Authentication
is the first line of defense against compromising confidentiality and
integrity. Though traditional login/password based schemes are easy to
implement, they have been subjected to several attacks. As an alternative,
token and biometric based authentication systems were introduced. However, they
have not improved substantially to justify the investment. Thus, a variation to
the login/password scheme,viz. graphical scheme was introduced. But it also
suffered due to shoulder-surfing and screen dump attacks. In this paper, we
introduce a framework of our proposed (IPAS) Implicit Password Authentication
System, which is immune to the common attacks suffered by other authentication
schemes.
Authentication is a process of
determining whether a particular individual or a device should be allowed to
access a system or an application or merely an object running in a device. This
is an important process which assures the basic security goals, viz. confidentiality
and integrity. It is important that the same authentication technique may
not be used in every scenario. For example, a less sophisticated approach may
be used for accessing a “chat server” compared to accessing a corporate
database. The false-positive and falsenegative rate may also be high if the
devices are not robust. Biometric systems are vulnerable to replay attack (by
the use of sticky residue left by finger on the devices), which reduces the
security and usability levels. Thus, recent developments have attempted to
overcome biometric shortcomings by introducing token-based authentication
schemes. Token based systems rely on the use of a physical device such as
smartcards or electronic-key for authentication purpose. This may also be used
in conjunction with the traditional password based system.
Existing
System with Limitations:
The traditional username/password or PIN
based authentication scheme is an example of the “what you know type”.
Smartcards. As an alternative to the traditional password based scheme, the
biometric system was introduced. This relies upon unique features unchanged
during the life time of a human, such as finger prints, iris etc.
Token based systems rely on the use of a
physical device such as smartcards or electronic-key for authentication
purpose. Graphical-based password techniques have been proposed as a potential
alternative to text-based techniques, supported partially by the fact that
humans can remember images better than text. In general, the graphical password
techniques can be classified into two categories: recognition-based and recall
based graphical techniques.
In recognition-based systems, a group of
images are displayed to the user and an accepted authentication requires a
correct image being clicked or touched in a particular order. In recall-based systems, the user is asked to
reproduce something that he/she created or selected earlier during the
registration phase. Recall based schemes can be broadly classified into two
groups, pure recall-based technique and cued recall-based technique.
Proposed
System Features:
In this paper, we focus only on “what
you know” types of authentication. We propose our Implicit Password
Authentication System. IPAS is similar to the Pass Point scheme with some finer
differences. In every “what you know type” authentication scheme we are aware
of, the server requests the user to reproduce the fact given to the server at
the time of registration. This is also true in graphical passwords such as Pass
Point. In IPAS, we consider the password as a piece of information known to the
server at the time of registration and at the time of authentication, the user
give this information in an implicit form that can be understood only by the
server.
System
Requirement Specifications
Hardware
Requirements:
• PIV 2.8 GHz Processor and Above
• RAM 512MB and Above
• HDD 40 GB Hard Disk Space and Above
Software
Requirements:
• WINDOWS OS (XP / 2000 / 200 Server /
2003 Server)
• Visual Studio .Net 2008 Enterprise
Edition
• Internet Information Server 5.0 (IIS)
• Visual Studio .Net Framework (Minimal
for Deployment) version 3.5
SQL
Server 2005 Enterprise Edition
No comments:
Post a Comment