Your search keyword '"Password policy"' showing total 1,597 results

51. Computer misuse in the workplace.

Author

H. M. P. S. Herath and Wijayanayake, W. M. J. I.

Subjects

COMPUTER security, INFORMATION services, DATA protection, DATA security, SECURITY systems, AUDITORS, ACCOUNTANTS, SPECIALISTS, INFORMATION science

Abstract

Many information security specialists believe that promoting good end-user behaviour and restricting inappropriate end-user behaviour are vital for effective information security. Because of the importance of security-related end-user behaviour, it is important to have a systematic viewpoint on the different kinds of benefits for managers, auditors, information technologists and others with an interest in assessing and/or influencing end-user behaviour. [ABSTRACT FROM AUTHOR]

Published

2009

52. Personal Information in Passwords and Its Security Implications

Author

Haining Wang, Yue Li, and Kun Sun

Subjects

Password, 021110 strategic, defence & security studies, Password policy, Authentication, Computer Networks and Communications, business.industry, Computer science, Internet privacy, 0211 other engineering and technologies, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, 0202 electrical engineering, electronic engineering, information engineering, Safety, Risk, Reliability and Quality, business, Password psychology, Personally identifiable information, computer

Abstract

While it is not recommended, Internet users tend to include personal information in their passwords for easy memorization. However, the use of personal information in passwords and its security implications have yet to be studied. In this paper, we dissect user passwords from several leaked data sets to investigate the extent to which a user’s personal information resides in a password. Then, we introduce a new metric called coverage to quantify the correlation between passwords and personal information. Afterward, based on our analysis, we extend the probabilistic context-free grammars (PCFGs) method to be semantics-rich and propose personal-PCFG to crack passwords by generating personalized guesses. Through offline and online attack scenarios, we demonstrate that personal-PCFG cracks passwords much faster than PCFG and makes online attacks much more likely to succeed. To defend against such semantics-aware attacks, we examine the use of simple distortion functions that are chosen by users to mitigate unwanted correlation between personal information and passwords.

Published

2017

53. Security bound enhancement of remote user authentication using smart card

Author

R. Madhusudhan and Manjunath Hegde

Subjects

Password, Password policy, Computer Networks and Communications, Network security, business.industry, Computer science, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, Authentication protocol, Network Access Control, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Smart card, Reflection attack, Challenge–response authentication, Safety, Risk, Reliability and Quality, business, computer, Software

Abstract

Distribution of resources and services via open network has becoming latest trend in information technology. This is provided by many service provider servers. In open network, hackers can easily obtain the communication data. Therefore, open networks and servers demand the security to protect data and information. Hence, network security is most important requirement in distributed system. In this security system, authentication is considered as the fundamental and essential method. Recently many remote user authentication schemes are proposed. In 2012, WANG Ding et al. proposed a remote user authentication scheme, in which the author stated that the scheme provides protection against offline password guessing, impersonation and other known key attacks. By cryptanalysis we have identified that, WANG Ding et al.'s scheme does not provide user anonymity, once the smart card is stolen. This scheme is also susceptible to offline password guessing attack, server masquerading attack, stolen smart card attack and insider attack. Further, this scheme still has problem with proper perfect forward secrecy and user revocation. In order to fix these security weaknesses, an enhanced authentication scheme is proposed and analysed using the formal verification tool for measuring the robustness. From the observation of computational efficiency of the proposed scheme, we conclude that the scheme is more robust and easy to implement practically.

Published

2017

54. A Theoretical Framework for Password Security against Offline Guessability Attacks

Author

Syed Raheel Hassan, Shah Zaman Nizamani, and Rafia Naz

Subjects

Password, Password policy, Authentication, Multidisciplinary, Dictionary attack, Computer science, business.industry, Salt (cryptography), 010102 general mathematics, Password cracking, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, Encryption, 01 natural sciences, One-time password, Password strength, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, 0202 electrical engineering, electronic engineering, information engineering, 0101 mathematics, business, computer

Abstract

Objectives: Security of textual passwords is increased against offline guessability attacks by using different encryption methods. However, even after encryption textual passwords may be guessed through brute-force or dictionary attacks. Method: In this paper, a theoretical framework is developed which provides guidelines for improving password security against offline guessability attacks such as brute force and dictionary attacks. In the proposed framework different password security layers are defined which convert a password into a form which is very difficult to crack through offline guessability attacks. The framework layers are implemented at application and database level. Findings: In the proposed framework a short and easy to remember password string is converted into a long and random string which does not provide any hint of original password. However, it is important that the methodology or logic used for implementing the framework layers should be hidden from the attackers because the layers’ methodology may provide a clue for password cracking. Layers of the proposed framework can be implemented with different logics, which are helpful in hiding the implementation details of the layers. Application/Improvements: Proposed framework is not only helpful for improving security of traditional textual password scheme but it can also improve the security for graphical password schemes against offline guessability attacks. Keywords: Authentication, Guessability Attacks, Privacy, Password Security, Textual Passwords

Published

2017

55. EvoPass: Evolvable graphical password against shoulder-surfing attacks

Author

Liang Li, Zhan Wang, Yingjiu Li, Wen Tao Zhu, Xingjie Yu, and Li Song

Subjects

Password, Authentication, Password policy, User authentication, Cognitive password, General Computer Science, computer.internet_protocol, Computer science, 02 engineering and technology, Computer security, computer.software_genre, Password strength, Shoulder surfing, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Password authentication protocol, Android (operating system), Law, computer

Abstract

The passwords for authenticating users are susceptible to shoulder-surfing attacks in which attackers learn users' passwords through direct observations without any technical support. A straightforward solution to defend against such attacks is to change passwords periodically or even constantly, making the previously observed passwords useless. However, this may lead to a situation in which users run out of strong passwords they can remember, or they are forced to choose passwords that are weak, correlated, or difficult to memorize. To achieve both security and usability in user authentication, we propose EvoPass , the first evolvable graphical password authentication system. EvoPass transforms a set of user-selected pass images to pass sketches as user credentials. Users are required to identify their pass sketches from a set of challenge images for user authentication. Particularly, EvoPass improves password strength gradually over time through continually degrading pass sketches without annoying users to reselect pass images. The evolving feature makes it difficult for observational adversaries to identify the pass sketches, even though part of pass sketches may have been exposed to adversaries previously. We introduce two metrics, Information Retention Rate (IRR) and Password Diversity Score (PDS) to guide the process of generating pass sketches and a set of challenge images. Our experimental analysis reveals that applying reasonable IRR and PDS in EvoPass can remarkably improve the resistance to shoulder-surfing attacks without negatively affecting user experience. We also implement a prototype of EvoPass on Android platform with reasonable IRR and PDS applied. Our experimental results on the prototype further demonstrate that EvoPass could work efficiently and achieve a desired usability.

Published

2017

56. Zero-Sum Password Cracking Game: A Large-Scale Empirical Study on the Crackability, Correlation, and Security of Passwords

Author

Shukun Yang, Shouling Ji, Weili Han, Xin Hu, Zhigong Li, and Raheem Beyah

Subjects

Password, 021110 strategic, defence & security studies, Password policy, Cognitive password, Computer science, 0211 other engineering and technologies, Password cracking, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, One-time password, Password strength, S/KEY, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, computer, Password psychology

Abstract

In this paper, we conduct a large-scale study on the crackability, correlation, and security of ${\sim}145$ million real world passwords, which were leaked from several popular Internet services and applications. To the best of our knowledge, this is the largest empirical study that has been conducted. Specifically, we first evaluate the crackability of ${\sim}145$ million real world passwords against 6+ state-of-the-art password cracking algorithms in multiple scenarios. Second, we examine the effectiveness and soundness of popular commercial password strength meters (e.g., Google, QQ) and the security impacts of username/email leakage on passwords. Finally, we discuss the implications of our results, analysis, and findings, which are expected to help both password users and system administrators to gain a deeper understanding of the vulnerability of real passwords against state-of-the-art password cracking algorithms, as well as to shed light on future password security research topics.

Published

2017

57. Security Analysis of Password-Authenticated Key Retrieval

Author

Kazukuni Kobara and SeongHan Shinand

Subjects

Password, Password policy, Zero-knowledge password proof, Computer science, Salt (cryptography), 020208 electrical & electronic engineering, 02 engineering and technology, Computer security, computer.software_genre, One-time password, S/KEY, Password strength, 0202 electrical engineering, electronic engineering, information engineering, Key stretching, Electrical and Electronic Engineering, computer

Abstract

A PAKR (Password-Authenticated Key Retrieval) protocol and its multi-server system allow one party (say, client), who has a memorable password, to retrieve a long-term static key in an exchange of messages with at least one other party (say, server) that has a private key associated with the password. In this paper, we analyze the only PAKR (named as PKRS-1) standardized in IEEE 1363.2 [9] and its multi-server system (also, [12] ) by showing that any passive/active attacker can find out the client’s password and the static key with off-line dictionary attacks. This result contradicts the security claims made for PKRS-1 (see Clause 10.2 of IEEE 1363.2 [9] ).

Published

2017

58. Efficient and secure two-factor dynamic ID-based password authentication scheme with provable security

Author

Dheerendra Mishra

Subjects

Password, Password policy, Computer science, Applied Mathematics, 020206 networking & telecommunications, 02 engineering and technology, Multi-factor authentication, Computer security, computer.software_genre, One-time password, Computer Science Applications, S/KEY, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Forward secrecy, Authentication protocol, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Challenge–response authentication, computer

Abstract

Password-based remote user authentication schemes using smart cards are designed to ensure that only a user who possesses both the smart card and the corresponding password can gain access to the remote servers. Despite many research efforts, it remains a challenging task to design a secure password-based authentication scheme with user anonymity. The author uses Kumari et al.’s scheme as the case study. Their scheme uses non-public key primitives. The author first presents the cryptanalysis of Kumari et al.’s scheme in which he shows that their scheme is vulnerable to user impersonation attack, and does not provide forward secrecy and user anonymity. Using the case study, he has identified that public-key techniques are indispensable to construct a two-factor authentication scheme with security attributes, such as user anonymity, unlinkability and forward secrecy under the nontamper resistance assumption of the smart card. The author proposes a password-based authentication scheme using elliptic ...

Published

2017

59. Valuing Information Security: A Look at the Influence of User Engagement on Information Security Strength

Author

Randall J. Boyle, Chandrashekar D. Challa, and Jeffrey A. Clements

Subjects

Password, Password policy, Cognitive password, Character (computing), Computer science, business.industry, 05 social sciences, Internet privacy, 02 engineering and technology, Information security, Password strength, Variety (cybernetics), World Wide Web, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, User engagement, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, 0509 other social sciences, 050904 information & library sciences, business

Abstract

This study looks at the influence of user engagement on users’ information security practices. A model describing how user engagement (user posts) may influence a person’s decision to employ better security measures (stronger passwords) is tested. Password strength was determined by looking at password length, the types of characters used, the variety of character sequences used, the number of duplicate passwords, and the number of uncrackable passwords. Passwords were tested using a variety of cracking techniques. This study found that individuals from an online gaming site who made more posts to the user forum employed stronger passwords.

Published

2017

60. Cryptanalysis and Improvement of an RSA Based Remote User Authentication Scheme Using Smart Card

Author

Debasis Giri, Tanmoy Maitra, Ruhul Amin, and P. D. Srivastava

Subjects

020205 medical informatics, Computer science, 02 engineering and technology, Computer security, computer.software_genre, Internet security, One-time password, S/KEY, law.invention, law, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, Password, Password policy, Authentication, business.industry, Password cracking, 020206 networking & telecommunications, Computer Science Applications, Authentication protocol, Timestamp, Smart card, Challenge–response authentication, business, Cryptanalysis, computer, Computer network

Abstract

User’s password with smart card based authentication protocol is needed to access resources securely from remote server. In 2014, Huang et al. proposed a timestamp-based authentication protocol and they claimed that their scheme is secure against all possible attacks. In this paper, we have pointed out that Huang et al.’s scheme is insecure against off-line password guessing attack, insider attack and forgery attack. Beside these, inefficient password update phase can lead to denial of service. To remove these security loopholes, we have proposed an efficient RSA-cryptosystem based remote user authentication scheme using smart card. Security (formal and informal) analysis shows that the proposed scheme provides better security tradeoff than Huang et al.’s scheme. Further, we have simulated our proposed scheme for the formal security verification using Automated Validation of Internet Security Protocols and Applications tool to confirm that the proposed scheme is secure against passive and active attacks. Performance analysis shows that the proposed scheme provides lower computational and communication cost than Huang et al.’s scheme as well as other related competitive existing schemes.

Published

2017

61. A novel secure and efficient hash function with extra padding against rainbow table attacks

Author

Sunghyuck Hong, Jungpil Shin, and Hyung-Jin Mun

Subjects

Zero-knowledge password proof, Computer Networks and Communications, Salt (cryptography), Computer science, computer.internet_protocol, Crypt, Hash function, 02 engineering and technology, Computer security, computer.software_genre, One-time password, Padding, Password strength, S/KEY, 0202 electrical engineering, electronic engineering, information engineering, Key stretching, Syskey, Key derivation function, Password psychology, Password, Authentication, Password policy, Cognitive password, Pass the hash, Password cracking, 020206 networking & telecommunications, Passphrase, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Rainbow table, Hash chain, 020201 artificial intelligence & image processing, HMAC-based One-time Password Algorithm, Challenge–response authentication, computer, Software

Abstract

User authentication is necessary to provide services on an application system and the Internet. Various authentication methods are used such as ID/PW, biometric, and OTP authentications. One of the popular authentications is ID/PW authentication. As an inputted password is transferred by one-way hash function and then stored in DB, it is difficult for the DB administrator to figure out the password inputted by the user. However, when DB is leaked, and there is the time to decode, the password can be hacked. The time and cost to decode the original message from the hash value corresponding a short password decrease. Therefore, if the password is short, then attacking cost is low, and password crack possibility is high. In the case where an attacker utilizes pre-computing rainbow tables, and the hash value of short passwords is leaked, the password that the user inputted can be cracked. In this research, to block rainbow table attacks, when the user generates a short password, by adding additional messages of identification information of a system or the user and extending the length of the password, we try to resolve the vulnerability of short passwords. By proposing a model to minimize the length of the password and the authority accordingly in mobile devices on which inputting passwords is not easy, we take security into consideration. Our proposal model is strong against rainbow table attack and provides efficient password system to users. It contributes to resolving password vulnerability and upgrades mobile users’ convenience in typing passwords.

Published

2017

62. Anonymous Password Authenticated Key Exchange Protocol in the Standard Model

Author

Jiang Zhang, Zhenfeng Zhang, Fengmei Liu, and Xuexian Hu

Subjects

Challenge-Handshake Authentication Protocol, Zero-knowledge password proof, computer.internet_protocol, Computer science, 0211 other engineering and technologies, 02 engineering and technology, Oakley protocol, Computer security, computer.software_genre, One-time password, S/KEY, Password strength, Random oracle, Universal composability, 0202 electrical engineering, electronic engineering, information engineering, Session key, Password authentication protocol, Electrical and Electronic Engineering, Password, 021110 strategic, defence & security studies, Authentication, Password policy, 020206 networking & telecommunications, Mutual authentication, Computer Science Applications, Authenticated Key Exchange, Authentication protocol, Challenge–response authentication, computer

Abstract

Anonymous password authenticated key exchange (APAKE) allows a client holding a low-entropy password to establish a session key with a server in an authenticated and anonymous way. As a very convenient solution for personal privacy protection, it has attracted much attention in recent years. However, almost all existing APAKE protocols are designed in the random oracle model. In this paper, we propose the first password-only APAKE protocol (called APAKE-S) with proven security in the standard model, i.e., without random oracle heuristic. The resulting protocol guarantees AKE security, client anonymity and mutual authentication. Moreover, since the building blocks in our construction can be instantiated based on numerous hard assumptions (e.g., decisional Diffie–Hellman, Quadratic Residuosity, and N-residuosity assumptions), our APAKE-S protocol is actually a generic construction which implies a series of efficient APAKE protocols in the standard model.

Published

2017

63. BlindLogin: A Graphical Authentication System with Support for Blind and Visually Impaired users on Smartphones

Author

Siong Hoe Lau, Afizan Azman, Bachir Bendrissou, and Yean Li Ho

Subjects

Password, Authentication, Password policy, Multidisciplinary, Cognitive password, 020205 medical informatics, business.industry, Visually impaired, Computer science, 05 social sciences, Usability, 02 engineering and technology, One-time password, S/KEY, World Wide Web, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Human–computer interaction, 0202 electrical engineering, electronic engineering, information engineering, 0501 psychology and cognitive sciences, business, 050107 human factors

Abstract

Most graphical password systems on smart phones do not consider the needs of blind and visually impaired users. The main objective of this paper is to propose a new graphical authentication system which combines the usability of the graphical password with the security of the textual password and allows all types of users, including the blind and visually impaired users to use the same authentication system on a smartphone without any extra costs for special hardware. 84.6% of those surveyed would recommend BlindLogin to their friends. 46.2% of the respondents also found the BlindLogin password to be easier to remember than the regular textual password. BlindLogin is a viable alternative as a universal graphical password authentication system.

Published

2017

64. A password authentication method for remote users based on smart card and biometrics

Author

Subhasish Banerjee and Hari Om

Subjects

Password, Password policy, Algebra and Number Theory, Cognitive password, Salt (cryptography), Computer science, Applied Mathematics, Data_MISCELLANEOUS, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, One-time password, S/KEY, Password strength, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Challenge–response authentication, computer, Analysis

Abstract

Das has improved the biometric-based remote user authentication using smart card [13]. This scheme is based on biometric, password, and the random nonce generated by the user and the server. It is very efficient as far as the computational cost is concerned. This scheme however has some security weaknesses such as replay and offline password guessing attacks. In this paper, we present a review of the Das’s scheme and discuss its weaknesses. In this paper, we develop a new scheme that overcomes all its weaknesses.

Published

2017

65. An evaluation of the Game Changer Password System: A new approach to password security

Author

Samantha E. Tuft, Conor T. McLennan, and Philip Manning

Subjects

Password, 021110 strategic, defence & security studies, Password policy, Cognitive password, Computer science, ComputingMilieux_PERSONALCOMPUTING, 0211 other engineering and technologies, General Engineering, Human Factors and Ergonomics, 02 engineering and technology, Computer security, computer.software_genre, One-time password, Education, Password strength, S/KEY, Human-Computer Interaction, Hardware and Architecture, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Password psychology, computer, Software

Abstract

We propose – and experimentally test – a mnemonic variant of password security that uses game positions as passwords. In Experiment 1, we report accuracy and reaction time data when high school student, younger adult, and older adult participants remembered and entered one game-based password, using chess or Monopoly. In Experiment 2, we report accuracy and reaction time data from participants' use of five game-based passwords across 24 sessions over 10 weeks. All five passwords were stored in chess or Monopoly for the initial 20 sessions, and changed (from chess to Monopoly or vice versa) for the remaining sessions. This new approach to password security is both mathematically robust and user-friendly.

Published

2017

66. VAP code: A secure graphical password for smart devices

Author

M. S. A. Noman Ranak, Arafatur Rahman, Musfiq Rahman, B. M. F. Kamal Ruhee, Nazrul Kabir, Saiful Azad, Jasni Mohamad Zain, and N. Nourin Nisa

Subjects

Password, 021110 strategic, defence & security studies, Password policy, Cognitive password, General Computer Science, Salt (cryptography), Computer science, 0211 other engineering and technologies, Password cracking, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, One-time password, Password strength, S/KEY, Control and Systems Engineering, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, computer

Abstract

In parallel to the increasing purchase rate of the smart devices, attacks on these devices are also increasing in an alarming rate. To prevent these attacks, many password-based authentication schemes are proposed. Among them, graphical password schemes are preferred on these devices due to their limited screen size and a lack of full sized keyboard. Again, existing graphical password schemes are susceptible to various attacks, among which shoulder surfing, smudge attack, and brute force attack are the most prominent. Hence, in this paper, we propose Vibration-And-Pattern (VAP) code, a new graphical password scheme that is resilient against these three major attacks. To evaluate the usability of our proposed scheme, a usability study has been conducted on 122 participants of various age groups from different demographics.

Published

2017

67. Must I, can I? I don’t understand your ambiguous password rules

Author

Yee-Yin Choong and Kristen Greene

Subjects

Information Systems and Management, Computer Networks and Communications, Computer science, media_common.quotation_subject, 02 engineering and technology, One-time password, Management Information Systems, Terminology, World Wide Web, Human–computer interaction, 020204 information systems, Management of Technology and Innovation, 0202 electrical engineering, electronic engineering, information engineering, 0501 psychology and cognitive sciences, Password psychology, 050107 human factors, media_common, Password, Password policy, Cognitive password, business.industry, 05 social sciences, Usability, Ambiguity, business, Software, Information Systems

Abstract

Purpose The purpose of this research is to investigate user comprehension of ambiguous terminology in password rules. Although stringent password policies are in place to protect information system security, such complexity does not have to mean ambiguity for users. While many aspects of passwords have been studied, no research to date has systematically examined how ambiguous terminology affects user comprehension of password rules. Design/methodology/approach This research used a combination of quantitative and qualitative methods in a usable security study with 60 participants. Study tasks contained password rules based on real-world password requirements. Tasks consisted of character-selection tasks that varied the terms for non-alphanumeric characters to explore users’ interpretations of password rule language, and compliance-checking tasks to investigate how well users can apply their understanding of the allowed character space. Findings Results show that manipulating password rule terminology causes users’ interpretation of the allowed character space to shrink or expand. Users are confused by the terms “non-alphanumeric”, “symbols”, “special characters” and “punctuation marks” in password rules. Additionally, users are confused by partial lists of allowed characters using “e.g.” or “etc.” Practical implications This research provides data-driven usability guidance on constructing clearer language for password policies. Improving language clarity will help usability without sacrificing security, as simplifying password rule language does not change security requirements. Originality/value This is the first usable security study to systematically measure the effects of ambiguous password rules on user comprehension of the allowed character space.

Published

2017

68. Multi-Factor Authentication with OpenId in Virtualized Environments

Author

Jairo Matheus Alves, David Beserra, Patricia Takako Endo, Thiago Gomes Rodrigues, Jorge Fonseca, and Judith Kelner

Subjects

Password, 021110 strategic, defence & security studies, Password policy, Software_OPERATINGSYSTEMS, General Computer Science, Computer science, business.industry, 0211 other engineering and technologies, 020206 networking & telecommunications, 02 engineering and technology, Multi-factor authentication, Computer security, computer.software_genre, One-time password, S/KEY, Authentication protocol, Lightweight Extensible Authentication Protocol, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, Challenge–response authentication, business, computer, Computer network

Abstract

Despite the number of users accessing and storing your personal information in cloud services has increased considerably, there still is a certain barrier regarding to cloud adoption. Data security and confidentiality can be considered one of main reasons that affect both sides, clients and cloud providers. Some techinques has been implemented to hamper the data violation and inapropriated access, such as two-factor authentication, that requires two or more factors to liberate the service access to an user. This work presents a performance analisys of two-factor authentication system considering three different virtual environments (KVM, Xen, and VMware Player hypervisors). For the two-factor authentication process, we use the traditional login and password mechanism, and the One Time Password (OTP), as second factor; and for the identity management, we use the OpenID protocol that allows a Single Sign One access. Results show KVM hypervisor has the best performance when compared to two others.

Published

2017

69. Towards enhancing click-draw based graphical passwords using multi-touch behaviours on smartphones

Author

Kim-Kwang Raymond Choo, Lam-For Kwok, Weizhi Meng, and Wenjuan Li

Subjects

Password, 021110 strategic, defence & security studies, Authentication, Password policy, General Computer Science, Computer science, computer.internet_protocol, 0211 other engineering and technologies, Multi-touch, 020207 software engineering, 02 engineering and technology, World Wide Web, Human–computer interaction, 0202 electrical engineering, electronic engineering, information engineering, Feature (machine learning), Password authentication protocol, Law, Mobile device, computer

Abstract

Graphical passwords (GPs) are recognised as one of the potential alternatives in addressing the limitations in conventional text-based password authentication. With the rapid development of mobile devices (i.e., the increase of computing power), GP-based systems have already been implemented not only on PCs, but also on smartphones to authenticate legitimate users and detect impostors. However, as compared to common computers, we identify that users are able to perform some distinct actions like multi-touch on smartphones. The multi-touch is a distinguished feature on current smartphones and its impact on graphical password creation is an important topic in the literature. In this paper, our interest is to investigate the influence of multi-touch behaviours on users' habit in creating graphical passwords, especially on click-draw based GPs (shortly CD-GPS) on mobile devices. In the evaluation, we develop a multi-touch enabled CD-GPS on smartphones and conduct two major experiments with a total of 90 participants. The study results indicate that participants are more likely to use multi-touch features to create their secrets, and multi-touch can make a positive impact on creating graphical passwords (i.e., offering higher success rates and less time consumption).

Published

2017

70. A New Efficient Chaotic Maps Based Three Factor User Authentication and Key Agreement Scheme

Author

Qi Xie, Wenhao Liu, Lidong Han, and Shengbao Wang

Subjects

Challenge-Handshake Authentication Protocol, Zero-knowledge password proof, 020205 medical informatics, Computer science, Denial-of-service attack, Access control, 02 engineering and technology, Computer security, computer.software_genre, One-time password, S/KEY, Password strength, Lightweight Extensible Authentication Protocol, 0202 electrical engineering, electronic engineering, information engineering, Session key, Electrical and Electronic Engineering, Data Authentication Algorithm, Password, Password policy, business.industry, 020206 networking & telecommunications, Mutual authentication, Multi-factor authentication, Computer Science Applications, Authentication protocol, Challenge–response authentication, business, computer

Abstract

In order to provide secure remote access control, a robust and efficient authentication protocol should achieve mutual authentication and session key agreement between clients and the server over public channels. Recently, Wang et al. proposed a password based authentication protocol using chaotic maps. In this paper, we demonstrate the security of their scheme, and show that Wang et al.’s scheme cannot provide session key agreement and is insecure against denial of service attack for no detecting wrong password in password change. To remedy these issues, we use the techniques of fuzzy extractor and chaotic maps to propose a three-factor remote authentication scheme. The new scheme preserves user privacy and is secure against various attacks. Detailed analysis of previous schemes in efficiency and security shows our proposed scheme is more suitable for practical application.

Published

2017

71. A novel three-party password-based authenticated key exchange protocol with user anonymity based on chaotic maps

Author

Chien-Ming Chen, Cheng-Chi Lee, Chi-Yao Weng, Chin-Ling Chen, and Chun-Ta Li

Subjects

Zero-knowledge password proof, Computer science, 02 engineering and technology, Oakley protocol, Computer security, computer.software_genre, 01 natural sciences, One-time password, Theoretical Computer Science, Password strength, S/KEY, Random oracle, 0103 physical sciences, Universal composability, 0202 electrical engineering, electronic engineering, information engineering, Session key, 010301 acoustics, Password, Password policy, Authentication, Password cracking, Authenticated Key Exchange, 020201 artificial intelligence & image processing, Geometry and Topology, computer, Software

Abstract

Three-party authenticated key exchange (3PAKE) protocol allows two communication users to authenticate each other and to establish a secure common session key with the help of a trusted remote server. Recently, Farash and Attari propose an efficient and secure 3PAKE protocol based on Chebyshev chaotic maps and their protocol is supported by the formal proof in the random oracle model. However, in this paper, we analyze the security of Farash–Attari’s protocol and show that it fails to resist password disclosure attack if the secret information stored in the server side is compromised. In addition, their protocol is insecure against user impersonation attack and the server is not aware of having caused problem. Moreover, the password change phase is insecure to identify the validity of request where insecurity in password change phase can cause offline password guessing attacks and is not easily reparable. To remove these security weaknesses, based on Chebyshev chaotic maps and quadratic residues, we further design an improved protocol for 3PAKE with user anonymity. In comparison with the existing chaotic map-based 3PAKE protocols, our proposed 3PAKE protocol is more secure with acceptable computation complexity and communication overhead.

Published

2017

72. Evaluating the effect of guidance and feedback upon password compliance

Author

Steven Furnell and Rawan Esmael

Subjects

Password, 021110 strategic, defence & security studies, Password policy, Phrase, Cognitive password, General Computer Science, Computer science, Emoji, business.industry, Internet privacy, Infographic, 0211 other engineering and technologies, 02 engineering and technology, Service provider, Computer security, computer.software_genre, Authentication (law), 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, business, Law, computer

Abstract

Despite frequent assertions that passwords are dead – and a web search for this phrase will throw up many such assertions – as well as increasing evidence of service providers moving away from them, they are currently very much with us in many contexts. Indeed, the fact that one of the first publications from the UK's newly-formed National Cyber Security Centre was a password infographic is a telling sign of where we currently are with password use and misuse. Passwords remain the most common form of authentication but continue to face various practical challenges, not least of which is getting users to make appropriate choices in the first place. Steven Furnell and Rawan Esmael of the University of Plymouth conducted a series of experiments to assess users' password creation behaviour with varying levels of support, ranging from unguided to feedback approaches using emoji-based indicators. The results reveal dramatic differences, but suggest there is still much work to be done to make passwords safe.

Published

2017

73. An enhanced dynamic ID-based authentication scheme for telecare medical information systems

Author

Sourav Mukhopadhyay, Dheerendra Mishra, and Ankita Chaturvedi

Subjects

Password, Zero-knowledge password proof, Password policy, Cognitive password, 020205 medical informatics, General Computer Science, Computer science, 02 engineering and technology, Computer security, computer.software_genre, Password based authentication, One-time password, lcsh:QA75.5-76.95, Telemedicine, S/KEY, Password strength, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Privacy, Security, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, lcsh:Electronic computers. Computer science, Smart card, Challenge–response authentication, computer

Abstract

The authentication schemes for telecare medical information systems (TMIS) try to ensure secure and authorized access. ID-based authentication schemes address secure communication, but privacy is not properly addressed. In recent times, dynamic ID-based remote user authentication schemes for TMIS have been presented to protect user’s privacy. The dynamic ID-based authentication schemes efficiently protect the user’s privacy. Unfortunately, most of the existing dynamic ID-based authentication schemes for TMIS ignore the input verifying condition. This makes login and password change phases inefficient. Inefficiency of the password change phase may lead to denial of service attack in the case of incorrect input in the password change phase. To overcome these weaknesses, we proposed a new dynamic ID-based authentication scheme using a smart card. The proposed scheme can quickly detect incorrect inputs which makes the login and password change phase efficient. We adopt the approach with the aim to protect privacy, and efficient login and password change phases. The proposed scheme also resists off-line password guessing attack and denial of service attack. We also demonstrate the validity of the proposed scheme by utilizing the widely-accepted BAN (Burrows, Abadi, and Needham) logic. In addition, our scheme is comparable in terms of the communication and computational overheads with relevant schemes for TMIS.

Published

2017

74. New Graphic Password Scheme Containing Questions-Background-Pattern and Implementation

Author

Bulganmaa Togookhuu and Junxing Zhang

Subjects

Password, 021110 strategic, defence & security studies, Password policy, User authentication, Zero-knowledge password proof, Authentication, Database, Salt (cryptography), Computer science, 0211 other engineering and technologies, Password cracking, 02 engineering and technology, computer.software_genre, Computer security, One-time password, S/KEY, Password strength, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, General Earth and Planetary Sciences, computer, General Environmental Science

Abstract

Security of authentication is needed to be provided superlatively to secure users personal and exchange information since online information exchange systems have been developed according to internet speed. Therefore, the aim of this paper is to develop existing graphical password scheme based on one's memory, create and implement a new graphical password scheme that composed of three layer verification. We programmed our scheme in order to prove its superiority comparing with existing schemes. While we conducted survey on user by accessing participant to our system lied in participants local network and we analyzed in accordance with the average length of their created password and statistical significant of entropy bit. From the survey results of total participants, we find that our scheme has statistical significant, furthermore it was proved that it can secure from a variety of attacks due to its high entropy.

Published

2017

75. Leveraging 3D Benefits for Authentication

Author

Jonathan Gurary, Ye Zhu, and Huirong Fu

Subjects

Password, Password policy, Authentication, Security analysis, Cognitive password, Alphanumeric, Computer science, 020208 electrical & electronic engineering, 05 social sciences, 02 engineering and technology, Virtual reality, Computer security, computer.software_genre, Popularity, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, 0202 electrical engineering, electronic engineering, information engineering, 0501 psychology and cognitive sciences, computer, 050107 human factors

Abstract

Devices with 3D capabilities are quickly gaining in popularity. In this paper, we propose to bring authentication into the third dimension. We define the concept of a 3D authentication scheme based on physical and psychological advantages of 3D. We implement an example of 3D authentication: 3DPass, to demonstrate the superiority of the 3D approach. Our security analysis of 3DPass demonstrates that 3DPass can exceed the password space of an 8 character alphanumeric password with just 6 choices. Our user study finds that 3DPass has superior memorability versus traditional alphanumeric passwords: 98% vs 83% recall rates after one week. We find that passwords in our scheme can be entered in 21 seconds on average when used with the Oculus Rift. We find that using the Oculus Rift improves entry time compared to a traditional 2D display, despite having no impact on presence (the feeling of “being there”) or user preference.

Published

2017

76. A Secure and Practical Authentication Scheme Using Personal Devices

Author

Tian-Yi Song, Chunqiang Hu, Dechang Chen, Xiuzhen Cheng, Abdulrahman Alhothaily, and Arwa Alrawais

Subjects

Challenge-Handshake Authentication Protocol, SSLIOP, General Computer Science, Computer science, Hash function, Email authentication, Cryptography, 02 engineering and technology, Data breach, Login, Encryption, Computer security, computer.software_genre, Authentication server, Electronic mail, S/KEY, Digital signature, Lightweight Extensible Authentication Protocol, 0202 electrical engineering, electronic engineering, information engineering, General Materials Science, Replay attack, Data Authentication Algorithm, Password, Password policy, Authentication, Cryptographic primitive, business.industry, General Engineering, one-time username, access control, 020206 networking & telecommunications, Multi-factor authentication, Chip Authentication Program, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Authentication protocol, Security, authentication, 020201 artificial intelligence & image processing, lcsh:Electrical engineering. Electronics. Nuclear engineering, Challenge–response authentication, business, computer, lcsh:TK1-9971, Computer network, Digest access authentication, Cryptographic nonce

Abstract

Authentication plays a critical role in securing any online banking system, and many banks and various services have long relied on username/password combos to verify users. Memorizing usernames and passwords for a lot of accounts becomes a cumbersome and inefficient task. Furthermore, legacy authentication methods have failed over and over, and they are not immune against a wide variety of attacks that can be launched against users, networks, or authentication servers. Over the years, data breach reports emphasize that attackers have created numerous high-tech techniques to steal users’ credentials, which can pose a serious threat. In this paper, we propose an efficient and practical user authentication scheme using personal devices that utilize different cryptographic primitives, such as encryption, digital signature, and hashing. The technique benefits from the widespread usage of ubiquitous computing and various intelligent portable and wearable devices that can enable users to execute a secure authentication protocol. Our proposed scheme does not require an authentication server to maintain static username and password tables for identifying and verifying the legitimacy of the login users. It not only is secure against password-related attacks, but also can resist replay attacks, shoulder-surfing attacks, phishing attacks, and data breach incidents.

Published

2017

77. A Secure and Robust Three-Factor Based Authentication Scheme Using RSA Cryptosystem

Author

Rifaqat Ali and Arup Kumar Pal

Subjects

Password, Password policy, 020205 medical informatics, Computer Networks and Communications, Computer science, 020206 networking & telecommunications, 02 engineering and technology, Multi-factor authentication, Computer security, computer.software_genre, One-time password, Management Information Systems, S/KEY, Authentication protocol, 0202 electrical engineering, electronic engineering, information engineering, Challenge–response authentication, computer, Data Authentication Algorithm

Abstract

In remote user authentication, a server confirms the authenticity of a user via unreliable channel. Several authentication protocols are devised in the literature relied on the identity, password and biometric of a user. But, most of the authentication protocols are either computationally expensive or not-secure from several kinds of malicious threats. In this document, the authors have suggested a secure and robust three-factor (such as password, smartcard and biometric) based authentication scheme by using RSA cryptosystem. The proposed protocol is validated through BAN logic. Then, formal security analysis using random oracle model shows that the identity, password, biometric and session key are highly secure from an adversary. Besides, the informal security analysis of our protocol proves that it withstands to several kinds of malicious attacks. In addition, performance comparison of presented scheme with respect to other schemes is comparatively suitable in the context of communication and computation costs.

Published

2017

78. Inhibiting and Detecting Offline Password Cracking Using ErsatzPasswords

Author

Mikhail J. Atallah, Eugene H. Spafford, Mohammed H. Almeshekah, Gutierrez Christopher, and Jeff Avery

Subjects

Password, Password policy, Cognitive password, General Computer Science, Computer science, business.industry, Password cracking, Computer security, computer.software_genre, One-time password, S/KEY, Password strength, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Syskey, Safety, Risk, Reliability and Quality, business, computer, Computer network

Abstract

In this work, we present a simple, yet effective and practical scheme to improve the security of stored password hashes, increasing the difficulty to crack passwords and exposing cracking attempts. We utilize a hardware-dependent function (HDF), such as a physically unclonable function (PUF) or a hardware security module (HSM), at the authentication server to inhibit offline password discovery. Additionally, a deception mechanism is incorporated to alert administrators of cracking attempts. Using an HDF to generate password hashes hinders attackers from recovering the true passwords without constant access to the HDF. Our scheme can integrate with legacy systems without needing additional servers, changing the structure of the hashed password file, nor modifying client machines. When using our scheme, the structure of the hashed passwords file, e.g., etc/shadow or etc/master.passwd , will appear no different than traditional hashed password files. 1 However, when attackers exfiltrate the hashed password file and attempt to crack it, the passwords they will receive are ErsatzPasswords—“fake passwords.” The ErsatzPasswords scheme is flexible by design, enabling it to be integrated into existing authentication systems without changes to user experience. The proposed scheme is integrated into the pam_unix module as well as two client/server authentication schemes: Lightweight Directory Access Protocol (LDAP) authentication and the Pythia pseudorandom function (PRF) Service [Everspaugh et al. 2015]. The core library to support ErsatzPasswords written in C and Python consists of 255 and 103 lines of code, respectively. The integration of ErsatzPasswords into each explored authentication system required less than 100 lines of additional code. Experimental evaluation of ErsatzPasswords shows an increase in authentication latency on the order of 100ms, which maybe acceptable for real world systems. We also describe a framework for implementing ErsatzPasswords using a Trusted Platform Module (TPM).

Published

2016

79. An image edge based approach for image password encryption

Author

N. K. Sreelaja and N. K. Sreeja

Subjects

Password, Password policy, Cognitive password, Computer Networks and Communications, Computer science, Password cracking, 020207 software engineering, 02 engineering and technology, Computer security, computer.software_genre, One-time password, Password strength, S/KEY, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Password psychology, computer, Information Systems

Abstract

Authentication plays a major role in ensuring the security of the system by allowing only the authorized user. The traditional authentication system of using text-based passwords has many flaws in the aspects of usability and security issues. Hence, graphical passwords, which consist of clicking or dragging activities on the pictures rather than typing textual characters, were introduced to overcome this problem. However, it is found that these graphical passwords are susceptible to brute force and dictionary attack methods. To overcome this drawback, images can be used as password replacing alphanumeric and graphical passwords. The challenge lies in encrypting the image password and storing it in the database. An image edge password encryption (IEPE) algorithm is proposed to encrypt the image passwords based on its edge values. Experimental results are shown to prove that encrypted image passwords using IEPE algorithm requires a less internal storage space when compared with the existing password encryption techniques. It is also shown that IEPE algorithm scales better when compared with the existing text-based and graphical password authentication methods. Also, IEPE algorithm is shown to resist various password cryptanalytic attacks. Copyright © 2017 John Wiley & Sons, Ltd.

Published

2016

80. Performance analysis and evaluation of secure password persuasive cued click points

Author

Atish Dipakbhai Nayak and Rajesh Bansode

Subjects

Password, 021110 strategic, defence & security studies, Zero-knowledge password proof, Password policy, General Computer Science, Computer science, 0211 other engineering and technologies, 02 engineering and technology, Login, Computer security, computer.software_genre, One-time password, Theoretical Computer Science, S/KEY, Password strength, Shoulder surfing, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, computer

Abstract

Purpose The purpose of this paper is to increase security using persuasive cued click points (PCCP) techniques and to make a system to provide security from the malware, key loggers and attacks. Design/methodology/approach The work methodology comprises two major phases. In phase one, the PCCP take place with the registration and login process done. It also includes text-based password which hides the character of password to protect from shoulder surfing attack. In phase two, the work includes background services which protect from key loggers. Findings Secure password persuasive cued click point (SPPCCP) is a module that facilitates authentication for the desktop-based applications and provides a single-machine licensing functionality. SPPCCP comprises little functionality to thwart attackers, such as persuasive click points with password protection. The techniques to protect against malware such as resist from debuggers and also to the key loggers that run on desktop computers. In this, Spearman rank correlation is used for detection of key loggers. There are functionalities used to secure desktop applications such as time constraint and user selection. Originality/value The contribution of this paper is to provide knowledge in the field of security. It makes the graphical password more secure and useful. The intention behind this research was to increase the security level up to 60-80 per cent. It is also used for prevention of shoulder surfing problem till 80 per cent; this research is also operated on key loggers, and SPPCCP finds the key loggers and removes it from the system. It also decrypts the data of database by encrypting it by SHA-512 algorithm and reduces the average login time up to 20-30 per cent; it will make a smaller view port of 33.5 × 33.5 pixel square to have more choice to select the password, thereby decreasing the probability of hotspot area up to 18-20 per cent.

Published

2016

81. Through the looking glass: helping patrons manage passwords and protect their digital identities

Author

Peter Fernandez

Subjects

Password, Value (ethics), Password policy, business.industry, media_common.quotation_subject, 05 social sciences, Internet privacy, 050301 education, 050801 communication & media studies, Library and Information Sciences, Computer security, computer.software_genre, Security Measure, Column (database), 0508 media and communications, Originality, business, Set (psychology), 0503 education, computer, Personally identifiable information, Information Systems, media_common

Abstract

Purpose This paper aims to present reports of widespread security breaches that reveal the personal information and passwords of thousands, or even millions, of people that are now unfortunately commonplace. Design/methodology/approach In an increasingly digital world, often the only thing protecting an individual’s information is a password or other similar security measure. Findings Libraries have an important role to play in confronting this issue, both as mediators of digital literacies and as organizations that typically require passwords from their patrons. Social implications In addition to providing access to services through passwords, libraries set their own policies. Originality/value This column will explore the evolving technological landscape and review tools libraries can use to help patrons keep their information safe.

Published

2016

82. Encouraging users to improve password security and memorability

Author

Merve Yildirim and Ian Mackie

Subjects

Password, 021110 strategic, defence & security studies, Password policy, Computer Networks and Communications, business.industry, computer.internet_protocol, Computer science, Control (management), 0211 other engineering and technologies, Human memory, Cryptography, Usability, 02 engineering and technology, Computer security, computer.software_genre, Password strength, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Password authentication protocol, Safety, Risk, Reliability and Quality, business, computer, Software, Information Systems

Abstract

Security issues in text-based password authentication are rarely caused by technical issues, but rather by the limitations of human memory, and human perceptions together with their consequential responses. This study introduces a new user-friendly guideline approach to password creation, including persuasive messages that motivate and influence users to select more secure and memorable text passwords without overburdening their memory. From a broad understanding of human factors-caused security problems, we offer a reliable solution by encouraging users to create their own formula to compose passwords. A study has been conducted to evaluate the efficiency of the proposed password guidelines. Its results suggest that the password creation methods and persuasive message provided to users convinced them to create cryptographically strong and memorable passwords. Participants were divided into two groups in the study. The participants in the experimental group who were given several password creation methods along with a persuasive message created more secure and memorable passwords than the participants in the control group who were asked to comply with the usual strict password creation rules. The study also suggests that our password creation methods are much more efficient than strict password policy rules. The security and usability evaluation of the proposed password guideline showed that simple improvements such as adding persuasive text to the usual password guidelines consisting of several password restriction rules make significant changes to the strength and memorability of passwords. The proposed password guidelines are a low-cost solution to the problem of improving the security and usability of text-based passwords.

Published

2019

83. Compromised user credentials detection in a digital enterprise using behavioral analytics

Author

Adnan Amin, Francis Chow, Babar Shah, Sajid Anwar, Saleh Shah, Feras N. Al-Obeidat, and Fernando Moreira

Subjects

Compromised user detection, Computer Networks and Communications, Computer science, Prudence analysis, Mobile computing, Data security, 02 engineering and technology, Encryption, Computer security, computer.software_genre, 0202 electrical engineering, electronic engineering, information engineering, Behavioral analytics, Knowledge-base system, Risk management, Password policy, Authentication, business.industry, Compromised activities detection, Authorization, Digital transformation, 020206 networking & telecommunications, Cluster-level pattern, Hardware and Architecture, Key (cryptography), 020201 artificial intelligence & image processing, business, computer, Software

Abstract

In today’s digital age, the digital transformation is necessary for almost every competitive enterprise in terms of having access to the best resources and ensuring customer satisfaction. However, due to such rewards, these enterprises are facing key concerns around the risk of next-generation data security or cybercrime which is continually increasing issue due to the digital transformation four essential pillars—cloud computing, big data analytics, social and mobile computing. Data transformation-driven enterprises should ready to handle this next-generation data security problem, in particular, the compromised user credential (CUC). When an intruder or cybercriminal develops trust relationships as a legitimate account holder and then gain privileged access to the system for misuse. Many state-of-the-art risk mitigation tools are being developed, such as encrypted and secure password policy, authentication, and authorization mechanism. However, the CUC has become more complex and increasingly critical to the digital transformation process of the enterprise’s database by a cybercriminal, we propose a novel technique that effectively detects CUC at the enterprise-level. The proposed technique is learning from the user’s behavior and builds a knowledge base system (KBS) which observe changes in the user’s operational behavior. For that reason, a series of experiments were carried out on the dataset that collected from a sensitive database. All empirical results are validated through well-known evaluation measures, such as (i) accuracy, (ii) sensitivity, (iii) specificity, (iv) prudence accuracy, (v) precision, (vi) f-measure, and (vii) error rate. The experiments show that the proposed approach obtained weighted accuracy up to 99% and overall error of about 1%. The results clearly demonstrate that the proposed model efficiently can detect CUC which may keep an organization safe from major damage in data through cyber-attacks.

Published

2019

84. Password Policies Adopted by South African Organizations: Influential Factors and Weaknesses

Author

Stephen Flowerday and Pardon Blessings Maoneke

Subjects

Password, 021110 strategic, defence & security studies, Password policy, Software_OPERATINGSYSTEMS, Computer science, business.industry, Internet privacy, 0211 other engineering and technologies, Global South, Usability, 02 engineering and technology, Password strength, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, business, Strengths and weaknesses

Abstract

Organizations worldwide are revisiting the design of their password policies. This is partly motivated by the security and usability limitations of user-generated passwords. While research on password policies has been ongoing, this has taken place in the Global North. Accordingly, little is known about the strengths and weaknesses of password policies deployed in the Global South, especially Africa. As such, this study researched password policies deployed on South African websites. Password policies of thirty frequently visited websites belonging to South African organizations were analyzed. Our observations show diverse password requirements. Even though the desire for strong passwords is the dominant motivator of complex password policies, South African organizations often adopt obsolete measures for attaining password security. The ten most common passwords in the literature were considered acceptable on most sites. In addition, some sites did not explicitly display password requirements and only a few sites adopted measures for providing real-time feedback and effective guidance during password generation.

Published

2019

85. Where does the authorities passwordpolicys come from? : A qualtivative study about their origins

Author

Naess, Andreas

Subjects

Expert organizations, Password policy, Computer and Information Sciences, Riktlinjer, Myndigheter, Lösenordspolicy, Authorities, Data- och informationsvetenskap, Guidelines, Passwords, Expertorganisationer, Lösenord

Abstract

Samhället blir mer digitaliserat och fler människor kopplar upp sig mot Internet. Detta innebär att många arbetsuppgifter som hanterar känsliga uppgifter nu utförs på datorer. Det finns även många tjänster som kräver personligauppgifter för att registrera sig och kontouppgifter för att beställa varor eller prenumerera till tjänsten. Denna information är av intresse för brottslingar som kan använda denna för att tjäna pengar. Som en konsekvens av detta har användningen av lösenord ökat och för att försäkra att starka lösenord skapas följs riktlinjer. Dessa lösenordsriktlinjer skapas och sprids ofta utav myndigheter och andra expertorganisationer. Dock saknar de källor för var riktlinjerna kommer ifrån och en förklarning för hur de skapades. För att belysa detta ämnar studien att eftersöka riktlinjernas ursprung och vad dessa baserades på. Detta är en kvalitativ studie där intervjuer gjorts med informationssäkerhetspecialister från tre myndigheter och en expertorganisation. För att bearbeta data från dessa intervjuer har en tematisk analys utförts för att identifiera de olika källorna som använts vid skapandet av riktlinjerna. Studiens resultat visar att motivationen för riktlinjerna varierar mellan organisationerna. Detta kan observeras genom skillnader i deras målgrupp och fokus. Det har även visat sig att det inte finns några studier att hänvisa till. Dock är ett genomgående mönster att källorna för riktlinjerna ofta verkar vara baserade på de anställdas erfarenheter och expertis. Förutom detta tas inspiration för riktlinjerna från organisationer som NIST. Society is getting more digitalized and more people are connecting to the Internet. This means that a lot of work that handles sensitive information is now done using computers. There is also a lot of services that requires personal information for registration and bank account information to order wares or subscribe to the service. This information is of interest to criminal who can use it to make money. Because of this the use of passwords has increased and to make sure that strong passwords are created guidelines are adhered to. The password guidelines are created and spread by authorities and expert organizations. However, there are no sources for where the guidelines came from or an explanation for how they were made. To shine a light on this, the study aims to explain the guidelines origins and what they were based on. This is a qualitative study where interviews were done with information security specialists from three governmental bodies and one expert organization. After the interviews were completed and data collected, they were analyzed using thematic analysis to identify the sources that were used during the creation of the guidelines. The study’s results show that the motivation for the guidelines vary. This can be observed through the differences in target group and focus. It also appears like there are no studies which could be referred to. Although there is a consistent pattern that the sources for the guidelines often seems to be based on the experiences and expertise of their employees. Except for this, inspiration is also drawn from organizations such as NIST.

Published

2019

86. A Multi-Tier Security Analysis of Official Car Management Apps for Android

Author

Georgios Kambourakis, Vasileios Kouliaridis, and Efstratios Chatzoglou

Subjects

vulnerability assessment, Security analysis, Computer Networks and Communications, BitTorrent tracker, Computer science, Process (engineering), smart cars, Automotive industry, security, 02 engineering and technology, privacy, Computer security, computer.software_genre, Software, Android, Vulnerability assessment, 0202 electrical engineering, electronic engineering, information engineering, Android (operating system), Password policy, lcsh:T58.5-58.64, lcsh:Information technology, business.industry, 020206 networking & telecommunications, 020207 software engineering, static analysis, dynamic analysis, digital automotive services, business, computer

Abstract

Using automotive smartphone applications (apps) provided by car manufacturers may offer numerous advantages to the vehicle owner, including improved safety, fuel efficiency, anytime monitoring of vehicle data, and timely over-the-air delivery of software updates. On the other hand, the continuous tracking of the vehicle data by such apps may also pose a risk to the car owner, if, say, sensitive pieces of information are leaked to third parties or the app is vulnerable to attacks. This work contributes the first to our knowledge full-fledged security assessment of all the official single-vehicle management apps offered by major car manufacturers who operate in Europe. The apps are scrutinised statically with the purpose of not only identifying surfeits, say, in terms of the permissions requested, but also from a vulnerability assessment viewpoint. On top of that, we run each app to identify possible weak security practices in the owner-to-app registration process. The results reveal a multitude of issues, ranging from an over-claim of sensitive permissions and the use of possibly privacy-invasive API calls, to numerous potentially exploitable CWE and CVE-identified weaknesses and vulnerabilities, the, in some cases, excessive employment of third-party trackers, and a number of other flaws related to the use of third-party software libraries, unsanitised input, and weak user password policies, to mention just a few.

Published

2021

87. An Investigation of the Psychology of Password Replacement by Email Users

Author

Se Hun Lim

Subjects

Password, Password policy, Cognitive password, Computer science, business.industry, 05 social sciences, Internet privacy, One-time password, World Wide Web, 0502 economics and business, 050211 marketing, business, Password psychology, 050203 business & management

Published

2016

88. Leveraging autobiographical memory for two-factor online authentication

Author

Mahdi Nasrullah Al-Ameen, S. M. Taiabul Haque, and Matthew Wright

Subjects

Password, Password policy, Authentication, Information Systems and Management, Computer Networks and Communications, Computer science, 05 social sciences, 02 engineering and technology, Multi-factor authentication, Computer security, computer.software_genre, 050105 experimental psychology, Chip Authentication Program, Management Information Systems, 020204 information systems, Management of Technology and Innovation, Authentication protocol, Lightweight Extensible Authentication Protocol, 0202 electrical engineering, electronic engineering, information engineering, 0501 psychology and cognitive sciences, Challenge–response authentication, computer, Software, Information Systems

Abstract

Purpose Two-factor authentication is being implemented more broadly to improve security against phishing, shoulder surfing, keyloggers and password guessing attacks. Although passwords serve as the first authentication factor, a common approach to implementing the second factor is sending a one-time code, either via e-mail or text message. The prevalence of smartphones, however, creates security risks in which a stolen phone leads to user’s accounts being accessed. Physical tokens such as RSA’s SecurID create extra burdens for users and cannot be used on many accounts at once. This study aims to improve the usability and security for two-factor online authentication. Design/methodology/approach The authors propose a novel second authentication factor that, similar to passwords, is also based on something the user knows but operates similarly to a one-time code for security purposes. The authors design this component to provide higher security guarantee with minimal memory burden and does not require any additional communication channels or hardware. Motivated by psychology research, the authors leverage users’ autobiographical memory in a novel way to create a secure and memorable component for two-factor authentication. Findings In a multi-session lab study, all of the participants were able to log in successfully on the first attempt after a one-week delay from registration and reported satisfaction on the usability of the scheme. Originality/value The results indicate that the proposed approach to leverage autobiographical memory is a promising direction for further research on second authentication factor based on something the user knows.

Published

2016

89. Graphical Passwords: Requisite for Secure Information Systems

Author

Mohd Rosmadi Mokhtar, Kashif Abbasi, and Abdullah Mohd Zin

Subjects

Password, Password policy, User authentication, Health (social science), General Computer Science, Computer science, General Mathematics, General Engineering, Information security, Computer security, computer.software_genre, Education, World Wide Web, General Energy, Information system, computer, General Environmental Science

Published

2016

90. Multilevel Authentication Scheme for Cloud Computing

Author

Adil Yousif, Mohammed Bakri Bashir, and Sara Alfatih Adam

Subjects

Password, Password policy, Cloud computing security, General Computer Science, Computer science, business.industry, 020208 electrical & electronic engineering, 05 social sciences, 02 engineering and technology, Computer security, computer.software_genre, One-time password, S/KEY, Password strength, 0502 economics and business, 0202 electrical engineering, electronic engineering, information engineering, Cloud database, 050207 economics, Challenge–response authentication, business, computer, Computer network

Abstract

Cloud Computing is a new technology that allows access to applications as utilities over the internet. Cloud computing environment provides a great flexibility and availability of computing resources at a lower cost. However, it brings new security concerns mainly when users understand exactly how a process is running. One of the main important challenges in cloud computing is data security, as users need to access data they share securely. So the main problem is how to employ an effective authentication procedure for ensuring data security and preventing unauthorized users to access the authorized user’s data. This paper identifies the security issues of single level authentication and the problem of single password. This study proposed a new security mechanism for cloud computing based on multilevel authentication. The proposed scheme aimed to enhance the security and authentication process in cloud computing. The proposed scheme consists of three level of authentication, and the data will be splitting on this level depending on the sensitivity to confidential (C), secret (S), and top secret (TS). Data at level (C) have the lowest sensitivity. The user at this level has single textual password to access this level data. The user at level (S) has two passwords, textual and biometrics password to access this level and the lower level. User at level (TS) has three password textual, biometrics password and image sequencing password. The data at this level is the more sensitive data so it is encrypted using RSA algorithm before storing in cloud database. The results of the proposed multilevel authentication for cloud computing were promising.

Published

2016

91. Utilizing Keystroke Dynamics as an Additional Security Measure to Password Security in Computer Web-based Applications - A Case Study of UEW

Author

Osei Boakye Michael and Yaw Marfo Missah

Subjects

Password, Password policy, Authentication, Biometrics, business.industry, Computer science, Web application security, Computer security, computer.software_genre, Password strength, Keystroke dynamics, Benchmark (computing), Web application, business, computer

Abstract

Keystroke Dynamics is one of the well-known and economical behavioral biometric developments that attempt to recognize the genuineness of a client when the client invokes his keystrokes from a computer keyboard. The keystrokes pattern helps to determine the typing behaviour of users of the system thus serves as the benchmark for identity verification. This paper displays the use of biometrics to augment traditional passwords security in computer web-based application systems. The system was evaluated base on these criteria; authenticating legitimate user against imposter user and a guess imposter user of the system. Also, evaluation of character timings was performed to know the best combination of strings to use in setting passwords in systems where keystroke dynamics would be applied in order to achieve high efficiency. This study concludes that the use of keystrokes dynamics in augmenting password security in computer web-based applications should be embraced. General Terms Keystroke dynamics web-based application.

Published

2016

92. What’s a Special Character Anyway? Effects of Ambiguous Terminology in Password Rules

Author

Kristen Greene and Yee-Yin Choong

Subjects

Password, Password policy, Cognitive password, Character (computing), business.industry, Computer science, Usability, Terminology, Medical Terminology, World Wide Web, Comprehension, User experience design, business, Medical Assisting and Transcription

Abstract

Although many aspects of passwords have been studied, no research to date has systematically examined how ambiguous terminology affects the user experience during password rule comprehension, a necessary precursor to password generation. Our research begins to address this gap by focusing on users’ comprehension of password generation rules. Varying terms—special characters, symbols, non-alphanumeric characters, and punctuation—are used in different password rules, but mostly without explicit definition. In this laboratory study, we used character-selection and compliance-checking tasks with 60 participants to investigate effects of varying terms on users’ password rule comprehension. Results show that manipulating terminology caused participants’ interpretation of the allowed character space to shrink or expand. Our quantitative and qualitative data show that participants were extremely confused by the variety of terms for “special character.” Seemingly small changes in language have large, observable impacts on users’ understanding of password rules. Language in password requirements must be carefully constructed to ensure that users fully comprehend the allowable character space. This research is an important first step to providing data-driven guidance on constructing clearer language for password rules.

Published

2016

93. An Exploration of Geographic Authentication Schemes

Author

Brent MacRae, Julie Thorpe, and Amirali Salehi-Abari

Subjects

Password, Authentication, Password policy, Cognitive password, Computer Networks and Communications, business.industry, Computer science, 05 social sciences, 020207 software engineering, Usability, 02 engineering and technology, One-time password, World Wide Web, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, 0202 electrical engineering, electronic engineering, information engineering, 0501 psychology and cognitive sciences, Safety, Risk, Reliability and Quality, business, 050107 human factors

Abstract

We design and explore the usability and security of two geographic authentication schemes: GeoPass and GeoPassNotes. GeoPass requires users to choose a place on a digital map to authenticate with (a location password). GeoPassNotes—an extension of GeoPass—requires users to annotate their location password with a sequence of words that they can associate with the location (an annotated location password). In GeoPassNotes, users are authenticated by correctly entering both a location and an annotation. We conducted user studies to test the usability and assess the security of location passwords and annotated location passwords. The results indicate that both the variants are highly memorable, and that annotated location passwords may be more advantageous than location passwords alone due to their increased security and the minimal usability impact introduced by the annotation.

Published

2016

94. Password Entry Times for Recognition-based Graphical Passwords

Author

Marshall Masingale, Steffen Werner, and Christopher Hauck

Subjects

Password, Sequence, Password policy, Authentication, Cognitive password, Computer science, 05 social sciences, 02 engineering and technology, Computer security, computer.software_genre, S/KEY, Medical Terminology, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Human–computer interaction, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, 0501 psychology and cognitive sciences, computer, Password psychology, 050107 human factors, Medical Assisting and Transcription, Gesture

Abstract

Graphical passwords offer a more memorable alternative to traditional, text-based passwords. Among current contenders, cued-recall based click-point or gesture centered authentication systems like Microsoft’s picture gesture authentication (PGA) have been commercially more successful than recognition based systems (e.g., PassFaces). One perceived drawback of graphical authentication systems in general and especially recognition based authentication is the assumption that graphical authentication is slower and thus less user-friendly than traditional password entry via keyboard. This paper addresses these concerns and demonstrates a lower limit for recognition-based password entry times achievable with sufficient practice. While slightly slower than traditional keyboard based passwords, the entry speed of often-used graphical passwords is shown to reach 10 bits/s in an optimized configuration, which is sufficient for everyday use (3-6s per authentication sequence @ 36 bits) and exceeds the reported speed of similarly secure text-based passwords on non-traditional devices using virtual keyboards.

Published

2016

95. A Case Study of Password Usage for Domestic Users

Author

Taekyoung Kwon and Seungyeon Kim

Subjects

Password, Password policy, Cognitive password, business.industry, Computer science, Salt (cryptography), Internet privacy, 02 engineering and technology, Computer security, computer.software_genre, One-time password, S/KEY, Password strength, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Microsoft Office password protection, 020201 artificial intelligence & image processing, business, computer

Published

2016

96. Enhancing Authentication Schemes for Multi-Level Graphical Password in Cloud Environment

Author

Amanpreet Kaur and Ramandeep Kaur

Subjects

Password, Password policy, Computer science, 05 social sciences, 050801 communication & media studies, 02 engineering and technology, General Medicine, computer.software_genre, Computer security, One-time password, S/KEY, Password strength, 0508 media and communications, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), 020201 artificial intelligence & image processing, Graphical model, Data mining, Challenge–response authentication, computer

Abstract

The graphical password patterns are in the rising trend in world with the abundance of the touch screen devices. A variety of touch screen devices are present for the users such as mobile phones, tables, touch-enabled laptops, touchenabled notebooks, etc. The graphical password has evolved with the invention of the touch-screen devices. The popular graphical schemes known as Pass-Go Pattern, Pass-point pattern and other similar schemes has been studied for the development of the new graphical password scheme. The existing models based upon pass-go and pass-point model stays as the basic model for our research for the development of the effective and secure graphical password scheme. It becomes difficult to input the alphanumeric passwords on the touch screens. The alphanumeric input lacks the high order accuracy as well as requires more focus to input the password. Most of the popular schemes have used the 3x3, 3x4 or 4x3 point-grid method for prompting the patterns to the users. The clue-point method is another popular method to display the graphical grid for the password input. In the proposed graphical model, graphical authentication model based upon the images has been aimed at to resolve the issues persisting in the existing models. In this model, the shuffling pattern based method has been used for the mitigation of the shoulder surfing attacks. The shuffling pattern scheme changes the primary display for password input every-time, which also restructure the input grid to overcome the threat caused by the shoulder surfing attacks.The proposed model has been designed to offer the robust graphical password scheme with the face images randomly collected by the users. The random point module for the visualization of the password input module plays the key role in the proposed graphical password scheme. The proposed model is a circular point model where the points are placed on the circle and the images are drawn on the given points. The user has to input the graphical pattern by joining the images with each other in the certain sequence. The proposed model requires less focus and highly accurate and easy to use. The experimental results have been evaluated in the factors associated with the study of the usability, memorabiltiy and difficulty in password creation. The proposed model has been compared against the existing models on the basis of the latter factors, where the proposed model has outperformed the existing models.

Published

2016

97. User practice in password security: An empirical study of real-life passwords in the wild

Author

Gengshan Yang, Haodi Xu, Xiaohong Guan, Chao Shen, and Tianwen Yu

Subjects

Password, Password policy, Software_OPERATINGSYSTEMS, Cognitive password, General Computer Science, Computer science, business.industry, Internet privacy, 02 engineering and technology, Computer security, computer.software_genre, Login, Security awareness, One-time password, Password strength, S/KEY, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, Law, computer, Password psychology

Abstract

Due to increasing security awareness of password from the public and little attention on the characteristics of real-life passwords, it is thus natural to understand the current state of characteristics of real-life passwords, and to explore how password characteristics change over time and how earlier password practice is understood in current context. In this work, we attempt to present an in-depth and comprehensive understanding of user practice in real-life passwords, and to see whether the previous observations can be confirmed or reversed, based on large-scale measurements rather than anecdotal knowledge or user surveys. Specifically, we measure password characteristics on over 6 million passwords, in terms of password length, password composition, and password selection. We then make informed comparisons of the findings between our investigation and previously reported results. Our general findings include: (1) average password length is at least 12% longer than previous results, and 75% of our passwords have the length between 8 and 10 characters; (2) there is a significant increase of using only numbers as passwords, and easy-to-reach symbols are always the first choice when users added symbols into passwords; (3) there observes a remarkable increase (about 40%) of using combo-meaningful data as passwords, and a striking proportion of using the most common passwords or login names as passwords. Our investigation also includes collecting statistics about the use of symbols, letter-case, and meaningful details, which presents a systematic analysis of password usage. The comparative results indicate that the password characteristics and password practice on this massive password data set are somewhat inconsistent with those from anecdotal knowledge and user surveys, and exhibit a substantial change over time in some ways. Further research needs to build upon this understanding for gaining insight into how password security can be improved.

Published

2016

98. Password Security: An Analysis of Password Strengths and Vulnerabilities

Author

Katha Chanda

Subjects

Zero-knowledge password proof, Computer Networks and Communications, Computer science, Internet privacy, 02 engineering and technology, Computer security, computer.software_genre, 01 natural sciences, One-time password, S/KEY, Password strength, 0202 electrical engineering, electronic engineering, information engineering, Password psychology, Password, Password policy, Cognitive password, business.industry, Applied Mathematics, 010401 analytical chemistry, 0104 chemical sciences, Computer Science Applications, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, 020201 artificial intelligence & image processing, business, Safety Research, computer, Software, Information Systems

Abstract

Passwords can be used to gain access to specific data, an account, a computer system or a protected space. A single user may have multiple accounts that are protected by passwords. Research shows that users tend to keep same or similar passwords for different accounts with little differences. Once a single password becomes known, a number of accounts can be compromised. This paper deals with password security, a close look at what goes into making a password strong and the difficulty involved in breaking a password. The following sections discuss related work and prove graphically and mathematically the different aspects of password securities, overlooked vulnerabilities and the importance of passwords that are widely ignored. This work describes tests that were carried out to evaluate the resistance of passwords of varying strength against brute force attacks. It also discusses overlooked parameters such as entropy and how it ties in to password strength. This work also discusses the password composition enforcement of different popular websites and then presents a system designed to provide an adaptive and effective measure of password strength. This paper contributes toward minimizing the risk posed by those seeking to expose sensitive digital data. It provides solutions for making password breaking more difficult as well as convinces users to choose and set hard-to-break passwords.

Published

2016

99. Dual Layer Secured Password Manager using Blowfish and LSB

Author

Mukesh Ramrakhyani, Sonal Shroff, Bunty Manchundiya, and Raaj Ahuja

Subjects

Password, Zero-knowledge password proof, Password policy, Cognitive password, Blowfish, business.industry, Computer science, ComputingMethodologies_IMAGEPROCESSINGANDCOMPUTERVISION, Password cracking, Cryptography, Encryption, Computer security, computer.software_genre, Login, One-time password, S/KEY, Password strength, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Email address, Cipher, business, computer, Computer network

Abstract

Today’s era is the era of Smart phones. Smart phones are continually becoming smaller, more powerful and can perform variety of tasks. The data generated by these devices need to be stored and accessed securely. One example of such sensitive data is password. Computer users are increasingly using password for online accounts, email servers, ecommerce sites, financial services and social media websites and it is always advisable that passwords should be complex and reuse of passwords should be avoided. Therefore this leads to a challenge of remembering several complex passwords for various applications, something an average human being is not very good at. In this paper, a Password Manager, an Android Application is proposed. This password manager takes login credentials (Email Address & Password) as input from user which is then being encrypted using Blowfish algorithm and finally the cipher is stored inside an image selected by user using LSB (least Significant Bit) Technique. A typical password manager uses database to store all login credentials but our proposed approach replaces database with image and stores all login credentials inside an image and in turn providing dual layer security of data that uses combination of both cryptography and steganography in which first layer is to scramble information using Blowfish Algorithm and second layer is insertion of scramble information inside an Image using least significant approach (LSB). Finally, performance analysis of cover-image and stego-image shows that image quality is preserved in terms of MSE and PSNR

Published

2016

100. IMPROVING DATA ACCESS SECURITY BY SERVER-SIDE FUNCTIONAL EXTENSIONS

Author

Dariusz Draganek and Marek Milosz

Subjects

Technology, password policy, Computer access control, Computer science, access time control, 0211 other engineering and technologies, Manufactures, Data security, Access control, 02 engineering and technology, security, Computer security, computer.software_genre, Environmental technology. Sanitary engineering, TS1-2301, data access, Distributed System Security Architecture, 0202 electrical engineering, electronic engineering, information engineering, TJ1-1570, Mechanical engineering and machinery, TD1-1066, 021110 strategic, defence & security studies, Cloud computing security, business.industry, General Medicine, Computer security model, Engineering (General). Civil engineering (General), Security service, Network Access Control, 020201 artificial intelligence & image processing, TA1-2040, business, computer

Abstract

All Database Management Systems used in the industry provide secure access to data at the server level. The level of security is influenced by technology, security model, password encryption method, password strength and others. The human factor – unreasonable behaviour of users – also has a significant impact on safety. Developers of database applications often implement their security policy by limiting the risk caused by users. This implementation has a disadvantage – it does not work outside of the application. A large number and variety of applications that work with the database server may then create a security gap. The paper presents the authors’ extensions of the functional features implemented in the Oracle database server, increasing the security of data access. The implemented methods of controlling the time of user access to data and limiting the use of serial and modular passwords are also discussed.

Published

2016