A Study and Evaluation of Different Authentication Methods and Protocols 1 K. Arthi, 2 N.M. Nandhitha, 3 S.Emalda Roslin



Similar documents
M-Pass: Web Authentication Protocol Resistant to Malware and Phishing

Network Topologies. Network Topologies

Multifactor Graphical Password Authentication System using Sound Signature and Handheld Device

An Introduction to Computer Networking

Authentication Types. Password-based Authentication. Off-Line Password Guessing

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries

Security Levels for Web Authentication using Mobile Phones

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

IDRBT Working Paper No. 11 Authentication factors for Internet banking

CRYPTOGRAPHY AS A SERVICE

NETWORKING TECHNOLOGIES

Chapter 9A. Network Definition. The Uses of a Network. Network Basics

Local-Area Network -LAN

White Paper: Multi-Factor Authentication Platform

ABSTRACT I. INTRODUCTION

International Conference on Web Services Computing (ICWSC) 2011 Proceedings published by International Journal of Computer Applications (IJCA)

The Security Behind Sticky Password

Security in Wireless Local Area Network

Securing ATM Using Graphical Password Authentication Scheme

Advanced Authentication

Client Server Registration Protocol

ADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3

MANAGING OF AUTHENTICATING PASSWORD BY MEANS OF NUMEROUS SERVERS

1 Which network type is a specifically designed configuration of computers and other devices located within a confined area? A Peer-to-peer network

Security and Privacy Risks of Using Address as an Identity

Computer Networking Networks


Public Auditing & Automatic Protocol Blocking with 3-D Password Authentication for Secure Cloud Storage

Longmai Mobile PKI Solution

Local Area Networks transmission system private speedy and secure kilometres shared transmission medium hardware & software

Network Technologies

Web Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn

Chapter 1: Introduction

Sync Security and Privacy Brief

Providing Data Protection as a Service in Cloud Computing

National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy. Version 1.1. February 2, 2016

WHITE PAPER. Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ)

International Journal of Software and Web Sciences (IJSWS)

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

INTERNATIONAL JOURNAL FOR ENGINEERING APPLICATIONS AND TECHNOLOGY. Implementation of Multi-Factor Authentication Scheme

Whitepaper on AuthShield Two Factor Authentication with ERP Applications

New Single Sign-on Options for IBM Lotus Notes & Domino IBM Corporation

That Point of Sale is a PoS

PASSWORD MANAGEMENT. February The Government of the Hong Kong Special Administrative Region

Authentication. Computer Security. Authentication of People. High Quality Key. process of reliably verifying identity verification techniques

Module 7 Security CS655! 7-1!

3D PASSWORD. Snehal Kognule Dept. of Comp. Sc., Padmabhushan Vasantdada Patil Pratishthan s College of Engineering, Mumbai University, India

Design and Analysis of Methods for Signing Electronic Documents Using Mobile Phones

Remote Access Securing Your Employees Out of the Office

Single Sign-On Secure Authentication Password Mechanism

Credit Card Security

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication

Enhancing Organizational Security Through the Use of Virtual Smart Cards

Using etoken for SSL Web Authentication. SSL V3.0 Overview

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Chapter 16: Distributed Operating Systems

10 Secure Electronic Transactions: Overview, Capabilities, and Current Status

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

Chapter 14: Distributed Operating Systems

CTS2134 Introduction to Networking. Module Network Security

Module 15: Network Structures

DRAFT Standard Statement Encryption

CSC Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity

Dashlane Security Whitepaper

A Review on Zero Day Attack Safety Using Different Scenarios

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access

Operating System Concepts. Operating System 資 訊 工 程 學 系 袁 賢 銘 老 師

Windows Web Based VPN Connectivity Details & Instructions

The Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems

TOWARDS STUDYING THE WLAN SECURITY ISSUES SUMMARY

How To Understand And Understand The Security Of A Key Infrastructure

Power over Ethernet technology for industrial Ethernet networks

XYPRO Technology Brief: Stronger User Security with Device-centric Authentication

NZQA Expiring unit standard 6857 version 4 Page 1 of 5. Demonstrate an understanding of local and wide area computer networks

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

WHITE PAPER Usher Mobile Identity Platform

A NOVEL OVERLAY IDS FOR WIRELESS SENSOR NETWORKS

Ciphire Mail. Abstract

On the Limits of Anonymous Password Authentication

PSG College of Technology, Coimbatore Department of Computer & Information Sciences BSc (CT) G1 & G2 Sixth Semester PROJECT DETAILS.

Secure cloud access system using JAR ABSTRACT:

Protected Cash Withdrawal in Atm Using Mobile Phone

Discovering Computers Chapter 9 Communications and Networks

Signature Amortization Technique for Authenticating Delay Sensitive Stream

Kerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o. Presented by: Smitha Sundareswaran Chi Tsong Su

Welcome Guide for MP-1 Token for Microsoft Windows

Computer Networks Vs. Distributed Systems

Module 5. Broadcast Communication Networks. Version 2 CSE IIT, Kharagpur

Improving data integrity on cloud storage services

Transcription:

A Study and Evaluation of Different Authentication Methods and Protocols 1 K. Arthi, 2 N.M. Nandhitha, 3 S.Emalda Roslin 1 Final year software engineering student, Sathyabama University 2 Head/ Academics,Dept. of ECE, Sathyabama University 3 Head/ Academics,Dept. of E&C, Sathyabama University Abstract Authentication is a fundamental aspect of system security. It confirms the identity of any user trying to log on to a domain or access network resources. Text password is the most popular form of user authentication on website due to its convenience and simplicity. Passwords are prone to be stolen under different threats and vulnerabilities. Hence an authentication protocol which protects the user s password from various threats have been used. In this paper, a survey on various protocols that are resistant to password stealing attacks is done and a comparative study is made. 1. INTRODUCTION Authentication is a fundamental aspect of system security. It confirms the identity of any user trying to log on to a domain or access network resources. Due to the numerous advantages of authentication systems, it can be used in various applications. The common application involving authentication is, a computer program using a blind credential to authenticate to another program, Using a confirmation E-mail to verify ownership of an e-mail address, using an internet banking system, Withdrawing cash from an ATM.The main purpose of these systems is to validate the user's right to access the system and information, and protect against identity theft and fraud. The main types of authentication are Basic single factor authentication, multifactor authentication and cryptographic authentication. The basic authentication is commonly used among the people. It refers to the password based authentication. Example common password, numerical password etc. Multifactor authentication uses the combination of authentication s to validate identity. The final form of authentication uses the cryptography. It includes public key authentication and digital message as authentication code. Password-based authentication is a protocol in which two entities share a password in advance and use the password as the basis of authentication. Existing password-based authentication schemes can be categorized into two types: weak-password authentication schemes and strong-password authentication schemes. In general, strong-password authentication protocols have the advantages over the weakpassword authentication schemes in that their computational overhead are lighter, designs are simpler, and implementation are easier, and therefore are especially suitable for some constrained environments. Logging into an individual computer or a website requires a reliable authentication protocol to run on the back end to establish verification of the user. A variety of protocols are in active use by servers around the world. The Ethernet protocol is by far the most widely network protocols used for authentication. Ethernet uses a multiple access called CSMA/CD (Carrier Sense Multiple Access/Collision Detection). This is a system where each computer listens to the cable or the medium through which data transmission occurs, before sending anything through the network. This allows multiple users accessing the same channel by detecting collision due to congestion. Local Talk is another network protocol that was developed by Apple Computer, Inc. for Macintosh computers. The used by Local Talk is called CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance). It is similar to CSMA/CD except that a computer signals its intent to transmit, before it actually does so. Local Talk adapters and special twisted pair cable can be used to connect a series of computers through the serial port. The access used involves token-passing. In Token Ring, computers are connected in a ring topology. So that the signal travels around the network from one computer to another in a logical ring. A single electronic token moves around the ring from one computer to the next. If a computer does not have information to transmit, it simply passes the token on to the next workstation. Any information is there to transmit then that computer catches the token and passes the information via the ring to the destination. For very large distances and to interconnect two or more local area networks, Fibre Distributed Data Interface (FDDI) is a network protocol that is used primarily. The access used by FDDI involves token-passing. FDDI uses a dual ring physical topology. ATM supports a variety of media such as video, CD-quality audio, and imaging. ATM employs a star topology, which can work with fiber optic as well as twisted pair cable.atm is most often used to interconnect two or more local area networks. In this paper, the various existing authentication protocols in the literature is surveyed. A comparison table is also made on evaluating the existing protocols. The paper is organized as follows: Chapter 2 gives an overview of the different authentication protocols and s. In chapter 3, the various existing authentication protocols in the literature is discussed. A comparative analysis is made in the chapter 4. Conclusion and future work is given in chapter 5. II AN OVERVIEW OF DIFFERENT AUTHENTICATION PROTOCOLS & METHODS In today's highly secure high tech world, there is a need to provide rules and protocols to ensure that data is protected and K. Arthi et.al. 1298 www.ijcsmr.org

away from prying eyes. The rules and protocols are constantly being updated to take account of the latest threats both online and offline. A protocol is a set of rules designed to provide communications between peers, by having a controlled conversation. Authentication includes a few more checks to validate security. a) Authentication and Key Agreement (AKA) This protocol is used in mobile 3G networks. It is also capable of generating for Digest access authentication. Symmetric cryptography is used on the basis of a challenge-response type technique. b) Extensible Authentication Protocol (EAP) Primarily used in wireless networks and point-to-point connections, EAP is an authentication mechanism for transporting information and usage parameters for EAP s, of which there are several. As EAP is not a wire protocol it is only used for defining message formats. EAP is widely used and is present in a number of different wireless based network types. challenge value after receiving a user identifier. Password list makes use of the list of which are sequentially used by the person waiting to access the system. h)public key cryptography The public key cryptography is based on the mathematical problems that require very specialized knowledge. It makes use of two keys, one private key and the other is the public key. The two keys are linked together by an extremely complex mathematical equation. Both encryption and verification is accomplished with the public key. c) Kerberos Kerberos is a well-known authentication used on computer networks. It is useful in instances whereby the underlying network is not secure, and is thus used as a mechanism for validating identities between nodes in the network. It is mainly used in a client-server environment. Messages are encrypted to provide protection from interference and interception of messages. d) Secure Remote Password protocol (SRP) The SRP protocol permits authenticate to a server, and is protected against external attacks by eavesdroppers. This protocol has the advantage that it does not require a third party to be involved in the trust process. It is very secure against potential external threats through the mechanisms built in and improved upon over the last decade. e) Digital signature A digital signature is a digest calculated from a signed document. The client verifies the digest signature by decrypting it with the server s public key and compares it to the digest value calculated from the message received. The signature can also be used by the server to verify data the client is sending. f) Password Password is the most widely used form of authentication. Password authentication does not normally require complicated or robust hardware since authentication of this type is generally simple. g) One time password To avoid the problems associated with password reuse, one time password were developed. There are two types of one time password, a challenge response password and a password list. The challenge response password responds with a Fig 1. Classification on various authentication protocols & s III RELATED WORK In [1] the author uses a simple approach to secure and convenient kiosk browsing. The key idea of Session Magnifier is to enable an extended browser on a mobile device and a regular browser on a public computer to collaboratively support a Web session. This approach requires a Session Magnifier browser extension to be installed on a trusted mobile device. A user can securely perform sensitive interactions on the mobile device and conveniently perform other browsing interactions on the public computer. A Session Magnifier has been proposed which is a simple approach to secure and convenient kiosk browsing. Session Magnifier strives to synthesize the usability advantages of a mobile device. In [2] the author introduced and evaluated various s for purely automated attacks against Pass Points-style graphical. For generating these attacks, they introduced a graph-based algorithm to efficiently create dictionaries based on heuristics such as click-order patterns. K. Arthi et.al. 1299 www.ijcsmr.org

To generate an attack dictionary based on heuristics, a general graph based algorithm is used. It consists of the following phases: Window clustering algorithm, attack alphabets, dictionary generation algorithm, click order patterns, relaxation and constraints. These results suggested that automated attacks provide an effective alternative to a humanseeded attack against Pass Points-style graphical. Furthermore, they allow continuation of an attack using clickorder patterns (without any prioritization through visual attention models or other means), guessing more overall than human-seeded s. In [3] the author presented a with which it is possible to directly analyse the amount of data harvested through different types of attacks in a highly automated fashion. The ology proposed is to automate the analysis of the attack and harvesting channel as much as possible. To study the attack channel, they used the concept of honey pots, i.e., information system resources whose value lies in unauthorized or illicit use of that resource. The technical challenge of the approach is to automate the analysis process as much as possible and to analyse the large amount of data collected in this fashion. Based on empirical measurements, it is shown that the attackers steal thousands of credentials from the infected machines. This stolen data can then be traded on the underground market. In [4] the author presented a system in which a user leverages a personal mobile device to establish trust in a public computing device, or kiosk prior to resuming the environment on the kiosk, where kiosk is a PC-class platform equipped with a DRTM(discrete ray tracing )-enabled processor and a TPM(trusted platform module). The system consists of a user carrying a mobile device, a kiosk, and a kiosk supervisor. The mobile device is pre-equipped with an application that aids the user in ascertaining the trustworthiness of the kiosk. The kiosk supervisor may be any platform capable of running an IMA verifier. The design of a system in which a user s mobile device serves as a vehicle for establishing trust in a public computing kiosk by verifying the integrity of all software loaded on that kiosk has been proposed. In [5] the author provided a comprehensive overview of published research in the area, covering both usability and security aspects, as well as system evaluation. It catalogues the existing approaches, highlighting novel features of selected schemes and identifying key usability or security advantages. It summarizes evaluation approaches used including user studies, with focus on aspects of special concern for examining graphical password systems. Data collected from such user studies is also critical in the security evaluation. The research reveals a rich palette of ideas and a few schemes that deliver on the original promise of addressing the known problems with text. In [6] the author analyses the security provided by perspectives and describes the experience building and deploying a publicly available implementation. SSH-style host authentication offers a simple and attractive alternative to a heavyweight PKI (public key infrastructure). Trust-on-firstuse leaves users vulnerable to simple MitM attacks, limiting the effectiveness of current Tofu applications and preventing other protocols from being able to take advantage of lightweight SSH(secure style host )authentication. In [7] the author examined frequency of access to a graphical password, interference resulting from interleaving access to multiple graphical and patterns of access while training multiple graphical. The ology consists of four stages: A pre-study questionnaire examining participant demographics and current password strategies, a five-week online study of participants accessing multiple facial graphical, a post-study questionnaire regarding participant experiences and a test of long-term recall conducted four months after the end of the original five-week study. The results underscore the need for more realistic evaluations of the use of multiple graphical, having a number of implications for the adoption of graphical password systems and providing a new basis for comparing proposed graphical password systems. In [8] the author used a report on a laboratory study comparing the recall of multiple text with the recall of multiple click-based graphical and to address the memorability of multiple in user authentication software. The study includes 2 lab-based sessions. Session 1 took 1 hour and was completed by all the participants. For session 2 participants returned to the lab and tried to recall their previously created. The session includes 4 phase : Practice, password generation, retention, 2-week retention. Results of the lab study indicated that in the shortterm, Pass-points are most robust than text against multiple password interference. K. Arthi et.al. 1300 www.ijcsmr.org

TABLE 1: COMPARISON ON THE VARIOUS EXSITING AUTHENTICATION METHODS REFERE NCE NO. METHODOLOGY USED METRICS ADVANTAGES DISADVANTAGES [1] Use of Session magnifier in a kiosk browsing environment 1.Web browsing 2.Kiosk 3. Mobile device 1. Uses a trusted PDA. 2. Accessing to remote Web server browser Does not study the use of multiple graphical [2] 1.Windows clustering algorithm 2.Dictionary generation algorithm 1. Edges defined by the points in an image 2.Distance measured 1. Increased validity of the 2.Long-term memorability ------- [3] Analysis Harvesting channel It gives us a much better basis for estimating the size of the underground economy [4] Kiosk computing 1. A new kiosk front-end application 2. An existing IMA Server 3.A modified version of the OSLO secure loader [5] 1. Cued recall 2. Recognition based [6] 1. SSH 2. HTTPS [7] Long term recall [8] Password generation 1.Password Initialization 2. Login 3. Password reset and password change -------- 1.Authentication failure rate 2.Number of attempts required 3.Login time required 1.Graphical 2.Authentication Allowing the user to personalize a kiosk by running her own virtual machine there -------- It helps to authenticate services that do not have certificates signed by a global PKI Provides a new basis for comparing proposed graphical password systems participants could more easily remember multiple click-based graphical than multiple text Do not know exactly on which sites the key logger becomes active 1. Bar code attacks 2. Run time attacks Accessed only by limited users Data redundancy cannot conflict answers to two clients querying about the same service even after compromising It cannot be easily adopted ------- K. Arthi et.al. 1301 www.ijcsmr.org

IV CONCLUSION AND FUTURE WORK The goal of authentication is to identify and to verify that the user has access to a system. Various authentication s have been widespread since the personal computer was developed in the 1970s. Many authentication s have been in use for centuries, such as identity cards, visual authentication and. In this paper, a detailed study on the various password authentication protocols has been done and a comparative study is also made. REFERENCES [1]C. Yue and H. Wang, SessionMagnifier: A simple approach to secure and convenient kiosk browsing, in Proc. 11th Int. Conf. UbiquitousComputing, 2009, pp. 125 134, ACM. [2] P. van Oorschot, A. Salehi-Abari, and J. Thorpe, Purely automated attacks on passpoints - style graphical, IEEE Trans. InformationForensics Security, vol. 5, no. 3, pp. 393 405, Sep. 2010. [3] T. Holz, M. Engelberth, and F. Freiling, Learning more about the underground economy:acase-study of keyloggers and dropzones, Proc. Computer Security ESORICS 2009, pp. 1 18, 2010. [4] S. Garriss, R. Cáceres, S. Berger, R. Sailer, L. van Doorn, and X. Zhang, Trustworthy and personalized computing on public kiosks, in Proc. 6th Int. Conf. Mobile Systems, Applications Services, 2008, pp. 199 210, ACM. [5]R. Biddle, S. Chiasson, and P. van Oorschot, Graphical : Learning from the first twelve years, in ACM Computing SurveysCarleton Univ., 2010. [6] D. Wendlandt, D. G. Andersen, and A. Perrig, Perspectives: Improving ssh-style host authentication with multi-path probing, in Proc. USENIX 2008 Annu. Tech. Conf., Berkeley, CA, 2008, pp. 321 334, USENIX Association. [7] K. M. Everitt, T. Bragin, J. Fogarty, and T. Kohno, A comprehensive study of frequency, interference, and training of multiple graphical, in CHI 09: Proc. 27th Int. Conf. Human Factors Computing Systems, New York, 2009, pp. 889 898, ACM [8] S. Chiasson, A. Forget, E. Stobert, P. C. van Oorschot, and R. Biddle, Multiple password interference in text and click-based graphical, in CCS 09: Proc. 16th ACM Conf. ComputerCommunications Security, New York, 2009, pp. 500 511, ACM. K. Arthi et.al. 1302 www.ijcsmr.org

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information