27-09-2016, 04:39 PM
1456453819-SESAMENLC.docx (Size: 44.74 KB / Downloads: 4)
Abstract— Authentication is a process by which a system validates the identity of a user []. User authentication is the mechanism for authentication and protects user data or unauthorized access of information. The most common computer authentication method is text-based passwords. Text based passwords are vulnerable to social engineering attacks, either weak-and-memorable or secure-but-difficult-to-remember. This method has been shown to have significant drawbacks. To address this problem some researchers have established authentication methods like alphanumerical passwords. Often alphanumerical passwords are combination of alphabets and numbers which makes the password greater in length and hard to remember. User can write our password in page or in computer file but if the page is damage or that computer file is corrupted then password is lost. Existing password scheme is easy to break through different attack i.e. dictionary attack, brute force attack, shoulder-surfing. A new hybrid graphical password based system is a combination of recognition and pure recall based techniques. This scheme is proposed for smart handheld devices like smart phone. Hybrid graphical password have been designed to make passwords more memorable and easier for people to use
1. INTRODUCTION
Most Internet services like email, e-banking and social networking implement access control via a username password based authentication scheme. This creates an ambiguity to the user for which all passwords to remember and there’s always a threat that the passwords may be hacked by someone. People even tend to write passwords on chits of papers and on diaries which can be hacked by someone to get the illegal and ill-legitimate access to the system. Textual passwords thus are likely to remain at least for now as the only way to authenticate a user to web services.
However, an adversary, by gaining knowledge of a user’s password (e.g., by brute force attack), can compromise a user’s access to such services. This concern can be largely alleviated by having users choose strong and complex passwords (which have high information entropy) for authentication. In fact, some Service Providers have enforced password creation policies to make users choose such strong and complex passwords. However, there are two inherent issues with users being forced to choose stronger (or complex) passwords. First, studies such have indicated that enforcing stricter password rules causes users to take shortcuts like writing down the complex password in clear text, either on paper or electronically, as a memory aid. Thus, it is easy for an adversary to get hold of the complex password.
The second issue with complex passwords is the reuse or recycle of the same password for different services since remembering different passwords is burdensome. More than 34% of the people reused the exact password while almost 18% reused them with minor modifications. The study in also found that 41% of accounts from a university system could each be cracked in three seconds, using the knowledge of their expired passwords. A malicious entity can thus easily crack a user’s password if she has the knowledge of password composition trends by the user or (and) if passwords are reused. To add to this, the risk of compromising her password either from shoulder surfing techniques or key loggers on end systems always exists, especially in public places or systems. In shoulder surfing, an adversary is able to watch a user keying in her credential by visually recording the user’s keystrokes. Keyloggers are programs or hardware devices that record all keyboard strokes.
Perhaps the most serious problem today is that current authentication systems have no mechanisms to recognize the identity of the person who enters the password; in other words, there is no way of verifying if the person presenting the credentials is actually the person that she is claiming to be. Since the communication channels can be secured using protocols such as https, SSL, TLS, the weakest link which controls a user’s access to web services today is the human factor due to the need of entering passwords. Hence, there is a clear need for a new system that secures the human computer interaction, especially for password entry in order to secure the end-to- end flow of data. One solution to the problem associated with passwords is to use biometrics as credentials to access web services. However, this would require an overhaul of the entire Internet and related web based services.
Addressing these issues amounts to essentially finding the right answers to the following two important questions:
1. How do we build a system that overcomes the security limitations of passwords?
2. How do we overcome the tough job of remembering complex passwords?
The Contribution of our system and current referred paper gives the solution for the system. Replace the textual passwords by image based passwords, and let the user use the passwords as images which will be a vivid set of images being displayed to the user randomly making difficult for the attacker and the person who shoulder surfs it. Assimilate emerging technologies such as Cloud Authentication using modern protocols like REST
The above two questions and answers for the questions only satisfies the replacement
technique adapted by the proposed application, in fact this results only half of the system, later the proposed system creates a secure medium over a Bluetooth channel to cater the communication between the computer based application of which the user needs the access and the smart phone which acts as the key for that computer based application installed on the host.
3. OVERVIEW OF PROPOSED SYSTEM
A user can access web application or a computer based desktop application on a Host Terminal via a smart device. Here the Host Terminal is used to view the web content while the smart device is used for authentication purposes. The Smart phone communicates with the host with Bluetooth channel, the smart phone application installed on the users smart phone will authenticate user on randomized image based authentication which will be authenticated over a Web Service