Preventing Identity Theft using Shift Key mechanism and QR Code with Sudoku Puzzle



Similar documents
10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Multifactor Graphical Password Authentication System using Sound Signature and Handheld Device

A puzzle based authentication method with server monitoring

IDRBT Working Paper No. 11 Authentication factors for Internet banking

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Dynamic Query Updation for User Authentication in cloud Environment

ABSTRACT I. INTRODUCTION

Information Security Basic Concepts

Wireless Network Security

Advanced Authentication

Potential Targets - Field Devices

Application of Neural Network in User Authentication for Smart Home System

Multi-factor Authentication in Banking Sector

Enhanced Security for Online Banking

BE SAFE ONLINE: Lesson Plan

Keywords Decryption, Encryption,password attack, Replay attack, steganography, Visual cryptography EXISTING SYSTEM OF KERBEROS

Advanced Honeypot System for Analysing Network Security

SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTING SECURITY ENVIRONMENT

A Generic Framework to Enhance Two- Factor Authentication in Cryptographic Smart-card Applications

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

How To Use Pretty Good Privacy (Pgp) For A Secure Communication

DELEGATING LOG MANAGEMENT TO THE CLOUD USING SECURE LOGGING

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

Integration of Sound Signature in 3D Password Authentication System

Secure Mail Registration and Viewing Procedures

A MELIORATED APPROACH TO TEXT STEGANOGRAPHY USING MARKUP LANGUAGES AND AES

ETHICAL HACKING CYBER SECURITY

SURVEY ON INFORMATION HIDING TECHNIQUES USING QR BARCODE

AB 1149 Compliance: Data Security Best Practices

Designing a Secure Client-Server System Master of Science Thesis in the Programme Software Engineering & Technology

Web Security School Final Exam

Whitepaper on AuthShield Two Factor Authentication with ERP Applications

Alaa Alhamami, Avan Sabah Hamdi Amman Arab University Amman, Jordan

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

Criteria for web application security check. Version

Simple Guide to Digital Signatures

Issue 1. Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation

TELE 301 Network Management. Lecture 18: Network Security

VPN Client User s Guide Issue 2

mbank Introduces Personal Security Image MFA* for Consumer on-line banking *Multi-Factor Authentication

Providing Data Protection as a Service in Cloud Computing

Content Teaching Academy at James Madison University

Secure Authentication of Distributed Networks by Single Sign-On Mechanism

The Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics

A secure login system using virtual password

Remote Access Securing Your Employees Out of the Office

Review Paper on Two Factor Authentication Using Mobile Phone (Android) ISSN

SECUDROID - A Secured Authentication in Android Phones Using 3D Password

Two-Factor Authentication and Swivel

Review On Incremental Encrypted Backup For Cloud

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

Frequently Asked Questions (FAQ)

Information Security

How To Build A Gps Vehicle Tracking System On Android App.Com

Information Security in Big Data using Encryption and Decryption

Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange

Keep Yourself Safe from the Prying Eyes of Hackers and Snoopers!

Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security

Penetration Testing. Presented by

What is Web Security? Motivation

MSI Secure Mail Tutorial. Table of Contents

SPICE EduGuide EG0015 Security of Administrative Accounts

OKPAY guides. Security Guide

Welcome to the Protecting Your Identity. Training Module

Mobile Security Framework; Advances in Mobile Governance in Korea. TaeKyung Kim

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

INTRODUCTION TO CRYPTOGRAPHY

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Penetration Testing: Lessons from the Field

Activity 1: Scanning with Windows Defender

Mathematical Model Based Total Security System with Qualitative and Quantitative Data of Human

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

Client Server Registration Protocol

SECURITY ANALYSIS OF PASSWORD BASED MUTUAL AUTHENTICATION METHOD FOR REMOTE USER

RSA SecurID Two-factor Authentication

Network Security. Chapter 12. Learning Objectives. Chapter Outline. After reading this chapter, you should be able to:

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Security Policy JUNE 1, SalesNOW. Security Policy v v

CHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device

A NOVEL APPROACH FOR MULTI-KEYWORD SEARCH WITH ANONYMOUS ID ASSIGNMENT OVER ENCRYPTED CLOUD DATA

Secure Data Exchange Solution

Framework for Biometric Enabled Unified Core Banking

Pretty Good Privacy (PGP)

An Innovative Two Factor Authentication Method: The QRLogin System

Protected Cash Withdrawal in Atm Using Mobile Phone

Network Security. HIT Shimrit Tzur-David

Index Terms: Cloud Computing, Cloud Security, Mitigation Attack, Service Composition, Data Integrity. 1. Introduction

That Point of Sale is a PoS

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Network Security - ISA 656 Security

Keyword: Cloud computing, service model, deployment model, network layer security.

Transcription:

DOI 10.4010/2014.282 ISSN-2321-3361 2014 IJESC Research Article Preventing Identity Theft using Shift Key mechanism and QR Code with Sudoku Puzzle R.Saisrikanth Department of Computer Science and Engineering Jeppiaar Engineering College, Chennai, India srikhs@gmail.com November 2014 Issue Abstract: To build a Digital Fortress that could distinguish between a real user and a hacker and provide the hacker with the data he/she needs [fake data] and safeguards the real data. This could be a method to prevent identity thefts from happening. Identity thefts occur due to the methods of inefficient Authentication procedures practiced. The identity thefts can be reduced by having a multiple number of steps of authentication which would allow the system to be more secure and also productive at the same time. A Sudoku game, for instance can be used as a method of finding the real user. Not only that, the system has to automatically get hold of the files stored in the server once the download is done by the real user so that no one can ever access the files that once existed. By this way, the hacker could be cheated and the user data could be protected. The digital fortress will have the intelligence to detect things and act accordingly. IndexTerms Websites, Digital Fortress, Identity Theft, Sudoku, Mail Security, Data hiding, Shift Key, QR Code. I. INTRODUCTION Today Social networking and various mail systems play an integral part of life. At least 90 percent of people who use the internet havea user account. The user account may be registered in a bank or a telephone billing site or a E- Commerce site or an E-mail site or Social networking site that are available in the internet. These websites allow the user to do the job easily, let it be sending mail to another user who is far away or performing a bank transaction which involves money. Yes, the Internet has spread throughout the base of our life and it has a major part to decide our future. The methods of using these websites or applications have been the same. The user has to enter the domain name of these websites. Enter the Username and Password that was chosen for the website. The process is done. The user gets logged in. The problem is anyone who enters the username and password combination that is stored in the database is considered as a user and gets logged in, even a hacker.therefore, a system must be designed in a way that it distinguishes between a user and a hacker or a cracker. The method of authentication has to be made complex and the hacker should be found out and should be punished for the offences committed. Whereas, the real user should be safe and get all benefits of the system. Not only that, the highest level of privacy and security must be given for the user who is accessing the system. The security must be given in all the regions where the user is accessing. Identity theft is a crime. Identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person s personal data in some way that involves fraud or deception, typically for economic gain. as defined by U.S. Department of Justice. [1] II. RELATED WORKS Analyzing the previous works of the people who have tried to produce data hiding and enhanced security, we could actually understand what we are going to build. M. Hassan Shirali Shahreza has explained in 2008 through Steganography in SMS by Sudoku Puzzle that the Steganography can be done using the Sudoku Puzzle SMS. The SMS can send up to 160 characters and since a Sudoku Puzzle of 9x9 has 81 cells, we can very well use SMS for sending a Sudoku Puzzle. When the correct answer for the Sudoku is sent, the secret message hidden behind the message is revealed [2] Ranjan Bose presented a study in 2006 to hidedata by using a compression method with an adaptive model by using Coupled Chaotic System. In this system the researcher presents the arithmetic coding to convert a plaintext into ciphertext as a useful and a more secure technique in cryptography theories. The compression was between 67.5% and 70.5% [3] HTML is the coding language used to create hypertext documents for the World Wide Web. HTML includes a series of text "tags" that describe how a Web page is formatted. Every tag is known with a private name that has special 991 http://ijesc.org/

members of its own. The attributes constitute one of the elements of any object. Each attribute is applied for activating an attribute of the object to which it is attributed [4]. We use the term password to include single words, phrases, and PINs (personal identification numbers) that are closely kept secrets used for authentication. There are many studies showing the vulnerabilities of password-based authentication schemes [5-12]. The basic problem with passwords can be explained succinctly: a memorable password can often be guessed or searched by an attacker and a long, random, changing password is difficult to remember.[13] III. PROPOSED SYSTEM The diagram below would depict the basic modules present in the system. It would explain the relation of the components in our system. Figure 1 System Relation diagram Here in the proposed system, User authentication is linked with the Mail System, Sudoku and also the Data. It means that we have authentication steps at various access points. Access Point 1: Mail System Access Point 2: The Sudoku Access Point 3: The Data [the Real and the Fake data] The system is perfect only if the data is allowed to be downloaded by the user only once. Since, the critical information can be accessed only once in order to enhance the security given to the system. After the download of the file from the system by the user, the files get deleted from the server. No one will even find a single trace of the file, except for the sender and the receiver. This method could hide the transaction / transfer that had taken between two people. Mail System The Mail System or the Mail Portal is the one that would be used to send the mails. The e-mail communication between two registered users can happen with the use of this mail system. The mail system must have the capability of hiding the original information. Consider that the Person A is mailing to Person B about a confidential information. At that particular moment, a large number of fake emails are generated by the fake users inside the mail system. So that when traced, no one can find the original information. In other words, the people who try to trace it would not be able to distinguish between theoriginalinformation and the mail with original-like content. The Sudoku Sudoku, originally called Number Place, is a logic-based, combinatorial number-placement puzzle. The objective is to fill a 9 9 grid with digits so that each column, each row, and each of the nine 3 3 sub-grids that compose the grid (also called "boxes", "blocks", "regions", or "sub-squares") contains all of the digits from 1 to 9. The puzzle setter provides a partially completed grid, which for a well-posed puzzle has a unique solution.[14] Completed puzzles are always a type of Latin square with an additional constraint on the contents of individual regions. For example, the same single integer may not appear twice in the same 9 9 playing board row or column or in any of the nine 3 3 subregions of the 9 9 playing board. The Data The data is the one that actually consists of the real data and the fake data. These data are stored in a remote location in the server and can be accessed with the proper user authentication. The real data can be accessed by the proper user and the fake data will be given to the user with improper access methods. The following architecture diagram will explain the functions of the various elements present in the system. There are various elements involved with this system. Auser entering the system has to undergo through a series of levels of authentication. The shift system decides whether user is the authenticated user or an unauthenticated user. They both follow different steps in the continuation of the process of accessing the data. IV. SYSTEM IMPLEMENTATION Figure 2 Working Methodology 992 http://ijesc.org/

Mail Exchange The mail exchange process generally takes place between two individuals - the Sender and the Receiver. The senderknows about the details of the data and sends it to the receiver. The receiver is in need of the data and obtains it from the user. The User sends the link through our Mail System The Link is provided with a QR code. A QR code reader should be used to read the link. When accessed from a mobile device, it would be much simpler to enter into the Sudoku system, since it authenticates much faster with the mobile number associated with the QR Code reader application. This method could also be added to the system. Figure 3 The Mail System The mail is received by the person at the other end. The link allows the other user to enter the Sudoku Game of our website. The Secret Mail Transaction Method: Here, when Person A sends mail to Person B, a large number of fake mails are automatically generated which are generated between various users in the mail system. This would increase the traffic of the server and makes it hard for people who trace to get hold of the information that is original. Figure 6 QR code of the link Figure 7 Sudoku Page Figure 4 The Traffic increased mail system due to automatic mail generation during the mail transfer Sudoku System The person with the link enters the Sudoku System. The User or the Fake User gets access to this link either from the mail system or from any other means. The mail received by the person B will be like as shown below Now the user enters the Sudoku System. The user solves the Sudoku and enters the solution. The Shift system comes into use at this step. The Shift System The Shift system as we have proposed is the one with intelligence. It would be able to differentiate the difference between a real user and a hacker. The real user will always be the one to get access to the link first. And later, even if his account gets compromised, the hacker would be able to get to the link that was obtained by the real user. The encryption can also be represented using modular arithmetic by first transforming the letters into numbers, according to the scheme, A = 0, B = 1,.., Z = 25. Encryption of a letter by a shift n can be described mathematically as Figure 5 Mail received by the other User 993 http://ijesc.org/

The Shift System generates the shift key value based on a random generator algorithm. Consider that answer to Sudoku is 123 and the Shift key value is 2, then the answer would become 345. The Shift system is a unique system that generates values from 1 to any number of values. It can include even a 10000000000. Depending upon the value of the Shift, the answer is varied and a normal user would know about the shift value in advance. And, this would help the Shift key system to identify the real user and the fake users. The fake user gets caught by typing the answer without a shift key. The algorithm for the Shift Key System is as follows. 1. The system generates a Shift Key. 2. Links the Shift Key with the Sudoku Puzzle 3. The answer gets modified as per the Shift key value in the database. 4. It cross checks the answer entered by the user with the database. 5. If the answer is the Real Answer, the system considers it as the Unauthorized User / Hacker. 6. If it s the Modified Shift Answer, the user is provided with the access to the data. Accessing Data When the User enters the Data with the Shift Value, the user gets into the Authorized User System. The Authorized User System can authorize the user and allow the user to download the data Then after the data gets downloaded, the system gets informed that the download is completed and it allows the system to auto delete the file from the server. The Deletion This is one of the crucial steps done by the system. It involves the deletion of the file location in the server. Due to various limitations with the internet facilities, it is impossible to know if the download has been completed by the user or not. But, it is possible to destroy a file in the server after a fixed duration of time. A file of 100kb is being downloaded by the user after completing the Sudoku puzzle. A 100 kb file needs less than 10 seconds to get downloaded into the user system. And, exactly after the 10 th second of the download by the user, the file gets automatically deleted from the server. This can be done by various operations done in the coding. For instance, an unlink function in PHP could enable the unlink of the file from the server if the user has been given the power to modify the server. After the unlink process, the file gets deleted from the server and no one will ever come to know about the existence of such a file in the server. Even if some hackers obtain the link of the file, they would be getting nothing but a Not Found page. The user after finishing the process of authentication downloads the file named sai.zip from the server. And, after the download, the file gets automatically deleted from the server. The deletion is triggered by erasethings.php file found in the server. Figure8Files in server before download Figure 9 After the Download of file The Trap This is one of the pivotal steps. Here when the system senses the unauthorized user, it allows the hacker to download the fake data. The fake data is the one which we have bugged with an IP address monitoring tool. This would reveal the IP address and we could ban the IP address from accessing our server. The hacker although thinks that he/she has obtained the data which looks purely authentic and remains unaware of the bug.and, hence we ensure the safety of the original data and make the hacker to get trapped in the Digital Fortress. 994 http://ijesc.org/

V. ENHANCED QR CODE AUTHENTICATION This is the next level of authentication that can be added to increase the security of the system. The user should have a smart card like a QR code and a camera to read the QR code. After the username password combination has been checked by the authentication system and the user has completed the Sudoku Puzzle, it should allow the user to show the QR code that was purposely given for this authentication purpose. The flow of this process is as follows. Here, the Camera associated with the system, scans the QR code. A PHP script which interprets the QR code and compares the QR code available in the database. If matched, the download process starts. Or else, it prompts the user to show the QR code again and then authenticates. We keep the number of counts value in order to make an assessment on how many times the user has taken to enter the system. http://www.ncpc.org/cmsupload/prevent/files/idtheftrev. pdf [2] M. Hassan Shirali Shahreza, Steganography in SMS by Sudoku Puzzle. Published in: Computer Systems and Applications, 2008. AICCSA 2008. IEEE/ACS International Conference. Pages 844-847 [3] J.Ranjan Bose. A novel compression and encryption scheme using variable model arithmetic coding and coupled chaotic system. IEEE Transaction on circuits and systems, 53, 2006. [4] E. Castro, HTML 4 for the World Wide Web, Fourth Edition: Visual QuickStart Guide, Peachpit Press, 1999. [5] R. Morris, K. Thompson, Password security: A case history, Comm. ACM, Vol. 22, no. 11, Nov. 1979, pp. 594-597. [6] B. L. Riddle, M. S. Miron, J. A. Semo, Passwords in use in a university timesharing environment, Computers and Security, Vol. 8, no. 7, 1989, pp. 569-579. [7] D. L. Jobusch, A. E. Oldehoeft, A survey of password mechanisms: Weaknesses and potential improvements, Computers and Security, Vol. 8, no. 8, 1989, pp. 675-689. [8] D.C. Feldmeier and P.R. Karn, UNIX password security ten years later, Advances in Cryptology CRYPTO 89 Proceedings, Springer-Verlag, 1990, pp. 44-63. Fig. 10 Flow of QR detection process VI. CONCLUSION This paper presents a method of using Shift Key and a QR code for providing authentication of the access to the user. This system helps to distinguish between a real user and a fake user. With the enhanced security provided by the Data Deletion System in this paper, the data of the user are not compromised since the data will be deleted from the server to prevent the unauthorized access. Our study has proved that there are flaws with the hacker and we have to take it to our advantage and exploit the situation to our benefit and security. Identity theft can be prevented by not using devices in midst of a huge crowd of people or writing down the password and leaving it somewhere. There are also a number of other ways that the password gets revealed and it scares the information of the user to be at risk. VII. REFERENCES [1] Bureau of Justice Assistance, National Crime Prevention Council, Preventing Identity Theft: a Guide for consumers. Page 2, What s Identity Theft. [9] M. Bishop, D. V. Klein, Improving system security via proactive password checking, Computers and Security, Vol. 14, no. 3, 1995, pp. 233-249. [10] J. Bunnell, J. Podd, R. Henderson, R. Napier, J. Kennedy-Moffat, Cognitive, [11] Associative, and conventional passwords: Recall and guessing rates, Computers and Security, Vol. 16, no. 7, 1997, pp. 645-657. [12] S. M. Furnell, P. S. Dowland, H. M. Illingworth, P. L. Reynolds, Authentication and supervision: A survey of user attitudes, Computers and Security, Vol. 19, no. 6, 2000, pp. 529-539. [13] Lawrence O Gorman, "Comparing Passwords, Tokens, and Biometrics for User Authentication", Proceedings of the IEEE, Vol. 91, No. 12, Dec. 2003, pp. 2019-2040 [14] Sudoku,http://en.wikipedia.org/wiki/Sudoku 995 http://ijesc.org/

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information