29-08-2014, 12:33 PM
Graphical password, text password are authentication
Graphical password.doc (Size: 69 KB / Downloads: 7)
abstract-
Graphical password, text password are authentication of users on web sites because of its implicitly and easy. User's passwords are easy to hack by using different malicious programs and threats. First, Users select easy to remember password because nowadays they using many accounts on different web sites. To login to web sites they need to remember all passwords. So users would choose easy to remember passwords, but these passwords are not safe. Reusing passwords across different web sites may cause users to lose their information which is stored in web sites once the password hacked or compromised by attacker. Second, hackers can install malicious software to get the passwords, when user typing their username and password into unknown public computers. In this paper, developing web based security analysis of one Time password authentication schemes using mobile application. A user authentication protocol which involves user's cell phone and short message service to prevent password stealing and reuse attacks. User's only need to remember a long term password for login on different websites
INTRODUCTION
Password-based user authentication has a problem that humans are not able to remember all passwords. Because, most users would choose easy-to-remember passwords even if they know the passwords might be unsafe. Another crucial problem is that users reuse passwords across various websites For online accounts, users are at the same machine but access many different accounts. The average user has 6.5 passwords, each of which is shared across 3.9 different websites. Each user has about 25 accounts that require passwords, and types an average of 8 passwords per day. Users would choose weak passwords to remember easily. Users forget passwords a lot: we estimate that at least 1.5% of Yahoo users forget their passwords each month.
Graphical passwords are an alternative to text passwords, whereby a user is asked to remember an image (or parts of an image) instead of a word. Humans have difficulty remembering complex or meaningless passwords. Pass Points involves a user creating a five-point click sequence on a
background image. Scalable attacks require that the attacker collect sufficient "human-computed" data for the target image, which is more costly for systems with multiple images. This leads to ask whether more scalable attacks exist, and in particular, effective fully automated attacks. An attacker may install a malicious program such as a keystroke logger that can observe and modify a legitimate software environment, compromise modifiable software such as the BIOS, or add malicious hardware such as a USB sniffer. Each of these attacks poses password stealing attacks.
PROPOSED SYSTEM
The Objective of web based security analysis of opass authentication schemes using mobile application is free users from having to remember or type any passwords into un trusted public computers for authentication. A user authentication protocol which involves user's cell phone and short message service to prevent password stealing and reuse attacks. The cell phone, which is used to generate one-time passwords and SMS, which is used to transmit authentication messages between web server and trusted mobile devices. Users only need to remember a long-term password for login on all websites. A user authentication protocol has to develop mainly for overcoming below two major problems. First, Forget the Password so the user didn't Login any one Website and he/she can't access any information from that's website. Second Reusing passwords causes a domino effect, when an adversary compromises one password, adversary will exploit it to gain access to more websites. Hacker Applying Random-Key Function Method for Hacking the user password. Users are able to log into web services without entering passwords on their computers. Thus, malware cannot obtain a user's password from un trusted computers. oPass schemes achieves one-time password approach. The cell phone automatically derives different passwords for each login. The password is different during each login. Under one-time password approach, users do not need to remember any password for login. They only keep a long-term password for accessing their cell phones
I design a user authentication protocol named oPass which leverages a user’s cell phone and short message service to plan password stealing and password reuse attacks. OPass
only requires each participating website possesses a unique phone number, and involves a telecommunication service provider in registration and recovery phases. Through oPass, users only need to remember a long-term password for login on all websites. After evaluating the oPass prototype, we believe oPass is efficient and affordable compared with the conventional web authentication mechanisms. This long term password is used to generate a chain of one-time introduced years before. evaluated new graphical password schemes to achieve better security than text passwords.
When Graphical password users were creating passwords they were able to quickly and easily create a valid password, but to learn those passwords they had more difficulty than alphanumeric password users. However, the graphical users took longer time and made more invalid password as compared to alphanumeric users while practicing their passwords Biddle studied Multiple Password Interference and Click-Based Graphical Passwords. They concluded that graphical password users managed significantly better than text password users and they did not use similar passwords across multiple accounts. They also concluded that remembering multiple click-based graphical passwords is easier than remembering multiple text passwords. Text password users made comparatively more recall errors than graphical password which was based on two areas i.e. security and usability. Passwords for further logins on the target server. Then, the program automatically sends a registration SMS message to the server for completing the registration procedure. The user name is the only information input to the browser. Next, the user opens the oPass program on her phone and enters the long-term password, the program will generate a one-time password and send a login SMS securely to the server. The login SMS is encrypted by the one-time password.
The main Objective of OPass is free users from having to remember or type any passwords into conventional computers for authentication. Unlike generic user authentication, oPass involves a new component, the cell phone, which is used to generate one-time passwords and a new communication channel, SMS, which is used to transmit authentication messages
TECHNIQUES USED:
1. UK(Unique Key) Generation
2. Triple DES (Data Encryption Standard)
Computer Network is an interconnected group of autonomous computing nodes which use a well- defined, mutually-agreed set of rules and conventions known as Protocols, interact with one another meaningfully and allow resource sharing preference in a predictable and controllable manner. Study of methods of analysis of security requirements and needs of such system and consequent design, implementation and deployment is the primary scope of the discipline named as Network Security. Although named as network security, the principles and mechanisms.
CONCLUSION
A user authentication protocol which involves user's cell phone and short message service to prevent password stealing and reuse attacks. User's only need to remember a long term password for login on different websites. Web based security analysis of opass authentication schemes using mobile application is acceptable and reliable for users. The performance of login of oPass schemes is better than graphical and text password schemes. In computer security, a login or logon is the process by which individual access to a computer system is controlled by identifying and authenticating the user referring to credentials presented by the user. This protocol applied in many security areas such as, Networking, Online business, Government sectors, Military sectors. password recovery is also considered and supported when users lose their cell phones. To make a user authentication protocol fully functional,
password recovery is also considered and supported when users lose their cell phones. They can recover the system with reissued same SIM cards and long-term passwords