Your search keyword '"Password policy"' showing total 17 results

1. Utilizing Keystroke Dynamics as an Additional Security Measure to Password Security in Computer Web-based Applications - A Case Study of UEW

Author

Osei Boakye Michael and Yaw Marfo Missah

Subjects

Password, Password policy, Authentication, Biometrics, business.industry, Computer science, Web application security, Computer security, computer.software_genre, Password strength, Keystroke dynamics, Benchmark (computing), Web application, business, computer

Abstract

Keystroke Dynamics is one of the well-known and economical behavioral biometric developments that attempt to recognize the genuineness of a client when the client invokes his keystrokes from a computer keyboard. The keystrokes pattern helps to determine the typing behaviour of users of the system thus serves as the benchmark for identity verification. This paper displays the use of biometrics to augment traditional passwords security in computer web-based application systems. The system was evaluated base on these criteria; authenticating legitimate user against imposter user and a guess imposter user of the system. Also, evaluation of character timings was performed to know the best combination of strings to use in setting passwords in systems where keystroke dynamics would be applied in order to achieve high efficiency. This study concludes that the use of keystrokes dynamics in augmenting password security in computer web-based applications should be embraced. General Terms Keystroke dynamics web-based application.

Published

2016

2. Dual Layer Secured Password Manager using Blowfish and LSB

Author

Mukesh Ramrakhyani, Sonal Shroff, Bunty Manchundiya, and Raaj Ahuja

Subjects

Password, Zero-knowledge password proof, Password policy, Cognitive password, Blowfish, business.industry, Computer science, ComputingMethodologies_IMAGEPROCESSINGANDCOMPUTERVISION, Password cracking, Cryptography, Encryption, Computer security, computer.software_genre, Login, One-time password, S/KEY, Password strength, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Email address, Cipher, business, computer, Computer network

Abstract

Today’s era is the era of Smart phones. Smart phones are continually becoming smaller, more powerful and can perform variety of tasks. The data generated by these devices need to be stored and accessed securely. One example of such sensitive data is password. Computer users are increasingly using password for online accounts, email servers, ecommerce sites, financial services and social media websites and it is always advisable that passwords should be complex and reuse of passwords should be avoided. Therefore this leads to a challenge of remembering several complex passwords for various applications, something an average human being is not very good at. In this paper, a Password Manager, an Android Application is proposed. This password manager takes login credentials (Email Address & Password) as input from user which is then being encrypted using Blowfish algorithm and finally the cipher is stored inside an image selected by user using LSB (least Significant Bit) Technique. A typical password manager uses database to store all login credentials but our proposed approach replaces database with image and stores all login credentials inside an image and in turn providing dual layer security of data that uses combination of both cryptography and steganography in which first layer is to scramble information using Blowfish Algorithm and second layer is insertion of scramble information inside an Image using least significant approach (LSB). Finally, performance analysis of cover-image and stego-image shows that image quality is preserved in terms of MSE and PSNR

Published

2016

3. A Robust Authentication Scheme for Telecare Medicine Information Systems

Author

Abhinav Vidwansh and Kukki Arya

Subjects

Password, Password policy, Authentication, business.industry, Computer science, Computer security, computer.software_genre, One-time password, S/KEY, Public-key cryptography, Cryptographic hash function, Session key, Smart card, Challenge–response authentication, business, computer

Abstract

Telecare Medicine Information System (TMIS) has established a connection between patients at home and doctors at a clinical center by using telecommunication systems and physiological monitoring devices. Authentication, security, patient's privacy protection and data confidentiality are important for patient or doctors accessing to Electronic Medical Records (EMR). Remote user authentication is desirable for TMIS to verify the correctness of communicating parties. The password based authentication schemes provide efficient and scalable solutions for remote user authentication. In this context, numerous schemes have been proposed to achieve these goals. However, these schemes are vulnerable to various attacks. Moreover, they are neither efficient nor user friendly. Specially, some schemes require the exponential computation or public key cryptography which leads to very low efficiency for smart card. This paper shows that recently proposed Zhian Zhu's scheme is incorrect. Moreover, it has insecure change of password, and no early wrong password detection and session key generation. To remedy, robust authentication scheme for TMIS has been proposed using one way hash function. KeywordsHash function, Password, Smart card, TMIS.

Published

2015

4. Highly Secure Authentication Scheme

Author

R.B.Joshi R.B.Joshi and Ushir KishoriN

Subjects

Secure authentication, Password policy, Computer science, Challenge–response authentication, Computer security, computer.software_genre, computer

Published

2014

5. A User Identification Technique to Access Big Data using Cloud Services

Author

Manu A R, K N Bala Subramanya Murthy, and Vinod Kumar Agrawal

Subjects

Password, Password policy, Authentication, Computer science, business.industry, Cloud computing, business, Login, One-time password, Computer network, S/KEY

Abstract

is required in stored database systems so that only authorized users can access the data and related cloud infrastructures. This paper proposes anauthentication technique using multi-factor and multi-dimensional authentication system with multi-level security. The proposed technique is likely to be more robust as the probability of breaking the password is extremely low. This framework uses a multi-modal biometric approach and SMS to enforce additional security measures with the conventional Login/password system. The robustness of the technique is demonstrated mathematically using a statistical analysis. This work presents the authentication system using the consumer authentication architecture diagrams, activity diagrams, data flow diagrams, sequence diagrams, and algorithms.

Published

2014

6. M-Pass: Web Authentication Protocol Resistant to Malware and Phishing

Author

A. K. Gupta and Ajinkya S. Yadav

Subjects

Zero-knowledge password proof, Computer science, Salt (cryptography), computer.internet_protocol, Internet privacy, Keystroke logging, Computer security, computer.software_genre, One-time password, Password strength, S/KEY, Key stretching, Syskey, Microsoft Office password protection, Password psychology, Password, User authentication, Password policy, Authentication, Cognitive password, business.industry, Password cracking, Passphrase, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, HMAC-based One-time Password Algorithm, Challenge–response authentication, business, computer

Abstract

this digital world all information and data is kept safe by passwords. The simple and convenient format of password is in the form of text. But, text passwords are not always strong enough and under different vulnerabilities they are very easily stolen and changed. When a person creates a weak password or same password is reused in many sites it may be possible that others can acquire that password. If one password is stolen, then it is possible that it can be used for all the websites. This phenomenon is known as the Domino Effect. Another possible risky attacks are related to phishing, malware and key loggers etc. A protocol is designed which makes use of the user's customer's mobile i.e. cellular phone and SMS (short message service) to ensure protection against password stealing attacks. This user authentication protocol is named as m-Pass. The unique phone number is required which will be possessed by each participating website. The telecommunication service provider plays important role in the registration and the recovery phases. The main theme is to reduce the password reuse attack. It works with one time password technology, and results in reduction of the password validity time. The results show improvement in performance of the security. KeywordsSecurity, m-Pass, Phishing, authentication

Published

2014

7. Security using 3D Password

Author

Abhilash Shukla and Dhatri Raval

Subjects

Challenge-Handshake Authentication Protocol, Zero-knowledge password proof, Computer science, Salt (cryptography), computer.internet_protocol, Computer security, computer.software_genre, Encryption, One-time password, S/KEY, Password strength, Syskey, Password psychology, Data Authentication Algorithm, Password, Password policy, Authentication, Cognitive password, business.industry, Password cracking, Multi-factor authentication, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Authentication protocol, HMAC-based One-time Password Algorithm, Challenge–response authentication, business, computer

Abstract

Authentication of any system means providing a security to that system. There are number of authentication techniques like textual, biometrics etc. This type of textual password commonly follows an encryption algorithm to provide security. Each of these techniques has some limitations and drawbacks. To overcome the drawbacks, a new authenticate technique is now available. This new authentication technique, known as 3D Password, is multi-factor and multi-factor authentication technique. The most important part of 3D Password is virtual environment containing the user interface which looks like a real time environment, but is not actually a real time environment [3]. 3D password is more secure technique of authentication in comparison to other techniques because it is difficult to break and simple to use [1].

Published

2015

8. Time based Dynamic Password (TBDP) System using Variable Insertion Technique

Author

Mukkamala Manoj and Irshad Sharif Shaik

Subjects

Password, Password policy, Zero-knowledge password proof, Software_OPERATINGSYSTEMS, Cognitive password, Computer science, Salt (cryptography), Password cracking, Login, Computer security, computer.software_genre, One-time password, Password strength, S/KEY, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Key stretching, Syskey, Microsoft Office password protection, Password psychology, computer

Abstract

most of the confidential works are carried under surveillance like Bank affairs, Research works, Enterprise projects etc. In this case, there is threat of capturing the confidential password of a user through surveillance cameras. Thesepasswords can also be captured through human surveillance (i.e. keen human observation) as well as a malicious program that run in background without user's knowledge. Serious problem arises if these confidential credentials go into wrong hands.Just typing the password in form of hidden characters does not avoid this problem. For this purpose, a security system has to be used that willprovide privacy to passwordseven under surveillance. Time based dynamic password system (TBDP) provides privacy to the user's login credentials by accepting varying password time to time. Password at particular time can't be accepted later.Users will be given privilege to define their own transformation logic using clock values that generates a time dependant password from a constant string (i.e. basic password declared by user).Here, transformation logic is based on variable insertion technique.At the time of login, users estimate their current password by collaborating the basic password and transformation logic defined over it and tries to login the system with those estimated credentials. Simultaneously, authentication system generates time varying password from Basic password and Transformation logic defined by user. Access is granted if the credentials are found to be valid at that time.In this way, this password system provides privacy to login credentials even under surveillance.

Published

2015

9. Mitigating Vulnerabilities in 3-Factor based Authentication

Author

Irfan Siddavatam and Yogita Borse

Subjects

Password, Challenge-Handshake Authentication Protocol, Password policy, User authentication, Authentication, Cognitive password, computer.internet_protocol, Computer science, business.industry, Multi-factor authentication, Computer security, computer.software_genre, One-time password, Chip Authentication Program, Password strength, S/KEY, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, 3-D Secure, Authentication protocol, HMAC-based One-time Password Algorithm, Smart card, Challenge–response authentication, business, computer, Data Authentication Algorithm

Abstract

Remote user authentication schemes are use to identify a user in the distributed environment. There are three different factors commonly use for authentication purpose named as password, smart card and biometric. It is been observed that authentication protocols designed till date are based on password. Normally, password is used as a first authentication factor, where as other two factors are included according to the level of security requirements. In this paper, analysis of 3-factor based protocols is done on the basis of wrong password input and stolen smart card vulnerabilities. Paper also suggest the improvements to control these vulnerabilities.

Published

2013

10. Password Authentication System using New Intense Secure Algorithm in Mobile and Server in Two way Communications

Author

G. Anusooya Devi, B. ShanmugaSundari, and S. Shahina

Subjects

Password, Password policy, Authentication, computer.internet_protocol, Computer science, Login, Computer security, computer.software_genre, One-time password, Password strength, S/KEY, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Password authentication protocol, Challenge–response authentication, computer, Data Authentication Algorithm

Abstract

Authentication is the first line of defense against compromising confidentiality and integrity Traditional login password may not be used in every scenario its occurred lots of attacks. As an alternative PAST were introduced. In this paper introduce a framework of our proposed in two different verification code system were introduced.

Published

2013

11. Enhanced Authentication Scheme using Password Integrated Challenge Response Protocol

Author

Shweta Rastogi, Nitesh Rastogi, and Avinav Pathak

Subjects

Password, Challenge-Handshake Authentication Protocol, Password policy, Authentication, Otway–Rees protocol, business.industry, Computer science, Challenge response protocol, Access control, Multi-factor authentication, Computer security, computer.software_genre, NTLMSSP, Chip Authentication Program, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Internet Authentication Service, Authentication protocol, Lightweight Extensible Authentication Protocol, Challenge–response authentication, business, computer, Data Authentication Algorithm, Computer network

Abstract

Authentication is a process by which both the sender and receiver check and identify the validcommunicative partners prior to initialization of message exchange. Authentication is a security module which is defined at the time of starting of communication between the two communicating entities such as client and server due to the unlimited amount of insecure and malicious intruders it becomes significant to protect the network communication. The protocols are used here for initializing the valid keys and passwords for communicating with the devices. Here we are proposing a new and more secured authentication scheme based on unique identification of every pair of client and server which have entered communication on a global network. This method enhances the present security scenario by diminishing the replay, modification attacks as well as server eavesdropping. This method also enhances the efficiency, integrity, reliability and security in authentication process.

Published

2013

12. User Authentication using Musical Password

Author

Naveen Kumar

Subjects

Password, Password policy, Zero-knowledge password proof, Authentication, Dictionary attack, Cognitive password, Computer science, Hash function, Password cracking, Computer security, computer.software_genre, One-time password, S/KEY, Password strength, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Brute-force attack, Shoulder surfing, Key (lock), computer, Password psychology

Abstract

Computers, Mobile and other handheld devices depend largely on passwords mechanism to identify and authenticate users. Typically, passwords are strings of characters and digits. Alphanumeric passwords are convoluted to remember for users because a safe password should be long and arbitrary, however users pick short, simple, and insecure passwords. Different solutions have been proposed to aim to make passwords more memorable and easier for users to use and, for this reason, it is more secure. In this paper, we propose a new user authentication scheme, based on the principle that the music, melody can all aid memory. In this scheme the simulation of Piano instrument is implemented for proof of concept. User creates the music using the keys of Piano simulation, which will be stored as user password in the secure database. Each key selection of piano can be associated with a unique secret code, the combination of these codes are actually stored in the database after hashing, which will be tested at the time of user authentication. The proposed scheme is highly memorable, defiant to brute force attacks and dictionary attack, protected from shoulder surfing attacks and from spywares tracking. This combination of security and usability will be a focus for users to choose this scheme for their web, computer and mobile passwords. Keyword: Security, User Authentication, usability, memorability, Password, Musical Password.

Published

2012

13. Dynamic Mobile Token for Web Security using MD5 and One Time Password Method

Author

Gusti Made Arya Sasmita, I. GedeN. AgungJayarana, and A. A. Kt. Agung Cahyawan

Subjects

Password, Password policy, Computer science, business.industry, Software token, Login session, Computer security, computer.software_genre, Security token, Internet security, One-time password, Mobile phone, Mobile search, business, computer, Computer network

Abstract

websites have been converted from just a display of information into an online transaction in the form of goods, services, or money. With that development, the security of the website is also need to be tightened, not just rely on usernames and passwords but also to the dynamic code of the mobile token which is difficult to be cracked (1). Dynamic mobile token is an application which is planted in the mobile phone to generate a code that was formed by the method of one time password and can only be used for one login session or transaction. Each mobile token has a value in the "secret" variable that makes it unique or different from the others, to separate one user access transactions or personal page.

Published

2012

14. Minimum Space and Huge Security in 3D Password Scheme

Author

Author Dr.Ghungrad.S.B and Prof. Sonkar S.K

Subjects

Password, Password policy, Zero-knowledge password proof, Authentication, Cognitive password, Computer science, Salt (cryptography), Key space, Password cracking, Multi-factor authentication, Computer security, computer.software_genre, One-time password, Password strength, S/KEY, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Rainbow table, Key stretching, Syskey, Challenge–response authentication, Password psychology, computer

Abstract

D password is a multifactor authentication scheme. For the authentication, it is require to presents a 3-D virtual environment where the user navigates and interacts with various objects. The sequence of actions and interactions toward the objects inside the 3-D environment constructs the user's 3-D password. The 3-D password can combine most existing authentication schemes such as textual passwords, graphical passwords, and various types of biometrics into a 3- D virtual environment. The design of the 3-D virtual environment and the type of objects selected determine the 3- D password key space. As per the reference(1) the author tells that the resulting 3D password space is very huge. In this paper we shows that the space is reduced and increase the security.

Published

2011

15. Evaluation of a usable Hybrid Authentication System

Author

O Ayannuga Olanrewaju, T Akinwale Adio, and Folorunso Olusegun

Subjects

Password, Password policy, Zero-knowledge password proof, Authentication, Cognitive password, Computer science, Password cracking, Computer security, computer.software_genre, One-time password, Password strength, S/KEY, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Authentication protocol, Challenge–response authentication, computer

Abstract

increase in the use of automated systems has brought about an increase in the amount of personal information in electronic form; and as a result there is need for confidentiality. A good system must be able to identify "who" is accessing "what". Several authentication systems use password (text) as an authentication means while in modern computing, graphical password is beginning to gain ground due to its advantage in the area of usability. This paper studies graphical password with the view of merging its strength with the strengths of text password to produce what is known as a hybrid authentication system.

Published

2011

16. Provable Secured Hash Password Authentication

Author

T.S. Thangavel and A. Krishnan

Subjects

Zero-knowledge password proof, Computer science, computer.internet_protocol, Salt (cryptography), Hash function, Crypt, Encryption, Computer security, computer.software_genre, One-time password, S/KEY, Password strength, Pseudorandom function family, SHA-2, Cryptographic hash function, Key stretching, Key derivation function, Password authentication protocol, Password psychology, Hacker, Password, Password policy, Cognitive password, business.industry, Pass the hash, Password cracking, Plaintext, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Rainbow table, Hash chain, Challenge–response authentication, business, computer, Computer network

Abstract

techniques such as secured socket layer (SSL) with client- side certificates are well known in the security research community, most commercial web sites rely on a relatively weak form of password authentication, the browser simply sends a user"s plaintext password to a remote web server, often using SSL. Even when used over an encrypted connection, this form of password authentication is vulnerable to attack. In common password attacks, hackers exploit the fact that web users often use the same password at many different sites. This allows hackers to break into a low security site that simply stores username/passwords in the clear and use the retrieved passwords at a high security site. While password authentication could be abandoned in favor of hardware tokens or client certificates, both options are difficult to adopt because of the cost and inconvenience of hardware tokens and the overhead of managing client certificates. Recently, some collisions have been exposed for a variety of cryptographic hash functions including some of the most widely used today. Many other hash functions using similar constructions can however still be considered secure. Nevertheless, this has drawn attention on the need for new hash function designs. This work developed an improved secure hash function, whose security is directly related to the syndrome decoding problem from the theory of error-correcting codes. The proposal design and develop a user interface, and implementation of a browser extension, password hash, that strengthens web password authentication. Providing customized passwords, can reduce the threat of password attacks with no server changes and little or no change to the user experience. The proposed techniques are designed to transparently provide novice users with the benefits of password practices that are otherwise only feasible for security experts. Experimentation are done with Internet Explorer and Fire fox implementations and report the result of initial user. The hash is implemented using a Pseudo Random Function keyed by the password. Since the hash output is tailored to meet server password requirements, the resulting hashed password is handled normally at the server with no server modifications are required. This technique deters password phishing since the password received at a phishing site is not useful at any other domain. The cryptographic hash makes it difficult to compute hash(pwd,dom2) from hash(pwd,dom1) for any domain dom2 distinct from dom1. For the same reason, passwords gathered by breaking into a low security site are not useful at any other site. The hash attack is always exponential in terms of the length of the hash value. We also study the work-factor of this attack, along with other attacks from coding theory, for non asymptotic range, i.e. for practical values. Accordingly, we propose a few sets of parameters giving a good security and either a faster hashing or a shorter description for the function.

Published

2010

17. User Authentication by Secured Graphical Password Implementation

Author

Shashank K. Singh, Niraj Satnalika, and Ankesh Khandelwal

Subjects

Challenge-Handshake Authentication Protocol, Password, Password policy, User authentication, Authentication, computer.internet_protocol, Computer science, Password cracking, Multi-factor authentication, Computer security, computer.software_genre, One-time password, Password strength, S/KEY, World Wide Web, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Authentication protocol, HMAC-based One-time Password Algorithm, Challenge–response authentication, computer

Abstract

For the vast majority of computer systems, passwords are the method of choice for authenticating users. The most widely and commonly used authentication is traditional “Username” and “Password”. For such authentication generally text (alphanumeric) is used. It is wellknown, however, that passwords are susceptible to attack: users tend to choose passwords that are easy to remember, and often this means that they are also easy for an attacker to obtain by searching for candidate passwords. On the other hand, if a password is hard, then it is often hard to remember. Keeping these things in mind we propose a novel, innovative and more secure way of selecting passwords: Graphical Passwords. In this paper we explore an approach to user authentication that generalizes the notion of a textual password and that, in many cases, improves the security of user authentication over that provided by textual passwords. We design and analyze graphical passwords, which can be input by the user to any device with a graphical input interface. We also try to answer two most important questions: “Are graphical passwords as secure and easy to use as text-based passwords”? “Major design and implementation issues for graphical passwords”? Ankesh Khandelwal Department of Information Technology and Engineering Heritage Institute of Technology, Anandapur, Kolkata -700107, India Shashank Singh Department of Computer Science and Engineering Heritage Institute of Technology, Anandapur, Kolkata -700107, India Niraj Satnalika Department of Instrumentation and Engineering Heritage Institute of Technology, Anandapur, Kolkata -700107, India The full text of the article is not available in the cache. Kindly refer the IJCA digital library at www.ijcaonline.org for the complete article. In case, you face problems while downloading the full-text, please send a mail to editor at editor@ijcaonline.org

Published

2010