Your search keyword '"Samrat Mondal"' showing total 39 results

1. Exploiting similarities across multiple dimensions for author name disambiguation

Author

Joydeep Chandra, Samrat Mondal, and K. M. Pooja

Subjects

Computer science, business.industry, media_common.quotation_subject, General Social Sciences, Ambiguity, Library and Information Sciences, computer.software_genre, Computer Science Applications, Margin (machine learning), Metric (mathematics), Pairwise comparison, Artificial intelligence, Cluster analysis, Representation (mathematics), business, Feature learning, computer, Natural language processing, media_common, Statistical hypothesis testing

Abstract

In bibliometric analysis, ambiguity in author names may lead to erroneous aggregation of records. The author name disambiguation techniques attempt to address this issue by attributing records to the corresponding author. The name disambiguation has been widely studied as a clustering task. However, maintaining consistent accuracy levels over datasets is still a major challenge. Recent efforts have witnessed the use of representation learning based techniques to map the records to an embedding space that can be used to determine the clusters. However, some of these models that use supervised global embedding fail to generalize across different datasets, while others lag in the accuracy. In this paper, we propose a method that uses two independent relations among the documents-co-authorship and meta-content of document, to generate a latent representation of documents that is capable of generalizing over various datasets (consisting different sets of features). Through rigorous validation, we discover that the proposed approach outperforms several state-of-the-art methods by a significant margin in terms of standard measures like pairwise F1, K metric, and BF1 scores. Moreover, we have also validated the performance of our method with the statistical test.

Published

2021

2. On Designing a Lesser Obtrusive Authentication Protocol to Prevent Machine-Learning-Based Threats in Internet of Things

Author

Chengwen Luo, Fei Chen, Mamoun Alazab, Jianqiang Li, Samrat Mondal, Nilesh Chakraborty, Yi Pan, and Huihui Wang

Subjects

Password, 021110 strategic, defence & security studies, Authentication, Computer Networks and Communications, business.industry, Computer science, Node (networking), 0211 other engineering and technologies, Access control, Usability, 02 engineering and technology, Machine learning, computer.software_genre, Computer Science Applications, Hardware and Architecture, Authentication protocol, Signal Processing, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Artificial intelligence, State (computer science), business, computer, Protocol (object-oriented programming), Information Systems

Abstract

In the era of the Internet of Things (IoT), people access many applications through smartphones for controlling smart devices. Therefore, such a centralized node must follow a robust access control mechanism so that an intruder cannot control the connected devices. Recent reports suggest that password can be used as an authentication factor for accessing the smart setups. However, this static information can be compromised under the light of different machine learning (ML)-empowered attack mechanisms. Alarmingly, different sensors used in the IoT setup can also expose this static information to the adversaries. Password-based authentication that uses a challenge–response strategy is an effective solution for handling such threat scenarios. In this article, at first, we show that no existing usable challenge–response protocol is safe to be used in the public area network. Following this, we propose a challenge–response protocol that is more secure to use in the public domain. By using eight classifiers, we show that a learning-based threat specific to our protocol has a marginal impact on the method’s security standard. The discussion in this article also suggests that the proposed protocol has usability and security advantages compared to the existing state of the art (e.g., reduces the number of interactions between the user and verifier by a factor of 0.5).

Published

2021

3. Towards identifying and preventing behavioral side channel attack on recording attack resilient unaided authentication services

Author

Nilesh Chakraborty, Samrat Mondal, and Vijay S. Anand

Subjects

Authentication, General Computer Science, Computer science, 020206 networking & telecommunications, 02 engineering and technology, Login, Computer security, computer.software_genre, Threat model, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Side channel attack, Session (computer science), Law, computer

Abstract

Side channel attacks, based on the human behavior, have not received much attention in the domain of recording attack resilient unaided authentication services (RARUAS) that purely rely on human visual perception but not on hidden auxiliary channels. In this paper, for the first time, we have made an extensive analysis to show - how human behavior during the login can weaken the claimed security standard of RARUAS. We identify this threat as behavioral side channel attack. To make situation more alarming, our investigation revealed that the identified threat model is capable of reducing the claimed session resiliency of any RARUAS by a significant extent. For dealing with this threat model, the latter part of our proposal introduces a novel defense strategy that reduces attackers’ efficiency and improves the session resiliency. The subsequent study indicates that by nature of its design, the proposed defense strategy does not make any significant impact on the usability standard. To validate our claims, we have made a thorough experimental study to show that the proposed defense strategy is truly deployable in practice for improving the situation against the behavioral side channel attack.

Published

2019

4. Dispersion Ratio based Decision Tree Model for Classification

Author

Asif Ekbal, Samrat Mondal, Maunendra Sankar Desarkar, and Smita Roy

Subjects

0209 industrial biotechnology, Discretization, Computer science, General Engineering, Decision tree, 02 engineering and technology, computer.software_genre, Correlation ratio, Class (biology), Computer Science Applications, 020901 industrial engineering & automation, Artificial Intelligence, 0202 electrical engineering, electronic engineering, information engineering, Benchmark (computing), Information gain ratio, 020201 artificial intelligence & image processing, Statistical dispersion, Data mining, computer, Decision tree model

Abstract

In predictive tasks like classification, Information Gain (IG) based Decision Tree is very popularly used. However, IG method has some inherent problems like its preference towards choosing attributes with higher number of distinct values as the splitting attribute in case of nominal attributes and another problem is associated with imbalanced datasets. Most of the real-world datasets have many nominal attributes, and those nominal attributes may have many number of distinct values. In this paper, we have tried to point out these characteristics of the datasets while discussing the performance of our proposed approach. Our approach is a variant of the traditional Decision Tree model and uses a new technique called Dispersion_Ratio, a modification of existing Correlation Ratio (CR) method. The whole approach is divided into two phases - firstly, the dataset is discretised using a discretization module and secondly, the preprocessed dataset is used to build a Dispersion Ratio based Decision Tree model. The proposed method does not prefer the attributes with many unique values and indifferent about class distribution. It performs better than previously proposed CR based Decision Tree (CRDT) Model since an efficient discretization module has been added with it. We have evaluated the performance of our approach on some benchmark datasets from various domains to demonstrate the effectiveness of the proposed technique and also compared our model with Information Gain, Gain Ratio and Gini Index based models. Result shows that the proposed model outperforms other models in majority of the cases that we have considered in our experiment.

Published

2019

5. Towards incorporating honeywords in n‐session recording attack resilient unaided authentication services

Author

Nilesh Chakraborty and Samrat Mondal

Subjects

Password, Authentication, Computer Networks and Communications, business.industry, Computer science, 020206 networking & telecommunications, Cryptography, 0102 computer and information sciences, 02 engineering and technology, Login, Computer security, computer.software_genre, 01 natural sciences, 010201 computation theory & mathematics, 0202 electrical engineering, electronic engineering, information engineering, Key derivation function, Message authentication code, business, computer, Software, Countermeasure (computer), Server-side, Information Systems

Abstract

Unaided authentication services provide the flexibility to login without being dependent on any external hardware. n-Session recording attack resilient unaided authentication services (n-SRRUASs) are known for setting high security standards against different client side threats. However, because of their authentication procedure, the authors have identified that these services cope poorly with handling the server side issues. Though modern days' research heavily depends on the honeywords (or fake passwords) as a countermeasure of server side threats, they have shown that the honeywords cannot be directly applied to n-SRRUAS. The authors' analysis shows that the idea of incorporating the honeywords directly into an n-SRRUAS is particularly difficult as it prevents the system from storing passwords after applying password-based key derivation function or in the form of a hashed string. In this study, they have proposed few generic principles for incorporating the honeywords into n-SRRUAS and show that the proposed principles are sufficient for incorporating the honeywords into any n-SRRUAS. Furthermore, with the help of an existing n-SRRUAS, they have shown that the proposed idea is truly implementable in practice to fill the existing gap.

Published

2019

6. On Overcoming the Identified Limitations of a Usable PIN Entry Method

Author

Jianqiang Li, Samrat Mondal, Fei Chen, Yi Pan, and Nilesh Chakraborty

Subjects

General Computer Science, Computer science, observation-attack, 02 engineering and technology, Computer security, computer.software_genre, Login, USable, Password strength, Personal identification number, 0202 electrical engineering, electronic engineering, information engineering, General Materials Science, Protocol (object-oriented programming), Authentication, key-logger-attack, General Engineering, PIN, 020206 networking & telecommunications, defense, Identification (information), human-intelligence-factor, 020201 artificial intelligence & image processing, lcsh:Electrical engineering. Electronics. Nuclear engineering, lcsh:TK1-9971, computer

Abstract

In the domain of password security, research has made significant progress in handling different kinds of threats which require human intelligence factor to fix the vulnerabilities. In spite of having strong theoretical establishments, most of these defense mechanisms cannot be used in practice as humans have limitations in processing complex information. The little bit of good news is that very few research proposals in this field have shown the promises to be deployable in practice. This paper focuses on such one method - proposed by Roth et al. back in 2004, which provides adequate user-friendliness to enter Personal Identification Number (PIN) securely in the presence of human shoulder surfers. Surprisingly, the background algorithm of this method for validating users’ responses runs in linear time on a search space of cardinality 5 and hence, the validation process does not put much load on the authenticating device. Therefore, such human identification protocol can also be integrated into the IoT infrastructure for conducting a more secured login from the client-side. Having such advantages, though remained secure for almost ten years after its release in 2004, recently, few proposals revealed some serious vulnerable aspects of the Roth et al. ’s proposal. In this paper, we have taken an attempt to save this user-friendly form of authentication. Firstly, we have made a critical discussion on the importance of the targeted PIN entry method in the domain of usable security and then given a brief overview of the identified limitations of this protocol. Followed by this, a few initiatives have been taken to fix the identified vulnerabilities of Roth et al. ’s proposal by revising its working principle, while the login procedure and the usability standard of this method stay unaffected.

Published

2019

7. On designing a modified-UI based honeyword generation approach for overcoming the existing limitations

Author

Nilesh Chakraborty and Samrat Mondal

Subjects

Password, 021110 strategic, defence & security studies, Authentication, General Computer Science, Computer science, 0211 other engineering and technologies, Password cracking, 02 engineering and technology, Computer security, computer.software_genre, One-time password, Password strength, Computer engineering, Authentication protocol, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Challenge–response authentication, Law, computer

Abstract

Inverting hashed passwords by performing brute force computation is one of the latest security threats on password based authentication technique. New technologies are being developed for reducing complexity of brute force computation and these increase the success rate of inversion attack. Honeyword base authentication protocol can successfully mitigate this threat by making password cracking detectable. However, existing honeyword based methods have several limitations likeMultiple System Vulnerability, Weak DoS Resistivity, Storage Overhead, etc. In this paper, we have proposed a new modified-UI based honeyword generation approach, identified as Paired Distance Protocol (PDP), which overcomes most of the drawbacks of previously proposed honeyword generation approaches. The comprehensive analysis shows that PDP not only attains a high detection rate of 97.23%, but also reduces the storage overhead to a great extent.

Published

2017

8. GAEMTBD: Genetic algorithm based entity matching techniques for bibliographic databases

Author

Samrat Mondal, Sumit Mishra, and Sriparna Saha

Subjects

Matching (statistics), Information retrieval, Database, Computer science, 02 engineering and technology, Digital library, computer.software_genre, Field (computer science), Bibliographic database, Artificial Intelligence, 020204 information systems, Genetic algorithm, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), 020201 artificial intelligence & image processing, Data mining, computer

Abstract

Entity matching is to map the records in a database to their corresponding entities. It is a well-known problem in the field of database and artificial intelligence. In digital libraries such as DBLP, ArnetMiner, Google Scholar, Scopus, Web of Science, AllMusic, IMDB, etc., some of the attributes may evolve over time, i.e., they change their values at different instants of time. For example, affiliation and email-id of an author in bibliographic databases which maintain publication details of various authors like DBLP, ArnetMiner, etc. may change their values. A taxpayer can change his or her address over time. Sometimes people change their surnames due to marriage. When a database contains records of these natures and the number of records grows beyond a limit, then it becomes really challenging to identify which records belong to which entity due to the lack of a proper key. In the current paper, the problem of automatic partitioning of records is posed as an optimization problem. Thereafter, a genetic algorithm based automatic technique is proposed to solve the entity matching problem. The proposed approach is able to automatically determine the number of partitions available in a bibliographic dataset. A comparative analysis with the two existing systems – DBLP and ArnetMiner, over sixteen bibliographic datasets proves the efficacy of the proposed approach.

Published

2017

9. A Many Objective Optimization Based Entity Matching Framework for Bibliographic Database

Author

Samrat Mondal, Sriparna Saha, and Sumit Mishra

Subjects

Matching (statistics), Linear programming, 05 social sciences, Sorting, 02 engineering and technology, 050905 science studies, computer.software_genre, Multi-objective optimization, Set (abstract data type), Bibliographic database, Complete information, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Data mining, 0509 other social sciences, Cluster analysis, computer

Abstract

Entity matching aims at mapping records to different entities where records share the common entity name. The entity matching problem is challenging because several times records do not contain complete information (many of the attributes are missing), unequal distribution of records for different entities, big overlaps between records of different entities. In this paper, we have proposed an unsupervised framework to solve this problem. The aforementioned problem is posed as a partitioning problem. Three unknown artifacts for solving this partitioning problem: optimal partitioning including the optimal number of partitions, suitable distance measure which can be utilized to measure the distance between records and a set of attributes/features which can take part in the distance calculation, are determined automatically using the search capability of a multiobjective optimization technique. Several objective functions which help in measuring the goodness of partitioning are optimized simultaneously by some popular multiobjective optimization techniques, NSGA-II/NSGA-III (Non-dominated Sorting Genetic Algorithm-II/III) to solve the partitioning problem. Total 247 combinations of eight different objective functions are used in the experiments for partitioning fourteen bibliographic datasets. A detailed comparative study of the proposed approach using NSGA-II and NSGA-III.

Published

2019

10. Towards Predicting Risk of Coronary Artery Disease from Semi-Structured Dataset

Author

Shubham Chattopadhyay, Smita Roy, Samrat Mondal, Maunendra Sankar Desarkar, and Asif Ekbal

Subjects

Computer science, Decision tree, Health Informatics, CAD, Feature selection, Coronary Artery Disease, Machine learning, computer.software_genre, General Biochemistry, Genetics and Molecular Biology, Domain (software engineering), Set (abstract data type), Coronary artery disease, 03 medical and health sciences, medicine, Humans, 030304 developmental biology, 0303 health sciences, business.industry, 030302 biochemistry & molecular biology, medicine.disease, Computer Science Applications, Support vector machine, Homogeneous, Artificial intelligence, business, computer, Algorithms

Abstract

Many kinds of disease-related data are now available and researchers are constantly attempting to mine useful information out of these. Medical data are not always homogeneous and in structured form, and mostly they are time-stamped data. Thus, special care is required to prevent any kind of information loss during mining such data. Mining medical data is challenging as predicting the non-accurate result is often not acceptable in this domain. In this paper, we have analyzed a partially annotated coronary artery disease (CAD) dataset which was originally in a semi-structured form. We have created a set of some well-defined features from the dataset, and then build predictive models for CAD risk identification using different supervised learning algorithms. We then further enhanced the performances of the models using a feature selection technique. Experiments show that results are quite interesting, and are expected to help medical practitioners for investigating CAD risk in patients.

Published

2019

11. A multiobjective optimization based entity matching technique for bibliographic databases

Author

Samrat Mondal, Sumit Mishra, and Sriparna Saha

Subjects

Information retrieval, Database, Computer science, Feature vector, General Engineering, 02 engineering and technology, computer.software_genre, Multi-objective optimization, Distance measures, Computer Science Applications, Bibliographic database, Artificial Intelligence, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Data mining, Cluster analysis, computer, Classifier (UML)

Abstract

Multiobjective based solution framework for entity matching.Bibliographic database is used.Automatic determination of number of clusters and partitions.New encoding strategy, new mutation operators are explored.Several distance measures and cluster validity indices are used. With the increasing use of on-line resources, the size of the bibliographic database is growing day by day. The available huge amount of data belong to various entities. It is difficult to automatically identify the records which belong to a particular entity. Mapping the records to the corresponding entity is termed as the entity matching problem. In bibliographic database many attributes change over time. For example - affiliation of an author changes frequently. Many authors generally use different email-ids. The names of co-authors also change with time. All these aspects have made the entity matching problem challenging. Generally an entity matching task is carried out by constructing a feature vector to represent a record, then a classifier is trained to classify each feature vector. But for bibliographic database it is very difficult and time consuming to generate some manually annotated labeled data to train a classifier. Inspired by this observation, we have proposed an unsupervised approach for entity matching problem using non-dominated sorting genetic algorithm-II (NSGA-II). A new encoding strategy is used to encode the clusters in the form of a chromosome. New mutation and crossover operators are proposed which are suitable for bibliographic data clustering. Different distance measures are used to measure the dissimilarities between records. Finally, solutions are evolved using the search capability of NSGA-II. Experimental evaluations are carried out with 247 different combinations of eight objective functions for eight different bibliographic datasets. A comparative analysis with two existing systems - DBLP and ArnetMiner, shows that the proposed technique can produce better results in many cases.

Published

2016

12. On Designing a Questionnaire Based Honeyword Generation Approach for Achieving Flatness

Author

Shreya Singh, Samrat Mondal, and Nilesh Chakraborty

Subjects

Password, 021110 strategic, defence & security studies, Computer science, Flatness (systems theory), 0211 other engineering and technologies, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, 02 engineering and technology, Security community, Computer security, computer.software_genre, computer

Abstract

Honeyword (or fake password) based authentication technique has become a well-established security mechanism for protecting the original password from the server-side attack. However, there are few underlying issues associated with this technique which are still a matter of concern for the security community. Achieving flatness or producing honeywords that are equally likely to the original password is one such major concern that requires further attention. Though recent studies have made significant efforts to meet this flatness criterion, our analysis shows that they still fall short to address this issue. In this paper, at first, we have made a detailed investigation to define the basic properties for achieving flatness. Followed by this, we have proposed a questionnaire-based authentication technique which can generate significantly flatter list of honeywords compared to existing state-of-the-art. Further study reveals that the proposed technique passes the other essential evaluation criteria of honeyword based authentication technique with flying colors.

Published

2018

13. MobSecure: A Shoulder Surfing Safe Login Approach Implemented on Mobile Device

Author

Kuntal Das, Samrat Mondal, Gurpinder Singh Randhawa, and Nilesh Chakraborty

Subjects

Computer science, Mobile device, 02 engineering and technology, Computer security, computer.software_genre, 01 natural sciences, One-time password, S/KEY, Password, Shoulder surfing, 0202 electrical engineering, electronic engineering, information engineering, 0101 mathematics, General Environmental Science, Password policy, Authentication, 010102 general mathematics, 020206 networking & telecommunications, Usability, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Shoulder surfing attack, Security, Key (cryptography), General Earth and Planetary Sciences, Challenge–response authentication, computer

Abstract

Shoulder surfing attack is a great threat on password based authentication technique. As today's world has seen a rapid growth of mobile users thus, latest methodologies which are developed to address this attack preferably should support mobile users. In this paper we have proposed a new shoulder surfing resilient technique, MobSecure, which is designed to be used in smartphone and acts in a partially observable environment (where an auxiliary device is required for authentication). Additionally the proposed method is also capable of avoiding recording based attack for infinite number of authentication sessions. Allowing alphanumeric characters as password is one of the key properties of the proposed scheme here. Finally, we show that MobSecure attains highest security standard with moderate usability scores compared to existing partially observable approaches.

Published

2016

14. Towards Improving Storage Cost and Security Features of Honeyword Based Approaches

Author

Nilesh Chakraborty and Samrat Mondal

Subjects

Honeyword, Storage Cost, Zero-knowledge password proof, Computer science, 0211 other engineering and technologies, 02 engineering and technology, Computer security, computer.software_genre, One-time password, Password strength, S/KEY, Password, Attack model, Syskey, General Environmental Science, 021110 strategic, defence & security studies, Authentication, Plaintext, Adversary, Inversion Attack, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Rainbow table, Security, General Earth and Planetary Sciences, Challenge–response authentication, computer

Abstract

Password based authentication shows its vulnerability against inversion attack model in which adversary obtains plaintext password from its corresponding hashed value. To cope up with such attack, honeyword based authentication technique is introduced. In this technique, along with the original password of user, some dummy passwords or honeywords are also stored. Although this technique is good enough to address the aforementioned security breach, but use of additional storage to store the honeywords is still an overhead associated with such approach. In this paper, we have proposed few directions to minimize the storage cost of some of the existing honeyword generation approaches. We have even found that in some cases no additional storage overhead is required. A comparative analysis at the end also shows that the proposed techniques are able to raise some of the security features compared to existing honeyword generation approaches.

Published

2016

15. SGP: A Safe Graphical Password System Resisting Shoulder-Surfing Attack on Smartphones

Author

Madhu Kumari, Suryakanta Panda, and Samrat Mondal

Subjects

Password, 021110 strategic, defence & security studies, Authentication, Software_OPERATINGSYSTEMS, Shoulder surfing attack, Alphanumeric, Computer science, 0211 other engineering and technologies, Process (computing), 02 engineering and technology, Login, Computer security, computer.software_genre, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Session (computer science), Mobile device, computer

Abstract

Graphical passwords have been taken as a potential alternative to alphanumeric passwords. Graphical password based authentication is widely used in many applications for system security and privacy. It increases ease of password use i.e., memorability of the password. With the rapid development of mobile devices, graphical passwords have already been implemented on smartphones. However, shoulder-surfing attack is a major threat to the security of graphical password systems. To overcome this problem, we proposed a novel graphical password authentication system, SGP. SGP uses a pattern of digits for the input of graphical password images. This pattern changes the position of input images in each authentication session. SGP prevents shoulder-surfing attacker to derive which password images are used by the user, even if the attacker records a complete login process. SGP does not use any secondary channels to resist shoulder-surfing attack.

Published

2018

16. drPass: A Dynamic and Reusable Password Generator Protocol

Author

Suryakanta Panda and Samrat Mondal

Subjects

Password, Scheme (programming language), 021110 strategic, defence & security studies, Authentication, Software_OPERATINGSYSTEMS, Alphanumeric, Computer science, 0211 other engineering and technologies, 02 engineering and technology, Reuse, Computer security, computer.software_genre, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Brute-force attack, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, computer, Protocol (object-oriented programming), computer.programming_language, Generator (mathematics)

Abstract

In general, alphanumeric passwords are used for authentication due to its simplicity and deployability. Strong and distinct alphanumeric passwords are inconvenient to memorize. So, users often pick weak passwords and reuse them. Also, users employ some simple tricks to derive passwords from a basic one. However, such weak and easy to derive passwords could not provide sufficient strength to protect users confidential resources. These passwords reduce the work of attackers to a great extent. Although the strong and distinct passwords reduce brute force attack, they are prone to theft and are often compromised under different vulnerabilities. Thus, by compromising one password, an attacker may gain access to other web-accounts where identical or similar passwords are used by the same user. In this paper, we propose drPass, a dynamic and reusable password generating protocol that generates high entropy passwords and thwarts various password stealing attacks. The proposed drPass scheme does not require any server-side change of existing websites for its implementation. It reduces the memory burden on users and also helps users to generate and maintain highly secure, distinct passwords for each site.

Published

2018

17. Unsupervised method to ensemble results of multiple clustering solutions for bibliographic data

Author

Sumit Mishra, Sripama Saha, and Samrat Mondal

Subjects

0209 industrial biotechnology, Mathematical optimization, Linear programming, Pareto principle, 02 engineering and technology, computer.software_genre, Multi-objective optimization, Electronic mail, Set (abstract data type), 020901 industrial engineering & automation, Goal programming, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Data mining, Cluster analysis, computer, Selection (genetic algorithm), Mathematics

Abstract

Multiobjective optimization refers to optimization of multiple conflicting objective functions simultaneously. Clustering problem is often formulated as a multiobjective optimization problem where multiple cluster quality measures are simultaneously optimized and Pareto based approaches are popular in solving that Pareto based approaches yield a set of solutions known as Pareto front where all the solutions are non-dominated with respect to each other. A single solution is selected by the decision maker according to his/her preference. But when the number of non-dominated solutions is large in number, then it is difficult for the decision maker to choose the one solution. The selection of a solution from the given Pareto front is known as Post-Pareto optimality analysis. In the past many approaches were proposed for solving the aforementioned problem, but most of these involve the decision maker. In this paper, we have proposed an approach to obtain a single solution from a set of non-dominated solutions by combining these solutions without the intervention of the decision maker. We have evaluated our approach on the set of solutions obtained after application of a newly developed multiobjective based clustering technique on bibliographic databases like DBLR.

Published

2017

18. SG-PASS: A Safe Graphical Password Scheme to Resist Shoulder Surfing and Spyware Attack

Author

Suryakanta Panda and Samrat Mondal

Subjects

Password, 021110 strategic, defence & security studies, User authentication, Software_OPERATINGSYSTEMS, Alphanumeric, Computer science, 05 social sciences, 0211 other engineering and technologies, Direct observation, 02 engineering and technology, Challenge response, Computer security, computer.software_genre, Password strength, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Shoulder surfing, 050501 criminology, computer, 0505 law

Abstract

In general, it is difficult to remember a strong password i.e. a long and random password. So, the common tendency of a user is to select a weak alphanumeric password that is easy to remember. But the password which is easy to remember is also easy to predict. In contrast, the password that is very difficult to predict or requires more computation to break is also difficult to remember. To overcome this limitation of creating secure and memorable passwords, researchers have developed graphical password scheme which takes images as passwords rather than alphanumeric characters. But graphical password schemes are vulnerable to shoulder-surfing attack where an attacker can capture a password by direct observation. In this paper a graphical password scheme, namely SG-PASS is proposed which can prevent the shoulder-surfing attack by a human observer and also spyware attack, using a challenge response method.

Published

2017

19. CRDT: Correlation Ratio Based Decision Tree Model for Healthcare Data Mining

Author

Samrat Mondal, Asif Ekbal, Maunendra Sankar Desarkar, and Smita Roy

Subjects

0301 basic medicine, Focus (computing), Computer science, Decision tree, 02 engineering and technology, Correlation ratio, computer.software_genre, 03 medical and health sciences, 030104 developmental biology, Scalability, 0202 electrical engineering, electronic engineering, information engineering, Benchmark (computing), 020201 artificial intelligence & image processing, Data mining, Information gain, Healthcare data, computer, Decision tree model

Abstract

The phenomenal growth in the healthcare data has inspired us in investigating robust and scalable models for data mining. For classification problems Information Gain(IG) based Decision Tree is one of the popular choices. However, depending upon the nature of the dataset, IG based Decision Tree may not always perform well as it prefers the attribute with more number of distinct values as the splitting attribute. Healthcare datasets generally have many attributes and each attribute generally has many distinct values. In this paper, we have tried to focus on this characteristics of the datasets while analysing the performance of our proposed approach which is a variant of Decision Tree model and uses the concept of Correlation Ratio(CR). Unlike IG based approach, this CR based approach has no biasness towards the attribute with more number of distinct values. We have applied our model on some benchmark healthcare datasets to show the effectiveness of the proposed technique.

Published

2016

20. On Designing Leakage-Resilient Vibration Based Authentication Techniques

Author

Samrat Mondal, Gurpinder Singh Randhawa, S. Vijay Anand, and Nilesh Chakraborty

Subjects

021110 strategic, defence & security studies, Shoulder surfing attack, Computer science, business.industry, 0211 other engineering and technologies, Usability, 02 engineering and technology, Adversary, Computer security, computer.software_genre, Vibration based, Shoulder surfing, Information leakage, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Mobile telephony, business, computer, Leakage (electronics)

Abstract

To prevent shoulder surfing attack, a secured channel between the device and user must be established so that it cannot be eavesdropped by an adversary. In this paper we have explored vibration signals to design authentication services namely - (a) VDLS and (b) M-VDLS to resist shoulder surfing attack. The use of vibration provides a key strength to bypass the threat of shoulder surfing without using any auxiliary device. Thus, proposed schemes in this paper avail aforementioned advantage to address the attack. While VDLS attains very high security standard compared to existing approaches, M-VDLS ensures high usability standard to avoid the attack in mobile environment. Both these approaches are also capable of providing solution against classical shoulder surfing attack without any information leakage. Finally, we show that required overheads of proposed approaches are reasonable in practice and outperform the existing approaches in terms of security and usability.

Published

2016

21. An automatic framework for entity matching in bibliographic databases

Author

Sumit Mishra, Sriparna Saha, and Samrat Mondal

Subjects

Matching (statistics), Measure (data warehouse), Information retrieval, Database, Computer science, 02 engineering and technology, computer.software_genre, Distance measures, Electronic mail, Medoid, Data set, Set (abstract data type), Bibliographic database, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Data mining, computer

Abstract

Entity matching is to map the records to the corresponding entity. It is a well known problem studied by many researchers over the last few years. In bibliographic database, the data evolve over time. For example, the email id of an author in DBLP and ArnetMiner which are two bibliographic databases changes with time. Authors also keep on changing their affiliations. The set of authors with whom they work also changes with time. These types of variations make the entity matching task more difficult. In this paper, we have addressed this problem and proposed the nondominated sorting genetic algorithm-II (NSGA-II) based solution framework. The dissimilarities between different records can be measured using various distance measures. One distance measure can be suitable for one data set while some other distance measure can be suitable for some other data sets. So selecting the appropriate distance measure is also difficult. To address this issue, this paper presents an automatic framework which selects the suitable distance measure along with the appropriate partitioning. To encode the partitions, medoid based encoding is used. Several new mutation operations are used to explore the search space efficiently. Silhouette Index along with Xie-Beni Index are optimized simultaneously during the experiments for three bibliographic data sets. The results of our approach are compared with two existing well known techniques, DBLP and ArnetMiner. From the results it is clear that our proposed approach performs well.

Published

2016

22. Security analysis of GTRBAC and its variants using model checking

Author

Shamik Sural, Vijayalakshmi Atluri, and Samrat Mondal

Subjects

Model checking, Security analysis, Computation tree logic, General Computer Science, Database, business.industry, Computer science, Distributed computing, Liveness, Access control, computer.software_genre, Safety property, Transition system, Role-based access control, business, Law, computer, Formal verification

Abstract

Security analysis is a formal verification technique to ascertain certain desirable guarantees on the access control policy specification. Given a set of access control policies, a general safety requirement in such a system is to determine whether a desirable property is satisfied in all the reachable states. Such an analysis calls for the use of formal verification techniques. While formal analysis on traditional Role Based Access Control (RBAC) has been done to some extent, recent extensions to RBAC lack such an analysis. In this paper, we consider the temporal RBAC extensions and propose a formal technique using timed automata to perform security analysis by analyzing both safety and liveness properties. Using safety properties one ensures that something bad never happens while liveness properties show that some good state is also achieved. GTRBAC is a well accepted generalized temporal RBAC model which can handle a wide range of temporal constraints while specifying different access control policies. Analysis of such a model involves a process of mapping a GTRBAC based system into a state transition system. Different reduction rules are proposed to simplify the modeling process depending upon the constraints supported by the system. The effect of different constraints on the modeling process is also studied.

Published

2011

23. Sensitivity - An Important Facet of Cluster Validation Process for Entity Matching Technique

Author

Sumit Mishra, Sriparna Saha, and Samrat Mondal

Subjects

Set (abstract data type), Measure (data warehouse), Matching (statistics), Property (programming), Process (computing), Identity matrix, Sensitivity (control systems), Data mining, computer.software_genre, Cluster analysis, computer, Mathematics

Abstract

Cluster validity measure is one of the important components of cluster validation process in which once a clustering arrangement is found, then it is compared with the actual clustering arrangement or gold standard if it is available. For this purpose, different external cluster validity measures VMs are available. However, all the measures are not equally good for some specific clustering problem. For example, in entity matching technique, F-measure is a preferably used VM than McNemar index as the former satisfies a given set of desirable properties for entity matching problem. But we have observed that even if all the existing desirable properties are satisfied, then also some of the important differences between two clustering arrangements are not detected by some VMs. Thus we propose to introduce another property, termed as sensitivity, which can be added to the desirable property set and can be used along with the existing set of properties for the cluster validation process. In this paper, the sensitivity property of a VM is formally introduced and then the value of sensitivity is computed using the proposed identity matrix based technique. A comprehensive analysis is made to compare some of the existing VMs and then the suitability of the VMs with respect to the entity matching technique is obtained. Thus, this paper helps to improve the performance of the cluster validation process.

Published

2016

24. SPOSS: Secure Pin-Based-Authentication Obviating Shoulder Surfing

Author

Ankit Maheshwari and Samrat Mondal

Subjects

Scheme (programming language), Password, Authentication, Computer science, business.industry, Usability, 02 engineering and technology, Login session, Computer security, computer.software_genre, Shoulder surfing, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Session (computer science), Resilience (network), business, computer, computer.programming_language

Abstract

Classical PIN based authentication schemes are susceptible to shoulder surfing attacks and hence attacker may obtain secret credentials of legitimate user very easily. Some of the existing schemes that provide resistance against shoulder surfing attacks either require multiple rounds for entering single digit or some have dependency on external hardware or some of the schemes require complex computation to be done mentally in order to enter the PIN. Another possible security threat could be stealing the credentials if password file is compromised. In this paper, we propose a new PIN entry mechanism known as SPOSS which provides resilience against not only human-based shoulder surfing but also against recording attack (for one session) in which attacker may impose a recording device like camera to record the whole login session for future reference. SPOSS also provides security against password file compromise attack. Additionally, user authentication can be ensured by single round only without doing any complex computation and without any dependency of external hardware. Experimental analysis shows that proposed scheme achieves a good balance between usability and security parameters.

Published

2016

25. Few notes towards making honeyword system more secure and usable

Author

Samrat Mondal and Nilesh Chakraborty

Subjects

Password, Authentication, Cognitive password, Brute-force attack, Computer science, Hash function, Key (cryptography), Preprocessor, USable, Computer security, computer.software_genre, computer

Abstract

Traditionally the passwords are stored in hashed format. However, if the password file is compromised then by using the brute force attack there is a high chance that the original passwords can be leaked. False passwords -- also known as honeywords, are used to protect the original passwords from such leak. A good honeyword system is dependent on effective honeyword generation techniques. In this paper, the risk and limitations of some of the existing honeyword generation techniques have been identified as different notes. Three concepts -- modified tails, close number formation and caps key are introduced to address the existing issues. The experimental analysis shows that the proposed techniques with some preprocessing can protect high percentage of passwords. Finally a comparative analysis is presented to show how the proposed approaches stand with respect to the existing honeyword generation approaches.

Published

2015

26. On Validation of Clustering Techniques for Bibliographic Databases

Author

Sumit Mishra, Sriparna Saha, and Samrat Mondal

Subjects

External validity, Information retrieval, Database, Computer science, Information system, Scopus, Internal validity, Data mining, Gold standard (test), Cluster analysis, computer.software_genre, computer

Abstract

In entity name disambiguation, performance evaluation of any approach is difficult. This is due to the fact that correct or actual results are often not known. Generally for evaluation purpose, three measures namely precision, recall and f-measure are used. They all are external validity indices because they need golden standard data. But in Bibliographic databases like DBLP, Arnetminer, Scopus, Web of Science, Google Scholar, etc., gold standard data is not easily available and it is very difficult to obtain this due to the overlapping nature of data. So, there is a need to use some other matrices for evaluation purpose. In this paper, some internal cluster validity index based schemes are proposed for evaluating entity name disambiguation algorithms when applied on bibliographic data without using any gold standard datasets. Two new internal validity indices are also proposed in the current paper for this purpose. Experimental results shown on seven bibliographic datasets reveal that proposed internal cluster validity indices are able to compare the results obtained by different methods without prior/gold standard. Thus the present paper demonstrates a novel way of evaluating any entity matching algorithm for bibliographic datasets without using any prior/gold standard information.

Published

2014

27. Color Pass: An intelligent user interface to resist shoulder surfing attack

Author

Samrat Mondal and Nilesh Chakraborty

Subjects

Scheme (programming language), Engineering, Authentication, business.industry, Interface (computing), Usability, Login session, Computer security, computer.software_genre, Intelligent user interface, Session (computer science), User interface, business, computer, computer.programming_language

Abstract

Classical PIN entry mechanism is widely used for authenticating a user. It is a popular scheme because it nicely balances the usability and security aspects of a system. However, if this scheme is to be used in a public system then the scheme may suffer from shoulder surfing attack. In this attack, an unauthorized user can fully or partially observe the login session. Even the activities of the login session can be recorded which the attacker can use it later to get the actual PIN. In this paper, we propose an intelligent user interface, known as Color Pass to resist the shoulder surfing attack so that any genuine user can enter the session PIN without disclosing the actual PIN. The Color Pass is based on a partially observable attacker model. The experimental analysis shows that the Color Pass interface is safe and easy to use even for novice users.

Published

2014

28. Cluster validation techniques for Bibliographic databases

Author

Samrat Mondal, Sriparna Saha, and Sumit Mishra

Subjects

Similarity (geometry), Information retrieval, Database, Computer science, Scopus, Context (language use), computer.software_genre, Distance measures, External validity, Index (publishing), Internal validity, Data mining, Cluster analysis, computer

Abstract

In entity name disambiguation technique, records of same entity are clustered together. One of the major challenges in such technique is to validate the result as the actual or correct results are often not known or difficult to know. In this context, three commonly known evaluation measures are precision, recall and f-measure. All these indices are external validity indices as they all need gold standard data. But in Bibliographic databases like DBLP, Arnetminer, Scopus, Web of Science etc., obtaining golden standard is very difficult for each entity. So, there is a need to use some other metrics to evaluate the performance on Bibliographic data. In this paper, a novel scheme based on internal validity index is used to evaluate the performance of entity name disambiguation algorithm. Several distance measures are used here to compute the similarity between two records. These functions are then incorporated in the definitions of internal validity indices.

Published

2014

29. An Improved Methodology towards Providing Immunity against Weak Shoulder Surfing Attack

Author

Nilesh Chakraborty and Samrat Mondal

Subjects

Password, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Authentication, Shoulder surfing attack, Computer science, Shoulder surfing, Session (computer science), Adversary, Login, Security level, Computer security, computer.software_genre, computer

Abstract

In a conventional password based authentication system, an adversary can obtain login credentials by performing shoulder surfing. When such attacks are performed by human users with limited cognitive skills and without any recording device then it is referred as weak shoulder surfing attack. Existing methodologies that avoid such weak shoulder surfing attack, comprise of many rounds which may be the cause of fatigue to the general users. In this paper we have proposed a methodology known as Multi Color (MC) method which reduces the number of rounds in a session to half of previously proposed methodologies. Then using the predictive human performance modeling tool we have shown that proposed MC method is immune against weak shoulder surfing attack and also it improves the existing security level.

Published

2014

30. Tag Digit Based Honeypot to Detect Shoulder Surfing Attack

Author

Nilesh Chakraborty and Samrat Mondal

Subjects

Password, Scheme (programming language), Authentication, Honeypot, Shoulder surfing attack, business.industry, Computer science, Usability, Login, Computer security, computer.software_genre, Trap (computing), ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, business, computer, computer.programming_language

Abstract

Traditional password based authentication scheme is vulnerable to shoulder surfing attack. So if an attacker sees a legitimate user to enter password then it is possible for the attacker to use that credentials later to illegally login into the system and may do some malicious activities. Many methodologies exist to prevent such attack. These methods are either partially observable or fully observable to the attacker. In this paper we have focused on detection of shoulder surfing attack rather than prevention. We have introduced the concept of tag digit to create a trap known as honeypot. Using the proposed methodology if the shoulder surfers try to login using others’ credentials then there is a high chance that they will be caught red handed. Comparative analysis shows that unlike the existing preventive schemes, the proposed methodology does not require much computation from users end. Thus from security and usability perspective the proposed scheme is quite robust and powerful.

Published

2014

31. SLASS: Secure Login against Shoulder Surfing

Author

Samrat Mondal and Nilesh Chakraborty

Subjects

Scheme (programming language), Password, Authentication, Computer science, Login session, Computer security, computer.software_genre, Login, Public domain, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Attack model, Shoulder surfing, computer, computer.programming_language

Abstract

Classical password based schemes are widely used because it provides fair security and yet easy to use. However, when used in a public domain it is vulnerable to shoulder surfing attack in which an attacker can record the entire login session and may get the user’s original password. To avoid such attack, we have proposed a methodology known as Secure Login Against Shoulder Surfing or SLASS which is based on a partially observable attack model where an attacker can partially observe the login session. In the proposed scheme, the attacker cannot see or hear the challenges thrown by the system but can only see the responses provided by the user. User remembers a password of five characters long consisting of alphabets only and the responses are provided by some directional keys. Experimental analysis show that our scheme is less error prone, easy to use and provides high security compared to some existing approaches.

Published

2014

32. Entity Matching Technique for Bibliographic Database

Author

Sumit Mishra, Sriparna Saha, and Samrat Mondal

Subjects

Matching (statistics), Information retrieval, Bibliographic database, Similarity (geometry), Relation (database), Computer science, Process (engineering), Key (cryptography), Value (computer science), Data mining, computer.software_genre, computer, Temporal database

Abstract

Some of the attributes of a database relation may evolve over time i.e., they change their values at different instants of time. For example, affiliation attribute of an author relation in a bibliographic database which maintains publication details of various authors, may change its value. When a database contains records of this nature and number of records grows to a large extent then it becomes really very challenging to identify which records belong to which entity due to lack of a proper key. In such a situation, the other attributes of the records and the timed information associated with the records may be useful in identifying whether the records belong to the same entity or different. In the proposed work, the records are initially clustered based on email-id attribute and the clusters are further refined based on other temporal and non-temporal attributes. The refinement process involves similarity check with other records and clusters. A comparative analysis with two existing systems DBLP and ArnetMiner shows that the proposed technique can able to produce better results in many cases.

Published

2013

33. A location sensitive access control system

Author

Vasu Devulapalli and Samrat Mondal

Subjects

Engineering, Computer access control, business.industry, Access control, Computer security, computer.software_genre, Security policy, Resource (project management), Extended Access Control, Network Access Control, Role-based access control, Physical access, business, computer

Abstract

Role Based Access control (RBAC) is a popular security technique to impose restriction on different resources. To capture various emerging security requirements, RBAC has been evolved from time to time. Due to advancement in wireless devices new security requirements have come up and it is quite challenging for the existing access control models to tackle such requirements. In this paper, a location sensitive access control (LSAC) model is proposed to incorporate security policies related to mobile users. It has been observed that different characteristics of moving objects such as velocity, acceleration, etc., are often ignored while granting access to a particular resource. In this work, an attempt is made to consider those parameters while allowing or disallowing access to location sensitive objects.

Published

2012

34. Detecting policy misconfigurations in temporal domain using object priority

Author

Madhu Sankeerth Dammati and Samrat Mondal

Subjects

Identification (information), National security, Computer access control, business.industry, Role-based access control, Context (language use), Access control, Business, Computer security, computer.software_genre, computer, Access control list, Insider

Abstract

In an organization, one of the important job of an administrator is to define different access control policies based on the various requirements. Access-control policy misconfigurations that cause requests to be erroneously denied can result in wasted time, user frustration. Depending upon the context of particular applications (e.g., health care, national security) the effect may be quite severe. Identification of such possible inconsistencies in the access control system at an early stage even before the user tries to access them, can help in rectifying such mistakes. Access Control List (ACL) purely reflects the various policies that a system must follow to carry out the desirable tasks. For most of the access control systems the ACL remains the same. In recent times, such models are not sufficient enough to meet the requirements, leading to models like TRBAC, GTRBAC. Identification of policy misconfigurations in such systems helps in minimizing the vulnerabilities, reducing the security risks and insider attacks. And in certain scenarios the policies may not be simple and may involve priorities among objects, where there is a fair chance of having erroneous policies unknowingly. Thus, identification of misconfigurations in such cases is of prior importance.

Published

2012

35. Supporting Negative Authorization in Spatiotemporal Role Based Access Control

Author

Shamik Sural and Samrat Mondal

Subjects

Relation (database), Computer science, business.industry, Context (language use), Access control, Permission, Computer security, computer.software_genre, Core (game theory), If and only if, Role-based access control, Relevance (information retrieval), business, computer

Abstract

Role based access control (RBAC) has emerged as an effective solution for several access control problems of relevance today. To cope with the growing requirements, core RBAC has been extended over temporal, spatial and spatiotemporal dimensions. The various models developed so far predominantly deal with monotonic policies which allow access only if there is a corresponding positive authorization. However, in many practical situations, there is a need for specifying policies that deny access through negative authorization. The authorization may again depend on different spatiotemporal conditions. In this paper, the notion of user-role-permission (URP) relation is used to incorporate negative authorization in ESTARBAC, one of the existing spatiotemporal RBAC models. The proposed method has been compared with two other existing approaches. We also analyze how negative authorization can facilitate expressing some of the important access control policies relevant for an organization.

Published

2009

36. Role Based Access Control with Spatiotemporal Context for Mobile Applications

Author

Subhendu Aich, Arun Majumdar, Shamik Sural, and Samrat Mondal

Subjects

Computer science, business.industry, Separation of duties, Distributed computing, Mobile computing, Access control, Information security, Permission, Security policy, Computer security, computer.software_genre, Role-based access control, ComputingMethodologies_GENERAL, business, Role hierarchy, computer

Abstract

Role based access control (RBAC) is an established paradigm in resource protection. However, with the proliferation of mobile computing, it is being frequently observed that the RBAC access decision is directly influenced by the spatiotemporal context of both the subjects and the objects in the system. Currently, there are only a few models (STRBAC, GSTRBAC) in place which specify spatiotemporal security policy on top of the classical RBAC. In this paper we propose a complete RBAC model in spatiotemporal domain based on the idea of spatiotemporal extent. The concept of spatiotemporal role extent and spatiotemporal permission extent introduced here enables our model to specify granular spatiotemporal access control policies not specifiable in the existing approaches. Our model is also powerful enough to incorporate classical role hierarchy and other useful RBAC policies including Role based Separation of Duty and Permission based Separation of Duty in spatiotemporal domain. Healthcare is an area in which information security is of utmost importance. The risk of personal medical data leakage is especially high in mobile healthcare applications. As a proof of concept, we have implemented the proposed spatiotemporal access control method in a mobile telemedicine system.

Published

2009

37. XML-based policy specification framework for spatiotemporal access control

Author

Samrat Mondal and Shamik Sural

Subjects

Database, computer.internet_protocol, Separation of duties, Computer science, business.industry, Distributed computing, Context (language use), Access control, Permission, Security policy, computer.software_genre, Role-based access control, ComputingMethodologies_GENERAL, Role hierarchy, business, computer, XML

Abstract

Role based access control (RBAC) is an established paradigm in current enterprise resource protection environment. However, with the proliferation of mobile computing, it is being frequently observed that the RBAC access decision is directly influenced by the spatiotemporal context of both the subjects and the objects in the system. Currently, there exists few models which can handle spatiotemporal security policy on top of the classical RBAC. In this paper, an XML based policy specification framework is proposed for a spatiotemporal RBAC model. The framework is built on top of a spatiotemporal RBAC model known as ESTARBAC. It incorporates different constraints such as role hierarchy, separation of duty and cardinality, along with other constraints dependent on spatiotemporal conditions. The underlying model supports spatiotemporal role and permission extents. Use of such extents allows to specify a wide variety of spatiotemporal access control policies. The framework facilitates the administration task of a large organization by providing a convenient and efficient way of managing access control policies.

Published

2009

38. HoneyString: an improved methodology over tag digit-based honeypot to detect shoulder surfing attack

Author

Samrat Mondal and Nilesh Chakraborty

Subjects

Password, Scheme (programming language), Authentication, Engineering, Honeypot, business.industry, Denial-of-service attack, Login, Computer security, computer.software_genre, Pre-play attack, Overhead (computing), business, computer, computer.programming_language

Abstract

Shoulder surfing attack is often a matter of concern if one is using a public computer system to submit her login credentials. Many methodologies have been proposed by the researchers to prevent such attack. Most of the schemes require high cognitive skills from user end and due to that these schemes are less implementable in real life scenario. So instead of prevention, we work on developing detection of shoulder surfing attack as the detection scheme requires less cognitive overhead than prevention schemes. In this paper, we have proposed a detection mechanism termed as HoneyString which overcomes the limitation of previously proposed tag digit-based scheme. HoneyString provides robust security against DoS attack which was a limitation in the previously proposed scheme. A comparative analysis shows that the proposed scheme has higher detection rate and requires less login time than the existing scheme.

Published

2015

39. I-SLASS: an improved login approach over SLASS

Author

Samrat Mondal and Nilesh Chakraborty

Subjects

Password, Scheme (programming language), Engineering, Authentication, business.industry, Authentication scheme, Usability, Challenge response, Login, Computer security, computer.software_genre, Shoulder surfing, business, computer, computer.programming_language

Abstract

In a password–based authentication scheme, shoulder surfing attack is a common problem. To overcome this, challenge response scheme is a possible solution. However, to address this security aspect the authentication schemes should not compromise too much with the usability aspect. Thus, the main challenge in such schemes is to provide a balance between security and usability aspect. In this paper, some partially observable shoulder surfing resilient schemes such as SSSL, SLASS are analysed and their limitations have been overcome in the proposed I–SLASS scheme which is built on top of SLASS concept. Two variants of I–SLASS schemes are developed. I–SLASS–CPASS is used to address character–based password and I–SLASS–DPASS uses the digit–based PIN. Experimental analysis shows that both the variants are more secure and more flexible compared to their respective counterpart, i.e., SLASS and SSSL.

Published

2014