ASN Chakravarthy,Prof. P S Avadhani,Prof.P S Avadhani

DOI: https://doi.org/10.48550/arXiv.1110.1495

2011-10-07

Cryptography and Security

Abstract:Password authentication is a common approach to the system security and it is also a very important procedure to gain access to user resources. In the conventional password authentication methods a server has to authenticate the legitimate user. In our proposed method users can freely choose their passwords from a defined character set or they can use a graphical image as password and that input will be normalized. Neural networks have been used recently for password authentication in order to overcome pitfall of traditional password authentication methods. In this paper we proposed a method for password authentication using alphanumeric password and graphical password. We used Back Propagation algorithm for both alphanumeric (Text) and graphical password by which the level of security can be enhanced. This paper along with test results show that converting user password in to Probabilistic values enhances the security of the system

Gloriya Mathew,Shiney Thomas

DOI: https://doi.org/10.48550/arXiv.1311.4037

2013-11-16

Abstract:User authentication is one of the most important part of information security. Computer security most commonly depends on passwords to authenticate human users. Password authentication systems will be either been usable but not secure, or secure but not usable. While there are different types of authentication systems available alphanumeric password is the most commonly used authentication mechanism. But this method has significant drawbacks. An alternative solution to the text based authentication is Graphical User Authentication based on the fact that humans tends to remember images better than text. Graphical password authentication systems provide passwords which are easy to be created and remembered by the user. However, the main issues of simple graphical password techniques are shoulder surfing attack and image gallery attack. Studies reveals that most of the graphical passwords are either secure but not usable or usable but not secure. In this paper, a new technique that uses cued click point graphical password method along with the one-time session key is proposed. The goal is to propose a new authentication mechanism using graphical password to achieve higher security and better usability levels. The result of the system testing is evaluated and it reveals that the proposed system ensures security and usability to a great extent.

Cryptography and Security

Shraddha S. Shinde,Prof. Anagha P. Khedkar

DOI: https://doi.org/10.48550/arXiv.1401.0092

2013-12-31

Abstract:In identity management system, commonly used biometric recognition system needs attention towards issue of biometric template protection as far as more reliable solution is concerned. In view of this biometric template protection algorithm should satisfy security, discriminability and cancelability. As no single template protection method is capable of satisfying the basic requirements, a novel technique for face template generation and protection is proposed. The novel approach is proposed to provide security and accuracy in new user enrollment as well as authentication process. This novel technique takes advantage of both the hybrid approach and the binary discriminant analysis algorithm. This algorithm is designed on the basis of random projection, binary discriminant analysis and fuzzy commitment scheme. Three publicly available benchmark face databases are used for evaluation. The proposed novel technique enhances the discriminability and recognition accuracy by 80% in terms of matching score of the face images and provides high security.

Computer Vision and Pattern Recognition

Hamza Touil,Nabil El Akkad,Khalid Satori,Naglaa F. Soliman,Walid El-Shafai

DOI: https://doi.org/10.1109/access.2024.3349487

IF: 3.9

2024-01-01

IEEE Access

Abstract:In this work, we propose a novel approach to enhancing the security of passwords before storing them in databases. Our method utilizes Braille transformation to encrypt the password after generating the corresponding hash. The hash is divided into multiple blocks, each representing a character treated as a transformation unit. Each character is then associated with its corresponding Braille code, which consists of 6 digits. To further enhance security, we randomly replace each occurrence of “0” in the generated string with one of the digits 7, 8, or 9. The final string, six times larger than the original hash, is then stored in the database. To evaluate our approach, we conducted several experiments and comparisons. The results demonstrate that Braille transformation is resistant to brute-force attacks, statistical attacks, and differential attacks. These results were justified using various evaluation criteria, such as execution time and memory space occupied. Braille transformation is susceptible to any modification made to the hash or the generated string, further reinforcing its security. Our Braille-based approach offers an effective solution to strengthen the security of database passwords. It provides advantages in terms of protection against different attacks and offers a robust evaluation based on relevant criteria.

computer science, information systems,telecommunications,engineering, electrical & electronic

Shraddha S. Shinde,Prof. Anagha P. Khedkar

DOI: https://doi.org/10.48550/arXiv.1312.7511

2013-12-29

Abstract:In identity management system, frequently used biometric recognition system needs awareness towards issue of protecting biometric template as far as more reliable solution is apprehensive. In sight of this biometric template protection algorithm should gratify the basic requirements viz. security, discriminability and cancelability. As no single template protection method is capable of satisfying these requirements, a novel scheme for face template generation and protection is proposed. The novel scheme is proposed to provide security and accuracy in new user enrolment and authentication process. This novel scheme takes advantage of both the hybrid approach and the binary discriminant analysis algorithm. This algorithm is designed on the basis of random projection, binary discriminant analysis and fuzzy commitment scheme. Publicly available benchmark face databases (FERET, FRGC, CMU-PIE) and other datasets are used for evaluation. The proposed novel scheme enhances the discriminability and recognition accuracy in terms of matching score of the face images for each stage and provides high security against potential attacks namely brute force and smart attacks. In this paper, we discuss results viz. averages matching score, computation time and security for hybrid approach and novel approach.

Computer Vision and Pattern Recognition,Cryptography and Security

Kim-Phuong L. Vu,Robert W. Proctor,Abhilasha Bhargav-Spantzel,Bik-Lam Tai,Joshua Cook,E. Eugene Schultz,Bik-Lam (Belin) Tai

DOI: https://doi.org/10.1016/j.ijhcs.2007.03.007

2007-08-01

Abstract:Personal information and organizational information need to be protected, which requires that only authorized users gain access to the information. The most commonly used method for authenticating users who attempt to access such information is through the use of username–password combinations. However, this is a weak method of authentication because users tend to generate passwords that are easy to remember but also easy to crack. Proactive password checking, for which passwords must satisfy certain criteria, is one method for improving the security of user-generated passwords. The present study evaluated the time and number of attempts needed to generate unique passwords satisfying different restrictions for multiple accounts, as well as the login time and accuracy for recalling those passwords. Imposing password restrictions alone did not necessarily lead to more secure passwords. However, the use of a technique for which the first letter of each word of a sentence was used coupled with a requirement to insert a special character and digit yielded more secure passwords that were more memorable.

computer science, cybernetics,ergonomics,psychology, multidisciplinary

Suyun Borjigin

2024-05-31

Abstract:Credential theft and remote attacks are the most serious threats to user authentication mechanisms. The crux of these problems is that we cannot control such behaviors. However, if a password does not contain user secrets, stealing it is useless. If unauthorized inputs are invalidated, remote attacks can be disabled. Thus, credential secrets and account input fields can be controlled. Rather than encrypting passwords, we design a dual-password login-authentication mechanism, where a user-selected secret-free login password is converted into an untypable authentication password. Subsequently, the authenticatable functionality of the login password and the typable functionality of the authentication password can be disabled or invalidated to prevent credential theft and remote attacks. Thus, the usability-security tradeoff and password reuse issues are resolved; local authentication password storage is no longer necessary. More importantly, the password converter acts as an open hashing algorithm, meaning that its intermediate elements can be used to define a truly unique identity for the login process to implement a novel dual-identity authentication scheme. In particular, the system-managed elements are concealed, inaccessible, and independent of any personal information and therefore can be used to define a perfect unforgeable process identifier to identify unauthorized inputs.

Cryptography and Security,Emerging Technologies,Systems and Control

Ms. Kowsalya,Mr. Yogalingam,Mr. Sanjay Prasath,Mr. Surya Prakash

DOI: https://doi.org/10.22214/ijraset.2023.49669

2023-04-30

International Journal for Research in Applied Science and Engineering Technology

Abstract:Abstract: Graphical passwords, two-factor authentication, and other ways are just a few of the many options we have for authentication. Text based protection. Codes are susceptible to a variety of assaults, including dictionary attacks. As a result, as part of the authentication procedure, in addition to the usual alpha-numeric password, we also utilise pictures with captchas. It also fixes the problems with the pass points of graphical password systems. Automated Turing Test for Computers and Humans that Is Completely Public (CAPTCHA) Users who have successfully authenticated must pass a test in order to access their individual mail accounts. Accounts that put the secrecy, reliability, and privacy of data at risk are attacked by bots and other malicious software. This was stopped by the invention of CAPTCHA.

Swimpy Pahuja,Navdeep Goel

DOI: https://doi.org/10.3233/aic-220247

IF: 1.029

2024-05-18

AI Communications

Abstract:Critical applications ranging from sensitive military data to restricted area access demand selective user authentication. The prevalent methods of tokens, passwords, and other commonly used techniques proved deficient as they can be easily stolen, lost, or broken to gain illegitimate access, leading to data spillage. Since data safety against tricksters is a significant issue nowadays, biometrics is one of the unique human characteristic-based techniques that may give better solutions in this regard. The technique entails biometric authentication of users based on an individual's inimitable physiological or behavioral characteristics to provide access to a specific application or data. This paper provides a detailed description of authentication and its approaches, focusing on biometric-based authentication methods, the primary challenges they encounter, and how they have been addressed. The tabular view shows the benefits and downsides of various multimodal biometric systems, and open research challenges. To put it another way, this article lays out a roadmap for the emergence of multimodal biometric-based authentication, covering both the challenges and the solutions that have been proposed. Further, the urge to develop various multi-trait-based methods for secure authentication and data privacy is focused. Lastly, some multimodal biometric systems comprising fingerprint and iris modalities have been compared based on False Accept Rate (FAR), False Reject Rate (FRR), and accuracy to find the best secure model with easy accessibility.

computer science, artificial intelligence

Qibin Sun,Zhi Li,Xudong Jiang,Alex Kot

DOI: https://doi.org/10.1109/iscas.2008.4542082

2008-01-01

Abstract:Graphical password (i.e., image based authentication) is considered as a promising alternative to traditional textual password for mobile devices, to achieve better tradeoff between usability and security. However, previous proposals of graphical password have the limitation of limited entropy. In this paper, we propose a new scheme incorporating user face based authentication into the association-based graphical password solution we proposed before, aiming at achieving higher security without compromising user-friendliness for mobile application scenarios. System performance analysis and comparisons with other schemes are presented to validate our scheme.

Yao Cheng,Chang Xu,Zhen Hai,Yingjiu Li

DOI: https://doi.org/10.1109/tdsc.2020.2987025

2022-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Strong passwords are fundamental to the security of password-based user authentication systems. In the recent years, much effort has been made to evaluate the password strength or to generate strong passwords. Unfortunately, the usability or memorability of the strong passwords has been largely neglected. In this article, we aim to bridge the gap between strong password generation and the usability of strong passwords. We propose to automatically generate textual password mnemonics, i.e., natural language sentences, which are intended to help users better memorize passwords. We introduce DeepMnemonic, a deep attentive encoder-decoder framework which takes a password as input and then automatically generates a mnemonic sentence for the password. We conduct extensive experiments to evaluate DeepMnemonic on the real-world data sets. The experimental results demonstrate that DeepMnemonic outperforms a well-known baseline for generating semantically meaningful mnemonic sentences. Moreover, the user study further validates that the generated mnemonic sentences by DeepMnemonic are useful in helping users memorize strong passwords.

computer science, information systems, software engineering, hardware & architecture

Manik Lal Das,Ashutosh Saxena,Ved P. Gulati

DOI: https://doi.org/10.1109/TCE.2004.1309441

2007-12-14

Abstract:Password-based authentication schemes are the most widely used techniques for remote user authentication. Many static ID-based remote user authentication schemes both with and without smart cards have been proposed. Most of the schemes do not allow the users to choose and change their passwords, and maintain a verifier table to verify the validity of the user login. In this paper we present a dynamic ID-based remote user authentication scheme using smart cards. Our scheme allows the users to choose and change their passwords freely, and do not maintain any verifier table. The scheme is secure against ID-theft, and can resist the reply attacks, forgery attacks, guessing attacks, insider attacks and stolen verifier attacks.

Cryptography and Security

Nicholas Micallef,Nalin Asanka Gamagedara Arachchilage

DOI: https://doi.org/10.48550/arXiv.1707.08073

2017-07-26

Abstract:Security questions are one of the techniques used in fall-back authentication to retrieve forgotten passwords. This paper proposes a game design which aims to improve usability of system-generated security questions. In our game design, we adapted the popular picture-based "4 Pics 1 word" mobile game. This game asks users to pick the word that relates the given pictures. We selected this game because of its use of pictures and cues, in which, psychology research has found to be important to help with memorability. The proposed game design focuses on encoding information to users' long- term memory and to aide memorability by using the follow- ing memory retrieval skills: (a) graphical cues - by using images in each challenge; (b) verbal cues - by using verbal descriptions as hints; (c) spatial cues - by keeping same or- der of pictures; (d) interactivity - engaging nature of the game through the use of persuasive technology principles.

Cryptography and Security,Human-Computer Interaction

Hala Assal,Ahsan Imran,Sonia Chiasson

DOI: https://doi.org/10.48550/arXiv.1610.09743

2016-10-31

Abstract:In this paper, we explore graphical passwords as a child-friendly alternative for user authentication. We evaluate the usability of three variants of the PassTiles graphical password scheme for children, and explore the similarities and differences in performance and preferences between children and adults while using these schemes. Children were most successful at recalling passwords containing images of distinct objects. Both children and adults prefer graphical passwords to their existing schemes, but password memorization strategies differ considerably between the two groups. Based on our findings, we provide recommendations for designing more child-friendly authentication schemes.

Human-Computer Interaction

Hung-Min Sun,Yao-Hsin Chen,Chiung-Cheng Fang,Shih-Ying Chang

DOI: https://doi.org/10.1145/2414456.2414513

2012-01-01

Abstract:Text passwords have been used in authentication systems for many decades. Users must recall the textual strings selected during registration to pass authentication. However, there are some serious problems with text passwords recollection and security. Hence, various graphical-password authentication systems have been proposed to solve the problems of text passwords. Previous studies indicate that humans are better at recognizing and recalling images than texts. In 2005, Wiedenbeck et al. proposed PassPoints in which a password consists of a sequence of click-points (5 to 8) that a user chooses on an image. In the paper, we proposed an alternative system in which users can memorize fewer points while providing more security than PassPoints. Based on the idea of using an extremely large image as the password space, we propose a novel world map based graphical password authentication system called PassMap in which a password consists of a sequence of 2 click-points that a user selects on an large world map. We also conducted a user study for evaluation. The result shows that the passwords of PassMap are easy to memorize for humans and PassMap is friendly to use in practice. Furthermore, PassMap provides higher entropy than PassPoints and also increases the cost of attacks.

K. Ashwini,G. N. Keshava Murthy,S. Raviraja,G. A. Srinidhi

DOI: https://doi.org/10.1155/2024/8112209

2024-06-08

BioMed Research International

Abstract:Existing security issues like keys, pins, and passwords employed presently in almost all the fields that have certain limitations like passwords and pins can be easily forgotten; keys can be lost. To overcome such security issues, new biometric features have shown outstanding improvements in authentication systems as a result of significant developments in biological digital signal processing. Currently, the multimodal authentications have gained huge attention in biometric systems which can be either behavioural or physiological. A biometric system with multimodality club data from many biometric modalities increases each biometric system's performance and makes it more resistant to spoof attempts. Apart from electrocardiogram (ECG) and iris, there are a lot of other biometric traits that can be captured from the human body. They include face, fingerprint, gait, keystroke dynamics, voice, DNA, palm vein, and hand geometry recognition. Electrocardiograms (ECG) have recently been employed in unimodal and multimodal biometric recognition systems as a novel biometric technology. When compared to other biometric approaches, ECG has the intrinsic quality of a person's liveness, making it difficult to fake. Similarly, the iris also plays an important role in biometric authentication. Based on these assumptions, we present a multimodal biometric person authentication system. The projected method includes preprocessing, segmentation, feature extraction, feature fusion, and ensemble classifier where majority voting is presented to obtain the final outcome. The comparative analysis shows the overall performance as 96.55%, 96.2%, 96.2%, 96.5%, and 95.65% in terms of precision, F1‐score, sensitivity, specificity, and accuracy.

biotechnology & applied microbiology,medicine, research & experimental

Vishal Vadgama,Bhavin Tanti,Chirag Modi,Nishant Doshi

DOI: https://doi.org/10.48550/arXiv.1208.3859

2012-08-19

Cryptography and Security

Abstract:In today's world of E-Commerce everything comes online like Music, E-Books, Shopping all most everything is online. If you are using some service or buying things online then you have to pay for that. For that you have to do Net Banking or you have to use Credit card which will do online payment for you. In today's environment when everything is online, the service you are using for E-Payment must be secure and you must protect your banking information like debit card or credit card information from possible threat of hacking. There were lots way to threat like Key logger, Forgery Detection, Phishing, Shoulder surfing. Therefore, we reveal our actual information of Bank and Credit Card then there will be a chance to lose data and same credit card and hackers can use banking information for malicious purpose. In this paper we discuss available E-Payment protocols, examine its advantages and delimitation's and shows that there are steel needs to design a more secure E-Payment protocol. The suggested protocol is based on using hash function and using dynamic or virtual password, which protects your banking or credit card information from possible threat of hacking when doing online transactions.

Zhangyu Meng,Jun Kong,Juan Li

DOI: https://doi.org/10.1016/j.cose.2021.102187

2021-04-01

Abstract:<p>Due to its invisibility feature, pressure is useful to enhance the security of authentication, especially preventing the shoulder surfing attack. However, users are more familiar with digital passwords than pressure-based passwords. In order to improve the usability of pressure-based authentication, this paper instantiates a pressure-based password (i.e., a sequence of pressures) to a decimal number. In addition, our approach features personalized pressure detection. The personalization further enhances security since an attacker must have a pressure habit that is consistent with the user. We conducted a series of user studies to compare the traditional four-digit password with our pressure-based password. The empirical result indicates that a pressure-based password is more resistant to the shoulder surfing attack than a four-digit password. However, it takes more time to input a pressure-based password on the first-time usage. The slowdown is caused by a modality change from vision to pressure. A field study that lasted for 10 days revealed that the side effect of modality change can be overcome through regular usages.</p>

computer science, information systems

Jaryn Shen,Timothy T. Yuen,Kim-Kwang Raymond Choo,Qingkai Zeng

DOI: https://doi.org/10.1007/978-3-030-21548-4_28

2019-01-01

Abstract:Passwords are widely used in online services, such as electronic and mobile banking services, and may be complemented by other authentication mechanism(s) for example in two-factor or three-factor authentication systems. There are, however, a number of known limitations and risks associated with the use of passwords, such as man-in-the-middle (MitM) and offline guessing attacks. In this paper, we present AMOGAP, a novel text password-based user authentication mechanism, to defend against MitM and offline guessing attacks. In our approach, users can select easy-to-remember passwords, and AMOGAP converts currently-used salted and hashed password files into user tokens, whose security relies on the Decisional Diffie-Hellman (DDH) assumption, at the server end. In other words, we use a difficult problem in number theory (i.e., DDH problem), rather than a one-way hash function, to ensure security against offline password guessing attackers and MitM attackers. AMOGAP does not require any change in existing authentication process and infrastructure or incur additional costs at the server.

Sajaad Ahmed Lone,Ajaz Hussain Mir

DOI: https://doi.org/10.1108/ijpcc-04-2021-0097

2021-08-19

International Journal of Pervasive Computing and Communications

Abstract:Purpose Because of the continued use of mobile, cloud and the internet of things, the possibility of data breaches is on the increase. A secure authentication and authorization strategy is a must for many of today’s applications. Authentication schemes based on knowledge and tokens, although widely used, lead to most security breaches. While providing various advantages, biometrics are also subject to security threats. Using multiple factors together for authentication provides more certainty about a user’s identity; thus, leading to a more reliable, effective and more difficult for an adversary to intrude. This study aims to propose a novel, secure and highly stable multi-factor one-time password (OTP) authentication solution for mobile environments, which uses all three authentication factors for user authentication. Design/methodology/approach The proposed authentication scheme is implemented as a challenge-response authentication where three factors (username, device number and fingerprint) are used as a secret key between the client and the server. The current scheme adopts application-based authentication and guarantees data confidentiality and improved security because of the integration of biometrics with other factors and each time new challenge value by the server to client for OTP generation. Findings The proposed authentication scheme is implemented on real android-based mobile devices, tested on real users; experimental results show that the proposed authentication scheme attains improved performance. Furthermore, usability evaluation proves that proposed authentication is effective, efficient and convenient for users in mobile environments. Originality/value The proposed authentication scheme can be adapted as an effective authentication scheme to accessing critical information using android smartphones.

English Else