Search

Your search keyword '"Password policy"' showing total 1,597 results
Start Over Descriptor "Password policy"
1,597 results on '"Password policy"'

251. Sweet-spotting security and usability for intelligent graphical authentication mechanisms

Author

Christina Katsini, Marios Belk, Nikolaos Avouris, Christos Fidas, Andreas Pamboris, and George Samaras

Subjects
Password policy, business.industry, Computer science, 05 social sciences, Usability inspection, 020207 software engineering, Usability, 02 engineering and technology, Usability lab, World Wide Web, Usability engineering, 0202 electrical engineering, electronic engineering, information engineering, Human-computer interaction in information security, 0501 psychology and cognitive sciences, User interface, business, Web usability, 050107 human factors
Abstract

This paper investigates the trade-off between security and usability in recognition-based graphical authentication mechanisms. Through a user study (N=103) based on a real usage scenario, it draws insights about the security strength and memorability of a chosen password with respect to the amount of images presented to users during sign-up. In particular, it reveals the users' predisposition in following predictable patterns when selecting graphical passwords, and its effect on practical security strength. It also demonstrates that a "sweet-spot" exists between security and usability in graphical authentication approaches on the basis of adjusting accordingly the image grid size presented to users when creating passwords. The results of the study can be leveraged by researchers and practitioners engaged in designing intelligent graphical authentication user interfaces for striking an appropriate balance between security and usability.

Published
2017
Full Text
View/download PDF

252. So Much Promise, So Little Use: What is Stopping Home End-Users from Using Password Manager Applications?

Author

Thomas Mattson, Lori N. K. Leonard, and Salvatore Aurigemma

Subjects
Password policy, Cognitive password, Password manager, business.industry, End user, 05 social sciences, Internet privacy, 02 engineering and technology, Computer security, computer.software_genre, 020204 information systems, 0502 economics and business, 0202 electrical engineering, electronic engineering, information engineering, 050211 marketing, business, Psychology, computer
Published
2017

253. Using Context-Based Password Strength Meter to Nudge Users' Password Generating Behavior: A Randomized Experiment

Author

Ninghui Li, Warut Khern-am-nuai, and Weining Yang

Subjects
Password, Password policy, Zero-knowledge password proof, Software_OPERATINGSYSTEMS, Cognitive password, business.industry, Computer science, 05 social sciences, Internet privacy, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, One-time password, Password strength, S/KEY, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, 0502 economics and business, 0202 electrical engineering, electronic engineering, information engineering, business, computer, Password psychology, 050203 business & management
Abstract

Encouraging users to create stronger passwords has always been one of the key issues in password-based authentication. It is particularly important as passwords are still the most common user authentication method. Furthermore, prior works have highlighted that most passwords are significantly weak. In this paper, we seek to mitigate such an issue by proposing a context-based password strength meter and investigating its effectiveness on users' password generating behavior. We conduct a randomized experiment on Amazon MTurk involving hypothetical account creating scenarios. We observe the change in users' behavior in terms of the number of occasions where users change their password after seeing the warning message, the number of occasions where users want to learn more about creating stronger passwords, and the changes in password strength. We find that our proposed password strength meter is significantly effective. Users exposed to our password strength meter are more likely to change their password, and those new passwords are stronger. Furthermore, if the information is readily available, users are willing to invest their time to learn about creating a stronger password, even in a traditional password strength meter setting. Our findings suggest that simply incorporating a contextual information to password strength meters could be one of potential methods in promoting secure behaviors among end users.

Published
2017

254. Password Correction and Confidential Information Access System

Author

Martin Tomlinson, Cen Jung Tjhai, Marcel A. Ambroze, Mohammed Ahmed, and Mubarak Jibril

Subjects
Password, Password policy, Theoretical computer science, Computer science, Galois theory, Computer security, computer.software_genre, One-time password, Password strength, S/KEY, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Rainbow table, Error detection and correction, computer
Abstract

This chapter considers the use of Reed–Solomon codes to correct user mistakes or missing parts of long entered passwords in an encrypted, information retrieval system or a password-based authentication system. Dynamic, user-specific mapping of Galois field elements is used to ensure that passwords, arbitrarily chosen by the user, are valid codewords. A typical system is described based on GF(256) and the ANSI character set with worked examples given for encoding and password correction. Security is also enhanced by the user-specific Galois field symbol mapping because this defeats Rainbow tables when used with long passwords.

Published
2017

255. GPASS: A Password Manager with Group-Based Access Control

Author

Tuomas Aura and Thanh Bui

Subjects
Password, 021110 strategic, defence & security studies, Password policy, Software_OPERATINGSYSTEMS, Password manager, business.industry, Computer science, 0211 other engineering and technologies, Access control, 02 engineering and technology, Computer security, computer.software_genre, One-time password, S/KEY, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Microsoft Office password protection, Architecture, business, computer
Abstract

Password managers make it easy for users to choose stronger and more random passwords without the burden of memorizing them. While the majority of our passwords should be kept secret, sharing passwords and access codes is necessary in some cases. In this paper, we present GPASS—a password manager architecture that allows groups to share passwords via an untrusted server. GPASS provides its own cryptographic access control mechanism in which all the information is transparent to the clients so that they can detect any misbehavior of the server. We implemented a proof-of-concept prototype to demonstrate the feasibility and effectiveness of the architecture.

Published
2017

256. Certified Password Quality

Author

João F. Ferreira, Phillip J. Brooke, Alexandra Mendes, and Saul Johnson

Subjects
Password, 021110 strategic, defence & security studies, Password policy, Authentication, Software_OPERATINGSYSTEMS, Computer science, media_common.quotation_subject, Proof assistant, 0211 other engineering and technologies, 02 engineering and technology, ENCODE, computer.software_genre, Automated theorem proving, TheoryofComputation_MATHEMATICALLOGICANDFORMALLANGUAGES, TheoryofComputation_LOGICSANDMEANINGSOFPROGRAMS, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Code (cryptography), Operating system, Quality (business), computer, media_common
Abstract

We propose the use of modern proof assistants to specify, implement, and verify password quality checkers. We use the proof assistant Coq, focusing on Linux PAM, a widely-used implementation of pluggable authentication modules for Linux. We show how password quality policies can be expressed in Coq and how to use Coq’s code extraction features to automatically encode these policies as PAM modules that can readily be used by any Linux system.

Published
2017

257. Case study on password complexity enhancement for smart devices

Author

Dongmin Choi, Xin Su, Bingying Wang, and Chang Choi

Subjects
Password, Password policy, business.industry, Computer science, Internet privacy, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, Password strength, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, The Internet, business, Set (psychology), Password psychology, computer
Abstract

Smart devices have already become a dally necessity of our life since they play a pivot role to record massive amount of Information of our personal life. Current Internet of TWngs era has been seeing more and more people relying on their devices. However, most people are losing patience to set complex passwords to ensure the security for their devices. To avoid forgetting the passwords, people are more willing to choose simple alphanumeric character combinations that are easy for them to remember and convenient to enter. Therefore, their passwords are of high probability to be cracked or exposed. In tWs paper, we study the potential security problems caused by simple and weak passwords, discuss the drawbacks of some conventional works, and propose three schemes to Increase the complexity of simple passwords. Note that our proposals are based on the prediction that the textual passwords are not difficult for users to remember or enter and the proposed schemes can effldently prevent passwords from being cracked or exposed.

Published
2017

258. Safe user authentication in a network environment

Author

Jan Hurtuk and Matus Uchnar

Subjects
Password, Password policy, Authentication, Network security, business.industry, Computer science, Password cracking, Cryptography, Character encoding, Computer security, computer.software_genre, Web application, business, computer
Abstract

Network security is often neglected even by users. This paper deals with user authentication in a network environment and offers analysis of this topic and possibilities how to increase its security by cryptographic methods. A synthetic part provides a detailed description of the design of a simple web application to authenticate users with protection against selected attacks and also its practical implementation in the form of implementation in PHP. In order to perform later testing there is also design and creation of version without protection mechanisms described in this part. The evaluation part contains the results of testing of both applications in order to demonstrate the effectiveness of methods against attacks. One of the benefits of this work is also demonstration of the necessity of appropriate choice of password by user, considering his length and combination of characters from different character sets. Another benefit is also proving, how easy is to perform such attacks as well as how easy is to implement protection against them. Last but not least, another benefit of this work is a comparison of efficiency of two different password cracking methods.

Published
2017

259. Cryptanalysis and security enhancement of a robust two-factor authentication and key agreement protocol

Author

Bin Hu, Qi Xie, Duncan S. Wong, and Na Dong

Subjects
Password, Zero-knowledge password proof, Password policy, Computer Networks and Communications, Computer science, 020206 networking & telecommunications, 020207 software engineering, 02 engineering and technology, Mutual authentication, Multi-factor authentication, Computer security, computer.software_genre, One-time password, S/KEY, Password strength, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, computer
Abstract

Two-factor user authentication scheme allows a user to use a smart card and a password to achieve mutual authentication and establish a session key between a server and a user. In 2012, Chen et al. showed that the scheme of Sood et al. does not achieve mutual authentication and is vulnerable to off-line password guessing and smart card stolen attacks. They also found that another scheme proposed by Song is vulnerable to similar off-line password guessing and smart card stolen attacks. They further proposed an improved scheme. In this paper, we first show that the improved scheme of Chen et al. still suffers from off-line password guessing and smart card stolen attacks, does not support perfect forward secrecy, and lacks the fairness of session key establishment. We then propose a new security-enhanced scheme and show its security and authentication using the formal verification tool ProVerif, which is based on applied pi calculus. Copyright © 2014 John Wiley & Sons, Ltd.

Published
2014

260. Toward a secure and usable cloud-based password manager for web browsers

Author

Chuan Yue and Rui Zhao

Subjects
Password, Password policy, User authentication, Cognitive password, General Computer Science, Computer science, business.industry, Cloud computing, Login, Computer security, computer.software_genre, One-time password, Password strength, S/KEY, World Wide Web, business, Law, computer
Abstract

Web users are confronted with the daunting challenges of creating, remembering, and using more and more strong passwords than ever before in order to protect their valuable assets on different websites. Password manager, particularly Browser-based Password Manager (BPM), is one of the most popular approaches designed to address these challenges by saving users' passwords and later automatically filling the login forms on behalf of users. Fortunately, all the five most popular Web browsers have provided password managers as a useful built-in feature. In this paper, we uncover the vulnerabilities of existing BPMs and analyze how they can be exploited by attackers to crack users' saved passwords. Moreover, we propose a novel Cloud-based Storage-Free BPM (CSF-BPM) design to achieve a high level of security with the desired confidentiality, integrity, and availability properties. We have implemented a CSF-BPM system into Firefox and evaluated its correctness, performance, and usability. Our evaluation results and analysis demonstrate that CSF-BPM can be efficiently and conveniently used. We believe CSF-BPM is a rational design that can also be integrated into other popular browsers to make the online experience of Web users more secure, convenient, and enjoyable.

Published
2014

261. Multifactor Authentication Using a QR Code and a One-Time Password

Author

Dhiraj Girdhar, Jyoti Malik, G. Sainarayanan, and Ratna Dahiya

Subjects
Password, Password policy, Zero-knowledge password proof, Computer science, computer.internet_protocol, Computer security, computer.software_genre, One-time password, S/KEY, Password strength, Operating system, HMAC-based One-time Password Algorithm, Challenge–response authentication, computer, Software, Information Systems
Published
2014

262. Lightweight secure storage model with fault-tolerance in cloud environment

Author

Chan Yeob Yeun, Rasool Asal, Quang Hieu Vu, Muhra Ahmed, and Hassan Al Muhairi

Subjects
Password, Zero-knowledge password proof, Password policy, Cloud computing security, Computer science, Economics, Econometrics and Finance (miscellaneous), Data security, Computer security model, Computer security, computer.software_genre, One-time password, Password strength, Human-Computer Interaction, computer
Abstract

According to several surveys studied by both cloud computing providers and security solution providers, security concerns, in particular data security, are the main reasons for people's reluctance to employ cloud computing. In this paper, we address the concern of data security by introducing SECRESO, a SEcure storage model for Cloud data based on REed-SOlomon code. In our proposed model, we enhance Reed-Solomon code with an extra security layer in which a password is always required to reconstruct data from its encoded blocks in the storage. In this way, without a correct password, unauthorized users cannot see the data, and hence the data is secure. Additionally, to support fault tolerance, we also introduce a log based data recovery scheme that allows data recovery without knowing the password. In this way, even though the recovered data can be incorrect, as soon as the password is provided, information from the log can be used to correct the data.

Published
2014

263. A provably secure smart card-based authenticated group key exchange protocol

Author

Hai-Duong Le and Chin-Chen Chang

Subjects
Password, OpenPGP card, Zero-knowledge password proof, Password policy, Computer Networks and Communications, Computer science, Computer security, computer.software_genre, Password strength, S/KEY, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Authentication protocol, Challenge–response authentication, computer, Information Systems
Abstract

A password-based authenticated group key exchange protocol assists group participants who possess low-entropy, human-memorable passwords in establishing a secure communication channel. In this type of scheme, the server needs to store the users' verifiers in a database. Therefore, it is susceptible to stolen-verifier attacks. In this paper, we propose a new authenticated group key protocol that eliminates the need of verifier database at the server side. Our protocol is based on a two-factor authentication that employs both smart card and password. Copyright © 2014 John Wiley & Sons, Ltd.

Published
2014

264. An Improved Scheme of One-Time Password Identity Authentication Based on the S/KEY System

Author

Yu Guan, Jia Yu Li, Hui Shi, Yuan Qing Deng, and Jing Gong

Subjects
Password, Zero-knowledge password proof, Authentication, Password policy, computer.internet_protocol, Computer science, Hash function, General Medicine, Multi-factor authentication, Computer security, computer.software_genre, One-time password, S/KEY, Password strength, Hash chain, HMAC-based One-time Password Algorithm, Challenge–response authentication, computer
Abstract

This paper analyzes several kinds of S/KEY One-time Password (OTP) identity authentication schemes, and designs a new OTP identity authentication scheme with the increasing hash chains. The new scheme overcomes the weakness of common OTP schemes which need to reset parameters when used, consequently reduces the sever burden, and does not need any kinds of assists provided by additional hardware or serves. Furthermore, it can realize the client - server authentication and resist the common network attacks.

Published
2014

265. Design and Implementation of OTP Base on MD5

Author

Jian Bin Liu, Ce Zhu, Zhi Chao Li, Jie Tao Diao, and Qi You Xie

Subjects
Computer science, Encryption, computer.software_genre, Computer security, One-time password, Disk encryption hardware, Password strength, Multiple encryption, Filesystem-level encryption, Microsoft Office password protection, Syskey, Password, Password policy, business.industry, Client-side encryption, General Medicine, Disk encryption theory, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Disk encryption, Probabilistic encryption, 40-bit encryption, 56-bit encryption, Link encryption, Attribute-based encryption, On-the-fly encryption, business, computer
Abstract

Encryption of information is getting increasingly large attention, due to the popularity of internet and the advance of technology. One of the encryption algorithms, MD5, is commonly used in data encryption nowadays. In this paper, MD5 algorithm was briefly described and used to construct a dynamic password encryption technique with time parameters. This dynamic password has no internal relevance, which means the new password can not be derived using previous passwords. Generation of password also takes a relative short time frame, such that in theory the encryption system can not be breached.

Published
2014

267. PASSWORD PROTECTION: END USER SECURITY BEHAVIOR

Author

Vitaly Klyuev and Keisuke Kato

Subjects
Password, Password policy, Cognitive password, Computer Networks and Communications, business.industry, Computer science, Internet privacy, Password cracking, Computer security, computer.software_genre, One-time password, S/KEY, Password strength, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Hardware and Architecture, Computer Science (miscellaneous), business, computer, Password psychology, Software, Information Systems
Abstract

Password authentication is one of essential services in our life for protecting data. In other words, we may loose a lot of money, sensitive data, etc., if passwords leak out. Thus, we have to understand clearly what is important for creating and/or changing passwords. Our goal is to analyze key issues for setting passwords. We surveyed 262 students of the University of Aizu, Japan. We discussed key security problems, main password protection issues and techniques, and misunderstandings about passwords by end users. Furthermore, we compared the obtained data with results provided by the National Institute of Standard Technology (NIST) and others. The results can help the users set stronger passwords.

Published
2014

268. A Study on Definitions of Security Requirements for Identification and Authentication on the Step of Analysis

Author

Seong-Yoon Shin

Subjects
Password, Password policy, Authentication, Computer science, Authentication protocol, Password management, Challenge–response authentication, Computer security, computer.software_genre, One-time password, computer, Data Authentication Algorithm
Abstract

TIn analysis as the first step of S/W development, security requirements of identification and authentication, ID and password management, authentication process, authentication method, ete. should be defined. Identification is to uniquely identify certain users and applications running on a certain system. Authentication means the function to determine true or false users and applications in some cases. This paper is to suggest the security requirements for identification and authentication in analysis step. Firstly, individual ID should be uniquely identified. The second element is to apply the length limitations, combination and periodic changes of passwords. The third should require the more reinforced authentication methods besides ID and passwords and ∙제1저자 : 신성윤 ∙투고일 : 2014. 6. 26, 심사일 : 2014. 7. 3, 게재확정일 : 2014. 7. 30. * 군산대학교 컴퓨터정보공학과(Dept. of Computer Information Engineering, Kunsan National University) 88 Journal of The Korea Society of Computer and Information July 2014 그림 1. 단계별주요보안 Activity Fig. 1. Step-Wide Security Activity satisfy the defined security elements on authentication process. In this paper, the security requirements for the step of identification and authentication have been explained through several practical implementation methods. ▸

Published
2014

269. An efficient client–client password-based authentication scheme with provable security

Author

Mohammad Sabzinejad Farash and Mahmoud Ahmadian Attari

Subjects
Provable security, Challenge-Handshake Authentication Protocol, Zero-knowledge password proof, Otway–Rees protocol, Interlock protocol, Computer science, Data_MISCELLANEOUS, Computer security, computer.software_genre, One-time password, Theoretical Computer Science, Password strength, Random oracle, S/KEY, Session key, Password, Password policy, Authentication, Password cracking, Authenticated Key Exchange, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Hardware and Architecture, Authentication protocol, Wide Mouth Frog protocol, Reflection attack, Challenge–response authentication, computer, Software, Information Systems
Abstract

Recently, Tso proposed a three-party password-based authenticated key exchange (3PAKE) protocol. This protocol allows two clients to authenticate each other and establish a secure session key through a server over an insecure channel. The main security goals of such protocols are authentication and privacy. However, we show that Tso's protocol achieves neither authentication goal nor privacy goal. In this paper, we indicate that the privacy and authentication goals of Tso's protocol will be broken by off-line password guessing attack and impersonation attack, respectively. To overcome the weaknesses, we propose an improved 3PAKE protocol to achieve more security and performance than related protocols. The security of the proposed improved protocol is proved in random oracle model.

Published
2014

270. Provably secure dynamic identity-based three-factor password authentication scheme using extended chaotic maps

Author

SK Hafizul Islam

Subjects
Password, Password policy, Zero-knowledge password proof, Computer science, business.industry, Applied Mathematics, Mechanical Engineering, Aerospace Engineering, Ocean Engineering, Computer security, computer.software_genre, One-time password, Password strength, S/KEY, Control and Systems Engineering, Key derivation function, Electrical and Electronic Engineering, Challenge–response authentication, business, computer, Computer network
Abstract

With the aim of guaranteeing secure communication through public networks, three-factor password authentication (TF-PWA) scheme plays a key role in many internet applications. Since in TF-PWA scheme, the communicating entities can mutually authenticate each other and generate a shared session key, which will be used for secure exchange of messages in succeeding communication among them. As a result, the TF-PWA schemes gain enormous consideration in recent years. More recently, due to light-weight features of the extended chaotic map, it is also extensively applied in designing of public key encryption, key agreement, image encryption, S-box, hash function, digital signature, password authentication, etc. The aim of this paper was to design a dynamic identity-based three-factor password authentication scheme using extended chaotic map (ECM-TF-PWA) in the random oracle model. The proposed scheme is provably secure based on the intractability assumption of chaotic map-based Diffie–Hellman problem. The informal security analysis gives the evidence that our scheme protects all attacks and provides functionality attributes that are needed in a three-factor authentication system. Besides, the performance discussion shows that our scheme performs better than others in respect of computation and communication cost.

Published
2014

271. GRID-IMAGE PASSWORD BASED SCHEME: ENHANCING MEMORABILITY FEATURES OF PASSWORDS

Author

Obasan Adebola, Norafida Ithnin, and Mohd Zalisham Jali

Subjects
Password, Zero-knowledge password proof, Password policy, Multidisciplinary, Cognitive password, Computer science, Computer security, computer.software_genre, One-time password, S/KEY, Password strength, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, computer, Password psychology
Abstract

Password authentication has become a widely recognized element of computer security practices where human users are proven or confirmed as legitimate u sers for access to secure systems. Using this syste m, every user needs to recall its password correctly b efore access can be granted to an intended services or applications. Remembering the secure passwords is a n everyday problem for users because of individual memory limitation. In an effort to solve this probl em, graphical password was presented as one promising athentication alternative taking advantage of pictu re superiority over texts. The main objective of th is study is to provide a comprehensive survey of array of gr aphical password schemes in different categories ba sed on their common features with the primary aim of id entifying the memorability features and propose a n ew graphical authentication system with enhanced memorability features.

Published
2014

272. Honey Encryption: Encryption beyond the Brute-Force Barrier

Author

Thomas Ristenpart and Ari Juels

Subjects
Password, Password policy, Computer Networks and Communications, business.industry, Computer science, Secure Shell, Cryptography, computer.software_genre, Computer security, Encryption, One-time pad, Multiple encryption, Probabilistic encryption, Ciphertext, Key (lock), Attribute-based encryption, Electrical and Electronic Engineering, On-the-fly encryption, business, Law, computer, Password psychology, Honey Encryption, Hacker
Abstract

Honey encryption (HE) addresses the challenge of encrypting messages using keys that are vulnerable to guessing attacks, such as the passwords selected by ordinary users. HE creates a ciphertext that, when decrypted with an incorrect key or password, yields a valid-looking but bogus message. So, attackers can't tell when decryption has been successful. Counterintuitively, HE enables the encryption of a message using a weak password such that even a strong attacker--one with unlimited computing power--can't decrypt the message with certainty. You can use HE to encrypt the list of passwords in a password manager, credentials used in SSH (Secure Shell), and so on. HE fuses the creative use of honey objects and decoys in system security with the rigor and principled application imparted by cryptography.

Published
2014

273. Further Observations on Smart-Card-Based Password-Authenticated Key Agreement in Distributed Systems

Author

Xinyi Huang, Li Xu, Xiaofeng Chen, Jin Li, and Yang Xiang

Subjects
Password, Password policy, OpenPGP card, Zero-knowledge password proof, Authentication, computer.internet_protocol, Computer science, business.industry, Distributed computing, Computer security, computer.software_genre, One-time password, S/KEY, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, 3-D Secure, Computational Theory and Mathematics, Hardware and Architecture, Signal Processing, Password authentication protocol, Smart card, Challenge–response authentication, business, computer, Password-authenticated key agreement, Key exchange
Abstract

This paper initiates the study of two specific security threats on smart-card-based password authentication in distributed systems. Smart-card-based password authentication is one of the most commonly used security mechanisms to determine the identity of a remote client, who must hold a valid smart card and the corresponding password to carry out a successful authentication with the server. The authentication is usually integrated with a key establishment protocol and yields smart-card-based password-authenticated key agreement. Using two recently proposed protocols as case studies, we demonstrate two new types of adversaries with smart card: 1) adversaries with pre-computed data stored in the smart card, and 2) adversaries with different data (with respect to different time slots) stored in the smart card. These threats, though realistic in distributed systems, have never been studied in the literature. In addition to point out the vulnerabilities, we propose the countermeasures to thwart the security threats and secure the protocols.

Published
2014

274. A Robust and Efficient Password Authentication Scheme Using Smart Cards

Author

Hua Zhang, Ping Zhu, Zheng Ping Jin, and Wei Jing Li

Subjects
Zero-knowledge password proof, computer.internet_protocol, Salt (cryptography), Computer science, Cryptography, Computer security, computer.software_genre, One-time password, S/KEY, Password strength, Secure communication, Forward secrecy, Key stretching, Session key, Password authentication protocol, Elliptic curve cryptography, Password, Password policy, business.industry, General Medicine, Mutual authentication, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Authentication protocol, HMAC-based One-time Password Algorithm, Smart card, Challenge–response authentication, business, computer
Abstract

Password authentication scheme using smart cards is an important part of securely accessing the server program. In 2012, Chen et al. proposed a robust smart-card-based remote user password authentication scheme. Recently, Li et al. discovered the scheme of Chen et al. cannot really ensure forward secrecy, and it cannot achieve the goal of efficiency for wrong password login. Then, they proposed an enhanced remote user password authentication scheme based on smart cards. In this paper, we propose a novel authentication scheme by using elliptic curve cryptography. The new scheme can achieve both the user anonymity and the goal of efficiency of incorrect password detection, and can also establish a session key for the subsequent secure communication. Moreover, we show by a detailed analysis that it requires lower computation cost while improving the security of the scheme.

Published
2014

275. Application of Password Services in an SMS Platform in Medical Record Copying

Author

Lin Lin and Beibei Sun

Subjects
Password, Service (business), Password policy, Short Message Service, Copying, business.industry, Computer science, Applied Mathematics, General Mathematics, Medical record, Internet privacy, Computer security, computer.software_genre, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Identity (object-oriented programming), Confidentiality, business, computer
Abstract

Since medical records play an irreplaceable role in many fields, the medical record copying is particularly important. The contents of a medical record are confidential, so it cannot be copied without identity check; some patients and agents cannot copy the medical record because they may forget to take the valid identity documents. This article refers to the password service concept in service industries, and by applying the password services, the patients can set up service passwords for the medical records through the short message service (SMS) platform, so that in the ordinary application check, if the agents do not carry the valid identity documents of patients, the workers in the medical record room can prompt the agents to enter the known service passwords into the medical record management system, and the workers check the passwords with the service passwords pre-stored in the server of the hospital. If the agents enter the correct password, the identity check is successful. The purpose i...

Published
2014

276. An Advanced ECC Dynamic Password-Based Remote Authentication Scheme for Cloud Computing

Author

Wei Han and Lai Cheng Cao

Subjects
Password, Zero-knowledge password proof, Password policy, Cloud computing security, business.industry, Computer science, Data_MISCELLANEOUS, Cloud computing, General Medicine, Mutual authentication, Computer security, computer.software_genre, One-time password, Identity management, S/KEY, Password strength, Elliptic curve cryptosystem, Challenge–response authentication, business, computer, Hacker
Abstract

Due to the strong capacity of computing and storage, more and more hackers choose to attack cloud systems for their own use to obtain illegal benefits. In order to prevent the occurrence of this phenomenon, when a cloud user enters into the cloud system, their identity must be verified to protect the security of cloud platform and the interests of legitimate users. Then, we propose a new ECC dynamic password-based authentication scheme for cloud computing in this paper. The proposed scheme provides mutual authentication and identity management. A user also can change his/her password whenever demanded. Furthermore, the scheme has the resistance to possible attacks in cloud computing.

Published
2014

277. Differentiated Virtual Passwords, Secret Little Functions, and Codebooks for Protecting Users From Password Theft

Author

Ming Lei, Susan V. Vrbsky, Chung-Chih Li, and Yang Xiao

Subjects
Password, Password policy, Cognitive password, Computer Networks and Communications, Computer science, Password cracking, Computer security, computer.software_genre, One-time password, Computer Science Applications, Password strength, S/KEY, Control and Systems Engineering, Electrical and Electronic Engineering, computer, Password psychology, Information Systems
Abstract

In this paper, we discuss how to prevent users' passwords from being stolen by adversaries in online environments and automated teller machines. We propose differentiated virtual password mechanisms in which a user has the freedom to choose a virtual password scheme ranging from weak security to strong security, where a virtual password requires a small amount of human computing to secure users' passwords. The tradeoff is that the stronger the scheme, the more complex the scheme may be. Among the schemes, we have a default method (i.e., traditional password scheme), system recommended functions, user-specified functions, user-specified programs, and so on. A function/program is used to implement the virtual password concept with a tradeoff of security for complexity requiring a small amount of human computing. We further propose several functions to serve as system recommended functions and provide a security analysis. For user-specified functions, we adopt secret little functions in which security is enhanced by hiding secret functions/algorithms.

Published
2014

278. Two-factor face authentication using matrix permutation transformation and a user password

Author

DaeHun Nyang, Kyunghee Lee, and Jeonil Kang

Subjects
Challenge-Handshake Authentication Protocol, Information Systems and Management, Computer science, Email authentication, Cryptography, Computer security, computer.software_genre, Theoretical Computer Science, S/KEY, Artificial Intelligence, Generic Bootstrapping Architecture, Lightweight Extensible Authentication Protocol, Data Authentication Algorithm, Password, Password policy, Authentication, business.industry, Multi-factor authentication, Chip Authentication Program, Computer Science Applications, Control and Systems Engineering, Authentication protocol, Challenge–response authentication, business, computer, Software, Computer network
Abstract

Although authentication using biometric techniques is convenient, security issues such as the loss of personal bio-information are serious problems. However, the development of a secure biometrics scheme poses considerable challenges because users' bio-information is not precisely the same for each authentication attempt. This uncertainty during the authentication process obstructs direct application of cryptographic one-way functions in the authentication system. In this paper, we suggest a two-factor face authentication scheme using matrix transformations and a user password. Our scheme is designed with a secure cancellation feature, in that templates composed of permutation and feature vectors can be freely changed. Through experimental scenarios and results, we introduce the notable features of our scheme. Furthermore, we consider possible attacks on the proposed scheme and suggest security enhancement methods.

Published
2014

279. Captcha as Graphical Passwords—A New Security Primitive Based on Hard AI Problems

Author

Ning Xu, Bin Zhu, Jeff Yan, Guanbo Bao, and Maowei Yang

Subjects
Password, Password policy, Cognitive password, Dictionary attack, Computer Networks and Communications, Computer science, Salt (cryptography), Password cracking, Computer security, computer.software_genre, One-time password, S/KEY, Password strength, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Safety, Risk, Reliability and Quality, computer
Abstract

Many security primitives are based on hard mathematical problems. Using hard AI problems for security is emerging as an exciting new paradigm, but has been under-explored. In this paper, we present a new security primitive based on hard AI problems, namely, a novel family of graphical password systems built on top of Captcha technology, which we call Captcha as graphical passwords (CaRP). CaRP is both a Captcha and a graphical password scheme. CaRP addresses a number of security problems altogether, such as online guessing attacks, relay attacks, and, if combined with dual-view technologies, shoulder-surfing attacks. Notably, a CaRP password can be found only probabilistically by automatic online guessing attacks even if the password is in the search set. CaRP also offers a novel approach to address the well-known image hotspot problem in popular graphical password systems, such as PassPoints, that often leads to weak password choices. CaRP is not a panacea, but it offers reasonable security and usability and appears to fit well with some practical applications for improving online security.

Published
2014

280. A New Graphical Password Scheme Based on Universal Design

Author

Hwangyong Kim and Gi-Chul Yang

Subjects
World Wide Web, Password, Scheme (programming language), Password policy, Cognitive password, Computer science, Universal design, Computer security, computer.software_genre, computer, computer.programming_language
Published
2014

281. Research on Network Security and Identity Authentication

Author

Yi Xing Fan and Ren Bing Zhang

Subjects
Challenge-Handshake Authentication Protocol, Otway–Rees protocol, computer.internet_protocol, Computer science, Network security, Generic Security Service Algorithm for Secret Key Transaction, Access control, Computer security, computer.software_genre, NTLMSSP, Distributed System Security Architecture, Generic Bootstrapping Architecture, Lightweight Extensible Authentication Protocol, Password authentication protocol, Password policy, Authentication, business.industry, General Engineering, Multi-factor authentication, Chip Authentication Program, Authentication protocol, Network Access Control, IPsec, Protected Extensible Authentication Protocol, Challenge–response authentication, business, computer, Computer network
Abstract

With the rapid development of computer networks and the popularity of network applications, network security has been people's increasing attention. Network security is an important issue under Network environment, authentication technology plays a very important role for network application security. Through the study of reason perish analysis and system design, providing efficient and practical solutions for network security applications system. The purpose of this paper is to research on authentication mechanisms and authentication protocols, analysis characteristics and application environments of the network authentication system, develop the VIKEY online dynamic two-factor password authentication system.

Published
2014

282. Research on the Network Security and Identity Authentication Technology

Author

Yi Hui He

Subjects
Password, Password policy, Engineering, business.industry, General Engineering, Multi-factor authentication, Computer security, computer.software_genre, One-time password, S/KEY, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Authentication protocol, Challenge–response authentication, business, computer, Data Authentication Algorithm
Abstract

Network security and identity authentication is confirmed the true identity whether the user and the claimed identity is consistent or not, in order to prevent the illegal user access the system for resources by identity fraud. The one-time password authentication technology with high safety, convenient for using, easy for management and lower cost is applied widely and has bright prospection. The one-time password authentication technology support to add uncertain factors in the login process, so that the login authentication informations are not the same each time. It is useful to improve the security of the login process. In this paper, a new system which is based on the the one-time password authentication technology called biometric system is first introduced. Then the framework of multi-biometric system is presented, and several examples are also shown. The prospect about multi-biometric fusion is also given.

Published
2014

283. A User Identification Technique to Access Big Data using Cloud Services

Author

Manu A R, K N Bala Subramanya Murthy, and Vinod Kumar Agrawal

Subjects
Password, Password policy, Authentication, Computer science, business.industry, Cloud computing, business, Login, One-time password, Computer network, S/KEY
Abstract

is required in stored database systems so that only authorized users can access the data and related cloud infrastructures. This paper proposes anauthentication technique using multi-factor and multi-dimensional authentication system with multi-level security. The proposed technique is likely to be more robust as the probability of breaking the password is extremely low. This framework uses a multi-modal biometric approach and SMS to enforce additional security measures with the conventional Login/password system. The robustness of the technique is demonstrated mathematically using a statistical analysis. This work presents the authentication system using the consumer authentication architecture diagrams, activity diagrams, data flow diagrams, sequence diagrams, and algorithms.

Published
2014

284. M-Pass: Web Authentication Protocol Resistant to Malware and Phishing

Author

A. K. Gupta and Ajinkya S. Yadav

Subjects
Zero-knowledge password proof, Computer science, Salt (cryptography), computer.internet_protocol, Internet privacy, Keystroke logging, Computer security, computer.software_genre, One-time password, Password strength, S/KEY, Key stretching, Syskey, Microsoft Office password protection, Password psychology, Password, User authentication, Password policy, Authentication, Cognitive password, business.industry, Password cracking, Passphrase, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, HMAC-based One-time Password Algorithm, Challenge–response authentication, business, computer
Abstract

this digital world all information and data is kept safe by passwords. The simple and convenient format of password is in the form of text. But, text passwords are not always strong enough and under different vulnerabilities they are very easily stolen and changed. When a person creates a weak password or same password is reused in many sites it may be possible that others can acquire that password. If one password is stolen, then it is possible that it can be used for all the websites. This phenomenon is known as the Domino Effect. Another possible risky attacks are related to phishing, malware and key loggers etc. A protocol is designed which makes use of the user's customer's mobile i.e. cellular phone and SMS (short message service) to ensure protection against password stealing attacks. This user authentication protocol is named as m-Pass. The unique phone number is required which will be possessed by each participating website. The telecommunication service provider plays important role in the registration and the recovery phases. The main theme is to reduce the password reuse attack. It works with one time password technology, and results in reduction of the password validity time. The results show improvement in performance of the security. KeywordsSecurity, m-Pass, Phishing, authentication

Published
2014

285. Pixel Value Graphical Password Scheme: Identifying Design Features and Requirements

Author

Mohd Suhaili Bin Ariffin, Mohd Sidek Fadhil bin Mohd Yunus, Mohd Afizi bin Mohd Shukran, Wan Sharil Sham Shariff, and Kamaruzaman Maskat

Subjects
Password, Scheme (programming language), Password policy, Authentication, Information retrieval, business.industry, Salt (cryptography), Computer science, Access control, General Medicine, Computer security, computer.software_genre, One-time password, S/KEY, Password strength, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, business, computer, computer.programming_language
Abstract

Pixel value graphical password scheme was introduced with the aim to solve problems faced by users during authentication process that arising from current graphical password scheme weaknesses. Even though the idea of graphical password scheme is still under analysis stage, many researchers have come out with a lot of vulnerabilities finding for current graphical password scheme. Literature studies on vulnerabilities finding has contributed for a development of method design features and requirements for pixel value graphical password scheme. This paper is organized as begin with a brief introduction on graphical password scheme, followed by literature study outcome, discussion on features and requirements, and enclosed with topic conclusion.

Published
2014

286. Securing Web Accounts Using Graphical Password Authentication through Watermarking

Author

Jennifer Nicholas, Abhay Yeole, Anuja Bongirwar, and Vinit Khetani

Subjects
Password, Password policy, Zero-knowledge password proof, Cognitive password, Computer science, Computer security, computer.software_genre, One-time password, Password strength, S/KEY, World Wide Web, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, computer, Password psychology
Abstract

Today, most Internet applications still establish user authentication with traditional text based passwords. Designing a secure as well as a user- friendly password-based method has been on the agenda of security researchers for a long time. On one hand, there are password manager programs which facilitate generating site-specific strong passwords from a single user password to eliminate the memory burden due to multiple passwords. On the other hand, there are studies exploring the viability of graphical passwords as a more secure and user-friendly alternative. In this project, we propose a new graphical password scheme for accessing web accounts called "Secure Web Account Access through Recognition Based Graphical Password by Watermarking". Here user selects number of images as a password and while login user needs to enter the random code generated below each image, which has been set as a password. Here the security of the system is very high and every time user needs to enter different set of code for authentication i.e. every time new password gets generated making Dictionary attacks, Brute Force attack, and other attacks infeasible.

Published
2014

287. An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics

Author

Ming-Chin Chuang and Meng Chang Chen

Subjects
Password, Password policy, Authentication, business.industry, Computer science, Data_MISCELLANEOUS, Hash function, General Engineering, Computer security, computer.software_genre, One-time password, Computer Science Applications, S/KEY, Artificial Intelligence, Key (cryptography), Smart card, Challenge–response authentication, business, computer, Cryptographic nonce
Abstract

Password-based remote user authentication schemes are widely investigated, with recent research increasingly combining a user's biometrics with a password to design a remote user authentication scheme that enhances the level of the security. However, these authentication schemes are designed for a single server environment and result in users needing to register many times when they want to access different application servers. To solve this problem, in this paper we propose an anonymous multi-server authenticating key agreement scheme based on trust computing using smart cards, password, and biometrics. Our scheme not only supports multi-server environments but also achieves many security requirements. In addition, our scheme is a lightweight authentication scheme which only uses the nonce and a hash function. From the subsequent analysis, the proposed scheme can be seen to resist several kinds of attacks, and to have more security properties than other comparable schemes.

Published
2014

288. Analysis on Security Vulnerabilities of a Biometric-based User Authentication Scheme for Wireless Sensor Networks

Author

Young-Do Joo

Subjects
Password, Password policy, Computer science, Network Access Control, Authentication protocol, Multi-factor authentication, Challenge–response authentication, Computer security, computer.software_genre, computer, One-time password, S/KEY
Abstract

The numerous improved schemes of remote user authentication based on password have been proposed in order to overcome the security weakness in user authentication process. Recently, some of biometric-based user authentication schemes to use personal biometric information have been introduced and they have shown the relatively higher security and the enhanced convenience as compared to traditional password-based schemes. These days wireless sensor network is a fundamental technology in face of the ubiquitous era. The wireless sensor networks to collect and process the data from sensor nodes in increasing high-tech applications require important security issues to prevent the data access from the unauthorized person. Accordingly, the research to apply to the user authentication to the wireless sensor networks has been under the progress. In 2010, Yuan et al. proposed a biometric-based user authentication scheme to be applicable for wireless sensor networks. Yuan et al. claimed that their scheme is effectively secure against the various security flaws including the stolen verifier attack. In this paper, author will prove that Yuan et al.`s scheme is still vulnerable to the password guessing attack, user impersonation attack and the replay attack, by analyzing their security weakness.

Published
2014

289. Securing ATM Using Graphical Password Authentication Scheme

Author

Ramakant Yadav, Sonia Rathi, Raunak Chitnis, and M.V. Bhosle

Subjects
Password, Zero-knowledge password proof, Password policy, Engineering, Cognitive password, business.industry, Password cracking, Computer security, computer.software_genre, One-time password, Password strength, S/KEY, business, computer
Abstract

In our day to day life ATMs are widely used and have brought so much relief to the financial world. Various problems were solved with the advent of these machines ranging from keeping the banking hall free of traffic with its attendant issues. But crime at ATMs has become a nationwide issue that faces not only customers, but also for bankers and this financial crime case rises repeatedly in recent years. To handle this issue, one solution can be the use of graphical password to overcome the problem of textual password. In this paper, we present and evaluate our contribution, i.e., the iChess password. The iChess password is a multifactor authentication scheme. We present an iChess Chess board virtual environment where the user navigates and interacts with various objects. The series of actions and interactions toward the objects inside the iChess environment constructs the user's iChess password. The design of the iChess virtual environment and the type of objects selected determine the iChess password key space. Further for more security we are providing a random four digit number (flash code) on the respective users mobile which is new for every login.

Published
2014

291. Investigating the Viability of Multifactor Graphical Passwords for User Authentication

Author

Paul Dowland, Mohd Zalisham Jali, and Steven Furnell

Subjects
Password, Password policy, Information Systems and Management, Cognitive password, Information retrieval, Computer science, Multi-factor authentication, One-time password, Computer Science Applications, S/KEY, World Wide Web, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Authentication protocol, Challenge–response authentication, Software
Abstract

Authentication using images (i.e., graphical passwords) is claimed to be one of the alternatives for overcoming weaknesses in the traditional username and password authentication. This paper reports on the study to explore the feasibility of combining two graphical password methods for better security. A graphical password prototype scheme, the Enhanced Graphical Authentication System (EGAS), was developed (which combines the methods of clicking on the image (i.e., click-based) and selecting a series of images (i.e., choice-based). The EGAS was tested by 30 participants randomly chosen from the authors’ university and two evaluations were made; namely user performance of the combined method and the feasibility of authentication strategies toward the introduced method itself. From both evaluations, it is found that positive results have been obtained, which suggest that these methods could be combined together effectively without giving impediment to users.

Published
2014

292. Authentication Systems for Securing Clinical Documentation Workflows

Author

Christoph Seidel, Birger Haarbrandt, J. Schwartze, D. Fortmeier, and Reinhold Haux

Subjects
0301 basic medicine, Computer access control, Computer science, Health Informatics, Access control, 02 engineering and technology, Workflow, World Wide Web, 03 medical and health sciences, Health Information Management, Germany, 0202 electrical engineering, electronic engineering, information engineering, Information system, Electronic Health Records, Humans, Dermatoglyphics, Computer Security, Advanced and Specialized Nursing, Password, Password policy, Information retrieval, business.industry, 020208 electrical & electronic engineering, Information security, Multi-factor authentication, Authentication (law), 030104 developmental biology, Biometric Identification, business
Abstract

SummaryContext: Integration of electronic signatures embedded in health care processes in Germany challenges health care service and supply facilities. The suitability of the signature level of an eligible authentication procedure is confirmed for a large part of documents in clinical practice. However, the concrete design of such a procedure remains unclear.Objective: To create a summary of usable user authentication systems suitable for clinical workflows.Data Source: A Systematic literature review based on nine online bibliographic databases. Search Keywords included authentication, access control, information systems, information security and biometrics with terms user authentication, user identification and login in title or abstract. Searches were run between 7 and 12 September 2011. Relevant conference proceedings were searched manually in February 2013. Backward reference search of selected results was done.Selection: Only publications fully describing authentication systems used or usable were included. Algorithms or purely theoretical concepts were excluded. Three authors did selection independently.Data Extraction and Assessment: Semi-structured extraction of system characteristics was done by the main author. Identified procedures were assessed for security and fulfillment of relevant laws and guidelines as well as for applicability. Suitability for clinical workflows was derived from the assessments using a weighted sum proposed by Bonneau.Results: Of 7575 citations retrieved, 55 publications meet our inclusion criteria. They describe 48 different authentication systems; 39 were biometric and nine graphical password systems. Assessment of authentication systems showed high error rates above European CENELEC standards and a lack of ap -plicability of biometric systems. Graphical passwords did not add overall value compared to conventional passwords. Continuous authentication can add an additional layer of safety. Only few systems are suitable partially or entirely for use in clinical processes.Conclusions: Suitability strongly depends on national or institutional requirements. Four authentication systems seem to fulfill requirements of authentication procedures for clinical workflows. Research is needed in the area of continuous authentication with biometric methods. A proper authentication system should combine all factors of au -thentication implementing and connecting secure individual measures.

Published
2014

293. Image Based Authentication for Folder Security using Persuasive Cued Click-Points and SHA

Author

Nitin Dighade, Heena Agrawal, Ruchal Bhusari, Mrunali Shende, and Suraj Hande

Subjects
Password, World Wide Web, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Password policy, Cognitive password, Information retrieval, Computer science, Password cracking, One-time password, Password psychology, S/KEY, Password strength
Abstract

In this paper Image Based Authentication application is applied on folder's (folders that are confidential to user) ,since the studies till date have shown that textual passwords are more prone that they are well hacked by hackers through easily available software's or programming different code to hack the password. The textual passwords use languages that can be identified using the grammar that they use, therefore our project focuses on Graphical passwords , because as such it has been observed that human brains is better at re-collecting and recognizing images than text, the images are well captured and stored rather than text. There have been phases in creating a strong graphical password scheme from 1999, with the promise that the graphical passwords would provide improved password memorability and usability. The technique that we use here is PCCP (PERSUASIVE CUED CLICK POINTS), this is a combination of recall and recognition based techniques with the implementation of SHA1 (Secure Hash Algorithm). Here PCCP is used for user to have better strong passwords by expanding password space and SHA1 is used to ensure security to folder. Keyword: Authentication, Graphical Password, Hotspot, Passpoints, Secure Hash Algorithm

Published
2014

294. Secured Password Technique Using Devices

Author

Mekha Mariyam Thomas

Subjects
Password, Password policy, Zero-knowledge password proof, Software_OPERATINGSYSTEMS, Cognitive password, Computer science, Password cracking, Computer security, computer.software_genre, One-time password, Password strength, S/KEY, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, computer
Abstract

Text based password is most commonly used user authentication .To log on to websites, users must memorize the selected password. Password based authentication can resist brute force and dictionary attacks, if they select a stronger password but users often select weak password for their convenience and remembrance. They reuse password in different sites for simplicity, it would make the attacker to find their passwords in different sites. These are caused by the negative impact of human behavior. Typing password on untrusted computers suffers from stealing of password i.e. shoulder surfing. Then researchers have designed graphical password which made attackers to find out the commonly selective areas (Hotspots). Some researchers have focused on three-factor authentication for reliability and depends on password, token, biometric. For this authentication, the user must input a password and provide a pass code generated by the token, and scan her biometric features (e.g., fingerprint). This is a comprehensive defense mechanism against password stealing attacks, but it requires high cost. Another user authentication is Opass, which uses a cell phone to enter the password. The password that is entered by the user is converted to a one-time password and in this system it provides more security by enabling a encryption for the converted one-time password. By using the cell phone and providing an encryption, the security can be increased. This would reduce the user from remembering from many passwords and thus reduce the password stealing. The user can then successfully enter to their website and enjoy the accessibility. This reduces the negative influence of human factors compared to previous schemes, and is the first user authentication protocol to prevent password stealing (i.e., phishing, keylogger, and malware) and also prevent password reuse attacks simultaneously.

Published
2014

295. Authentication Scheme for Session Password using matrix Colour and Text

Author

Umesh M. Korade, Sagar B. Kedar, Chetan P. Shitole, V. M. Lomte, and Sagar A. Dhanake

Subjects
World Wide Web, Password, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Password policy, Information retrieval, Dictionary attack, Cognitive password, Computer science, Shoulder surfing, Social engineering (security), Authentication scheme, Password psychology
Abstract

The most common method used for authentication is Textual passwords. But textual passwords are in risk to eves dropping, dictionary attacks, social engineering and shoulder surfing. Graphical passwords are introduced as alternative techniques to textual passwords. Most of the graphical schemes are helpless to shoulder surfing. To address this problem, text can be combined with images or colors to generate session passwords for authentication. Session passwords can be used only once and every time a new password is generated. In this paper, two techniques are proposed to generate session passwords using text and colors which are resistant to shoulder surfing. These methods are suitable for Personal Digital Assistants.

Published
2014

296. Secure password authentication schemes and their applications

Author

SeongHan Shin and Kazukuni Kobara

Subjects
Password, Zero-knowledge password proof, Password policy, Computer science, General Engineering, General Social Sciences, Computer security, computer.software_genre, One-time password, S/KEY, Password strength, Authentication protocol, Challenge–response authentication, computer
Published
2014

297. Cryptanalysis of an Improved Smartcard-based Remote Password Authentication Scheme

Author

Kim-Kwang Raymond Choo, SK Hafizul Islam, and Gautam Biswas

Subjects
Password, Password policy, Zero-knowledge password proof, Cognitive password, Computer science, Applied Mathematics, Data_MISCELLANEOUS, Library and Information Sciences, Computer security, computer.software_genre, One-time password, Computer Science Applications, Password strength, S/KEY, Challenge–response authentication, computer
Abstract

In recent years, several dynamic identity-based two-factor user authentication using password and smartcard have been proposed to provide mutual authentication between the user and server over unreliable networks. However, the design of secure cryptographic schemes is still notoriously hard, and there have been several instances of detected flaws in published schemes. For example in 2010, Hao and Yu demonstrated that Wang et al.'s user authe ntication scheme is insecure against off-line password guessing and server masquerade attacks, and proposed an improved scheme. Subsequently in 2012, Chao pointed out that the improved scheme of Hao and Yu is, unfortunately, susceptible to off-line password guessing and server masquerade attacks, and prone to password backward security problem; and proposed an enhanced scheme. In this paper, we demonstrated that Chao's enhanced scheme is not secure against user masquerade attack, server masquerade attack, insider attack and off-line password guessing attack in violation of its security claim as well as it fails to achieve users' anonymity.

Published
2014

298. Implementing 3D Graphical Password Schemes

Author

Mcchester Odoh and Ihedigbo Chinedum E

Subjects
Password, Password policy, business.industry, Computer science, Internet privacy, business, Computer security, computer.software_genre, computer, One-time password, Password strength, S/KEY
Published
2014

299. Online Password Guessing Attacks by Using Persuasive Click Point with Dynamic User Block

Author

P. Kalaivizhi and S. Thiru Nirai Senthil

Subjects
Password, World Wide Web, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Password policy, Cognitive password, Computer science, Password cracking, One-time password, Password psychology, S/KEY, Password strength
Abstract

The goal of knowledge-based authentication system is to guide the users in creating graphical passwords. User often creates memorable passwords that are easy for attackers to guess, but strong system assigned passwords are difficult for user to remember. So the researchers of modern days use alternative methods where graphical pictures are used as a password. Human brain is good in remembering picture than textual character. Various graphical password techniques are used, now PCCP with dynamic user blocks approach presents a more feasible way of varying the security level depending upon the user's requirements. The proposed system lets the user to select the security level. In order to help the user to memorize the password audio support can also be provided. The system influence the user to create a click based graphical password, which is more random, so that it will be difficult for the hackers to guess it.

Published
2014

300. Passwordless Authentication in Mobile e-health using a Secure Boot Non-regenerated Unique Identity and NFC

Author

Nazhatul Hafizah Kamarudin, Habibah Hashim, and Yusnani Mohd Yussoff

Subjects
Password, Password policy, Authentication, Multidisciplinary, Computer science, business.industry, Login, Computer security, computer.software_genre, One-time password, S/KEY, Authentication protocol, Challenge–response authentication, business, Mobile device, Replay attack, computer, Computer network
Abstract

Mobile e-health is a current application where people can connect with healthcare services through sensor nodes and wireless communication. Existing e-health architecture depends on a third party server in order to get connected with the hospitals. Therefore, it adds up to a security hole in the e-health architecture. Objectives: The objective of this paper is to develop a secured password less authentication protocol for mobile e-health system and to eliminate the need for a third party server. Methods/Statistical Analysis: A non-regenerated unique identity for the e-health sensor node is generated through a secure boot process and the unique value will be used as the sensor node identity. EHEART prototype is designed and e-health server is established. Near Field Communication (NFC) ring is used in this mobile e-health system to enhance the security layer of the proposed authentication protocol. Study was conducted in a closed environment with no exposure to attackers. Findings: The project results demonstrate the development of a secured passwordless authentication for e-health system. By implementing the near field communication in the e-health system, it can reduce the energy consumption where the Bluetooth module will only be automatically turned on when the mobile device is being touched by the NFC ring. EHEART application does not need any username and password combination for login request and authentication process. Formal analysis method AVISPA and SPAN is used to analyse the reliability and the security of the proposed system and it is proven to be secured from replay attack, node cloning and password break attack. Application/Improvements: The outcome form the research will ensure secure connectivity or environment in the e-health monitoring system without depending anymore on a password and third party server. NFC ring in the system will help reduce the power consumption of the mobile device.

Published
2016

Catalog

Books, media, physical & digital resources
See catalog results