20-11-2012, 05:39 PM
Authentication System for Banking Using Implicit Password
Authentication System.pdf (Size: 248.87 KB / Downloads: 50)
Abstract
In this paper, we introduce a Authentication Scheme for banking by using implicit password. As we know graphical password scheme suffered from shoulder-surfing and screen dump attacks. As we know for banking security is is the first line of defence against compromising confidentiality and integrity. Simply the username and password schemes are easy to implement. But that traditional scheme have been subjected to several attacks. Token and biometric based authentication systems were introduced for alternative to traditional scheme. However, they have not improved substantially to justify the investment.
INTRODUCTION
A key area in security research is authentication, the determination of whether a user should be allowed access to a given system or resource The important aspect of authentication is confidentiality and integrity. Also, for protecting any resource adequate authentication is the first line of defense. I Also, for protection of resource we use authentication as a service. It is important that the same authentication technique should not be used in every situation. A complication is that users may have many passwords for Bank, network and web sites. The large number of passwords increases interference and it is lead to forgetting or confusing passwords. The acceptability of any authentication scheme greatly depends on its robustness against attacks as well as its resource requirement both at the client and at the server end. It means authentication scheme require processing at client and sever end. Due to the proliferation of mobile and hand-held devices the resource requirement has become a major factor. The implicit passwords main application is the protection of critical resources and systems. Nowadays users can access any information including banking and corporate database with the use of mobile phones. In this paper, we target the mobile banking domain and propose a new and intelligent authentication scheme that is implicit password. However, our proposal can also be used in other scenario where confidentiality and integrity are the major security requirements. We propose our Authentication System for banking using Implicit Password. in which the scheme allows any image to be used and it does not need artificial predefined click regions with well-marked boundaries – a password can be any arbitrarily chosen sequence of points in the image with some finer differences.
IMPLEMENTATION
Implementation is the stage of the project when the theoretical concept is turned out into a working system. Thus implementation is considered as the most critical stage in achieving a successful new system and in giving the user, confidence that the new system will work and be effective. The implementation stage involves careful planning, analysis of the existing system and it’s constraints on implementation, designing of methods to achieve changeover and evaluation of changeover methods.
Short Message Service:
SMS or Short Message Service allows Mobile or Cellular phones to send and receive Text Messages. This can be graphical and more recently alphanumeric. A sent SMS message is stored at an SMS Center (SMSC) until the receiver’s phone receives it. With the help of sender’s number which is included in the message itself, the receiver can identify the sender. The User will Check the Mobile Inbox if any alert messages received or not.
OBJECTIVES
1. Input Design is the process of transferring a user-oriented description of the input into a computer-based system. This design is important to avoid errors in the data input process and show the correct direction to the management for getting correct information from the computerized system. 2. It is achieved by creating user-friendly screens for the data entry to handle large volume of data. The aim of designing input is to make data entry easier and to be free from errors. The data entry screen is designed in such a way that all the data manipulates can be performed. It also provides record viewing facilities.
SYSTEM ANALYSIS
Existing System
The example of “what you know type” is The traditional username/password or PIN based authentication scheme. The biometric system was introduce, as an alternative to the traditional password based scheme,. This relies upon unique features unchanged during the life time of a human, such as finger prints, iris etc. Token based systems rely on the use of a physical device such as smartcards or electronic-key for authentication purpose. Graphical-based password techniques , supported partially by the fact that humans can remember images better than text, which have been proposed as a potential alternative to text-based techniques. In general, the graphical password techniques can be classified into two categories: recall based and recognition-based graphical techniques. In recall-based systems, the user is asked to reproduce something that he/she created or selected earlier during the registration phase. Recall based schemes can be broadly classified into two groups, pure recall-based technique and cued recall-based technique. In recognition-based systems, a group of images are displayed to the user and an accepted authentication requires a correct image being clicked or touched in a particular order.
Proposed System
In this paper, we specially focus only on “what you know” types of authentication. We propose our Implicit Password Authentication System for banking. IPAS is similar to the Pass Point scheme with some finer differences. In every “what you know type” authentication scheme we are aware of, the server requests the user to reproduce the fact given to the server at the time of registration. This is also true in graphical passwords such as Pass Point. In IPAS for banking, we consider the piece of information i.e. password as a known to the server at the time of registration and at the time of authentication, the user give this information in an implicit form that can be understood only by the server.
CONCLUSION
In this paper, we have proposed a new Implicit Password Authentication System for Banking, where the information of authentication is presented to the user implicitly. If the user “clicks” the same grid-of-interest compared with the server, the user is implicitly authenticated. No password information is exchanged between the client and the server in IPAS. Since the authentication information is conveyed implicitly, IPAS can tolerate shoulder-surfing and screen dump attack, which none of the existing schemes can tolerate. The strength of IPAS lies in creating a good authentication space with a sufficiently large collection of images to avoid short repeating cycles. Compared to other methods reviewed in our paper, IPAS may require careful selection of images and “click” regions and human-interaction. IPAS may also need user training. Once this is done, IPAS can be more robust. In our subsequent papers, we present various steps involved in creating a robust authentication space for every question.