13-07-2012, 04:26 PM
Implicit Password Authentication System
Abstract:
Authentication is the first line of defense against compromising confidentiality and integrity. Though traditional login/password based schemes are easy to implement, they have been subjected to several attacks. As alternative, token and biometric based authentication systems were introduced. However, they have not improved substantially to justify the investment. Thus, a variation to the login/password scheme, viz. graphical scheme was introduced. But it also suffered due to shoulder-surfing and screen dump attacks. In this paper, we introduce a framework of our proposed (IPAS) Implicit Password Authentication System, which is immune to the common attacks suffered by other authentication schemes.
Existing System:
The traditional username/password or PIN based authentication scheme is an example of the “what you know type”. Smartcards. As an alternative to the traditional password based scheme, the biometric system was introduced. This relies upon unique features unchanged during the life time of a human, such as finger prints, iris etc.
Token based systems rely on the use of a physical device such as smartcards or electronic-key for authentication purpose. Graphical-based password techniques have been proposed as a potential alternative to text-based techniques, supported partially by the fact that humans can remember images better than text. In general, the graphical password techniques can be classified into two categories: recognition-based and recall based graphical techniques.
In recognition-based systems, a group of images are displayed to the user and an accepted authentication requires a correct image being clicked or touched in a particular order. In recall-based systems, the user is asked to reproduce something that he/she created or selected earlier during the registration phase. Recall based schemes can be broadly classified into two groups, pure recall-based technique and cued recall-based technique.
Disadvantages:
Alphanumeric passwords are used widely, they have problems such as being hard to remember, vulnerable to guessing, dictionary attack, key-logger, shoulder-surfing and social engineering.
The major problem of biometric as an authentication scheme is the high cost of additional devices needed for identification process.
Although a recognition-based graphical password seems to be easy to remember, which increases the usability, it is not completely secure. It needs several rounds of image recognition for authentication to provide a reasonably large password space, which is tedious.
Proposed System:
In this paper, we focus only on “what you know” types of authentication. We propose our Implicit Password Authentication System. IPAS is similar to the Pass Point scheme with some finer differences. In every “what you know type” authentication scheme we are aware of, the server requests the user to reproduce the fact given to the server at the time of registration. This is also true in graphical passwords such as Pass Point. In IPAS, we consider the password as a piece of information known to the server at the time of registration and at the time of authentication, the user give this information in an implicit form that can be understood only by the server.
Advantages:
The strength of IPAS depends greatly on how effectively the authentication information is embedded implicitly in an image and it should be easy to decrypt for a legitimate user and highly fuzzy for a non-legitimate user.
No password information is exchanged between the client and the server in IPAS, Since the authentication information is conveyed implicitly
Modules:
Create User profile Vector:
While registration of user information, the user id, security question and answer are getting for creating profile vector. Every user selects answer for security questions at the time of registration and provides their individual answer. For each question, the system then either creates an authentication space .Once the authentication space is created, the system is ready for authenticating a user.
Generate Random Question:
For each question, the server may choose a random scenario from the authentication space that represents the correct answer. The chosen scenario will have one or more “clickable” points that represent the answer to the question provided by the particular user.
Compare User Profile/login Profile:
Enters User name and answer as location points for the random security question will decide that the user is legitimate or an imposter. the authentication information is presented to the user in an implicit form that can be understood and decoded only by the legitimate end user.
SMS Services:
SMS or Short Message Service allows Cellular or Mobile phones to send and receive Text Messages. This can be alphanumeric and more recently graphical. A sent SMS message is stored at an SMS Center (SMSC) until the receiver’s phone receives it. The receiver can identify the sender by his/her telephone number that is included in the message itself. The User will Check the Mobile Inbox if any alert messages received or not.
Mobile Transaction:
Transaction on mobile is used to transform money between two peoples. These two peoples must be registered with IPAS in a Bank. This transaction starts with SMS. If USER1 wants to pay money to USER2, both of them should have mobile phone. User must login with IPAS. User1 simply types SMS to particularly bank with his 4 digits PIN, Amount and Account No. Bank server processes the request and Amount is transferred to designation account. Confirmation SMS is sends to particular USER.
Account Management/Balance Enquiry:
User can able to deposit the amount to another user; Admin can manage the account details of the user’s. If any update in the balance amount as both users can see in mobile. User sends money to another user, that messages can able to view the particular user and know the balance details. It refreshes the inbox details automatically.
Abstract:
Authentication is the first line of defense against compromising confidentiality and integrity. Though traditional login/password based schemes are easy to implement, they have been subjected to several attacks. As alternative, token and biometric based authentication systems were introduced. However, they have not improved substantially to justify the investment. Thus, a variation to the login/password scheme, viz. graphical scheme was introduced. But it also suffered due to shoulder-surfing and screen dump attacks. In this paper, we introduce a framework of our proposed (IPAS) Implicit Password Authentication System, which is immune to the common attacks suffered by other authentication schemes.
Existing System:
The traditional username/password or PIN based authentication scheme is an example of the “what you know type”. Smartcards. As an alternative to the traditional password based scheme, the biometric system was introduced. This relies upon unique features unchanged during the life time of a human, such as finger prints, iris etc.
Token based systems rely on the use of a physical device such as smartcards or electronic-key for authentication purpose. Graphical-based password techniques have been proposed as a potential alternative to text-based techniques, supported partially by the fact that humans can remember images better than text. In general, the graphical password techniques can be classified into two categories: recognition-based and recall based graphical techniques.
In recognition-based systems, a group of images are displayed to the user and an accepted authentication requires a correct image being clicked or touched in a particular order. In recall-based systems, the user is asked to reproduce something that he/she created or selected earlier during the registration phase. Recall based schemes can be broadly classified into two groups, pure recall-based technique and cued recall-based technique.
Disadvantages:
Alphanumeric passwords are used widely, they have problems such as being hard to remember, vulnerable to guessing, dictionary attack, key-logger, shoulder-surfing and social engineering.
The major problem of biometric as an authentication scheme is the high cost of additional devices needed for identification process.
Although a recognition-based graphical password seems to be easy to remember, which increases the usability, it is not completely secure. It needs several rounds of image recognition for authentication to provide a reasonably large password space, which is tedious.
Proposed System:
In this paper, we focus only on “what you know” types of authentication. We propose our Implicit Password Authentication System. IPAS is similar to the Pass Point scheme with some finer differences. In every “what you know type” authentication scheme we are aware of, the server requests the user to reproduce the fact given to the server at the time of registration. This is also true in graphical passwords such as Pass Point. In IPAS, we consider the password as a piece of information known to the server at the time of registration and at the time of authentication, the user give this information in an implicit form that can be understood only by the server.
Advantages:
The strength of IPAS depends greatly on how effectively the authentication information is embedded implicitly in an image and it should be easy to decrypt for a legitimate user and highly fuzzy for a non-legitimate user.
No password information is exchanged between the client and the server in IPAS, Since the authentication information is conveyed implicitly
Modules:
Create User profile Vector:
While registration of user information, the user id, security question and answer are getting for creating profile vector. Every user selects answer for security questions at the time of registration and provides their individual answer. For each question, the system then either creates an authentication space .Once the authentication space is created, the system is ready for authenticating a user.
Generate Random Question:
For each question, the server may choose a random scenario from the authentication space that represents the correct answer. The chosen scenario will have one or more “clickable” points that represent the answer to the question provided by the particular user.
Compare User Profile/login Profile:
Enters User name and answer as location points for the random security question will decide that the user is legitimate or an imposter. the authentication information is presented to the user in an implicit form that can be understood and decoded only by the legitimate end user.
SMS Services:
SMS or Short Message Service allows Cellular or Mobile phones to send and receive Text Messages. This can be alphanumeric and more recently graphical. A sent SMS message is stored at an SMS Center (SMSC) until the receiver’s phone receives it. The receiver can identify the sender by his/her telephone number that is included in the message itself. The User will Check the Mobile Inbox if any alert messages received or not.
Mobile Transaction:
Transaction on mobile is used to transform money between two peoples. These two peoples must be registered with IPAS in a Bank. This transaction starts with SMS. If USER1 wants to pay money to USER2, both of them should have mobile phone. User must login with IPAS. User1 simply types SMS to particularly bank with his 4 digits PIN, Amount and Account No. Bank server processes the request and Amount is transferred to designation account. Confirmation SMS is sends to particular USER.
Account Management/Balance Enquiry:
User can able to deposit the amount to another user; Admin can manage the account details of the user’s. If any update in the balance amount as both users can see in mobile. User sends money to another user, that messages can able to view the particular user and know the balance details. It refreshes the inbox details automatically.