26-02-2013, 01:08 PM
WEB BASED SECURITY ANALYSIS OF OPASS AUTHENTICATION SCHEMES USING MOBILE APPLICATION
WEB BASED SECURITY.doc (Size: 110 KB / Downloads: 26)
OBJECTIVES:
To develop web based security analysis of one Time password authentication schemes using mobile application.
PROBLEM DEFINITION
Text password is the most popular form of user authentication on websites due to its convenience and simplicity. However, users’ passwords are prone to be stolen and compromised under different threats and vulnerabilities. Firstly, users often select weak passwords and reuse the same passwords across different websites. Routinely reusing passwords causes a domino effect; when an adversary compromises one password, she will exploit it to gain access to more websites. Second, typing passwords into untrusted computers suffers password thief threat. An adversary can launch several password stealing attacks to snatch passwords, such as phishing, key loggers and malware.
ABSTRACT:
In this paper, we design a user authentication protocol named oPass which leverages a user’s cellphone and short message service to thwart password stealing and password reuse attacks. OPass only requires each participating website possesses a unique phone number, and involves a telecommunication service provider in registration and recovery phases. Through oPass, users only need to remember a long-term password for login on all websites. After evaluating the oPass prototype, we believe oPass is efficient and affordable compared with the conventional web authentication mechanisms.
EXISTING SYSTEM:
Captcha Based Login System
Text Password Based Login System
Cryptography based Login system
Image based Login System.
Biometric Based Login System
DISADVANTAGE:
Forget The Password So the user didn’t Login any one Website and he/she can’t access any information from that’s website.
Reusing passwords causes a domino effect, when an adversary compromises one password, she will exploit it to gain access to more websites
Hacker Applying Random-Key Function/Method for Hacking the user password
PROPOSED SYSTEM:
The main Objective of OPass is free users from having to remember or type any passwords into conventional computers for authentication. Unlike generic user uthentication, oPass involves a new component, the cellphone, which is used to generate one-time passwords and a new communication channel, SMS, which is used to transmit authentication messages.
ADVANTAGE:
Anti-malware
Phishing Protection
Secure Registration and Recovery
Password Reuse Prevention and Weak Password Avoidance
Cellphone Protection
ALGORITHM USED:
1. UK(Unique Key) Generation
2. Triple DES(Data Encryption Standard)