be presented. For the next time, implicitly, this will also exchange a session key implicitly.
the server may show an image containing all famous It is up to the application developer and the organization
buildings and monuments. The user needs to click on the to decide on what to do when a user gives an incorrect
“Sydney Opera house” to implicitly convey his answer. answer to one or more of the questions.
Since every time the server uses a different scenario and the
answers are given implicitly, our proposed system is
immune to screen capture attack. Also, except for the server C. Strength of IPAS
and the legitimate user, for others, the answers may look As one can easily see, IPAS is immune to shoulder
fuzzy. For example, if the user click “Opera house”, it may surfing and screen-dump attacks. Also, the authentication
even mean the “type of music user is interested to listen”, or information is presented to the user in an implicit form that
may represent his “place of birth”, or “current residency” can be understood and decoded only by the legitimate end-
and so on. user. Traditional password based authentication schemes
and PassPoint are special cases of IPAS. The strength of
B. IPAS Implementation Framework IPAS depends greatly on how effectively the authentication
information is embedded implicitly in an image and it
The bank will have a set of 100 to 200 questions. Every should be easy to decrypt for a legitimate user and highly-
user selects a set of 10 to 20 questions at the time of fuzzy for a non-legitimate user.
registration and provides their individual answer. For each One of the weaknesses of implementing this scheme is
question, the system then either creates an authentication that the system may simply ask the user an alphanumeric
space (the space that represents implicit answers for the question given during the time of registration process and
questions using images) if it is not available or add the new ask the user to input the answer through a graphical
user’s answer to the existing authentication space. Once the keyboard
authentication space is created, the system is ready for
authenticating a user. V. CONCLUSION AND FUTURE DIRECTIONS
First, a user may request access to the system by
In this paper, we have proposed a new Implicit Password
presenting his user name and the level of access required.
Authentication System where the authentication information
This may be sent as a plain text. Depending on the level of
is implicitly presented to the user. If the user “clicks” the
access required, the system might choose one or more
same grid-of-interest compared with the server, the user is
questions registered by the user during the time of
implicitly authenticated. No password information is
registration process. For each question, the server may
exchanged between the client and the server in IPAS. Since
choose a random scenario from the authentication space that
the authentication information is conveyed implicitly, IPAS
represents the correct answer. The chosen scenario will have
can tolerate shoulder-surfing and screen dump attack, which
one or more “clickable” points that represent the answer to
none of the existing schemes can tolerate. The strength of
the question provided by the particular user. Similar to
IPAS lies in creating a good authentication space with a
PassPoint, the IPAS considers the image as a grid and the
sufficiently large collection of images to avoid short
answers represent a clickable area.
repeating cycles. Compared to other methods reviewed in
Similar to Kerberos, a session key S(Qi) is derived from
our paper, IPAS may require human-interaction and careful
the correct clickable area through a function f(I). The server
selection of images and “click” regions. IPAS may also
will choose a random number p and then encrypt p with the
need user training. Once this is done, IPAS can be more
session key S(Qi) and transmit <Image, S(Qi)[p], f(I)> to the
robust. In our subsequent papers, we present various steps
mobile device. The client application then displays the
image. Using the stylus or a mouse, the user needs to choose
434
6. involved in creating a robust authentication space for every symposium on Usable privacy and security. Pittsburgh, Pennsylvania,
question. ACM.
[8] Wei-Chi, K. and T. Maw-Jinn (2005). “A Remote User
Authentication Scheme Using Strong Graphical Passwords”, Local
Computer Networks, 2005. 30th Anniversary.
REFERENCES
[9] Lashkari, A. H., F. Towhidi, et al. (2009). “A Complete Comparison
on Pure and Cued Recall-Based Graphical User Authentication
[1] Sabzevar, A.P. & Stavrou, A., 2008,” Universal Multi-Factor Algorithms”, Computer and Electrical Engineering, 2009. ICCEE '09.
Authentication Using Graphical Passwords”, IEEE International Second International Conference.
Conference on Signal Image Technology and Internet Based Systems [10] Renaud, K. (2009)."On user involvement in production of images
(SITIS). used in visual authentication." J. Vis. Lang. Comput. 20(1): 1-15.
[2] Haichang, G., L. Xiyang, et al. (2009). “Design and Analysis of a [11] Masrom, M., F. Towhidi, et al. (2009). “Pure and cued recall-based
Graphical Password Scheme”, Innovative Computing, Information graphical user authentication”, Application of Information and
and Control (ICICIC), 2009 Fourth International Conference on Communication Technologies, 2009. AICT 2009. International
Graphical Passwords. Conference.
[3] Pierce JD, Jason G. Wells, Matthew J. Warren, & David R. Mackay. [12] Birget, J. C., H. Dawei, et al. (2006). "Graphical passwords based on
(2003). “A Conceptual Model for Graphical Authentication”, 1st robust discretization", Information Forensics and Security, IEEE
Australian Information security Management Conference, 24 Sept. Transactions on 1(3): 395-399.
Perth, Western Australia, paper 16.
[13] S. Wiedenbeck, J. Waters, J.C. Birget, A. Brodskiy, N. Memon,
[4] Xiaoyuan, S., Z. Ying, et al. (2005). “Graphical passwords: a survey”, ``PassPoints: Design and longitudinal evaluation of a graphical
Computer Security Applications Conference, 21st Annual. password system'', International J. of Human-Computer Studies
[5] Wells, Jason; Hutchinson, Damien; and Pierce, Justin, "Enhanced (Special Issue on HCI Research in Privacy and Security), 63 (2005)
Security for Preventing Man-in-the-Middle Attacks in Authentication, 102-127.
formation Security Management Conference. Paper 58. [14] S. Wiedenbeck, J. Waters, J.C. Birget, A. Brodskiy, N.
[6] Takada, T. and H. Koike (2003). “Awase-E: Image-Based Memon, ``Authentication using graphical passwords: Effects of
Authentication for Mobile Phones Using User’s Favorite Images”, tolerance and image choice'', Symposium on Usable Privacy and
Human-Computer Interaction with Mobile Devices and Services, Security (SOUPS), 6-8 July 2005, at Carnegie-Mellon Univ.,
Springer Berlin / Heidelberg. 2795: 347-351. Pittsburgh.
[7] Dirik, A. E., N. Memon, et al. (2007). “Modeling user choice in the
PassPoints graphical password scheme”, Proceedings of the 3rd
435