Synopsis Format (2013 2014)

You might also like

Download as doc, pdf, or txt
Download as doc, pdf, or txt
You are on page 1of 9





P"#$%&' D&()*)+)#* ,
Authentication is one of the most impo tant secu it! se "ice p o"i#e# to s!stem $! the #iffe ent authentication schemes o a%&o ithms' To p otect an! s!stem authentication must $e p o"i#e#( so that on%! autho i)e# pe sons can ha"e i&ht to use o han#%e that s!stem * #ata e%ate# to that s!stem secu e%!' The e a e man! authentication a%&o ithms a e a"ai%a$%e some a e effecti"e * secu e $ut ha"in& some # a+$ac,' P e"ious%! the e a e man! authentication techni-ues +e e int o#uce# such as & aphica% pass+o #( te.t pass+o #( /iomet ic authentication( etc' The 0D pass+o # is mu%ti1pass+o # * mu%ti1facto authentication s!stem as it uses a "a ious authentication techni-ues such As te.tua% pass+o #( G aphica% pass+o # etc' Most impo tant pa t of 0D pass+o # scheme is inc%usion of 0D "i tua% en"i onment' 0D "i tua% en"i onment is "i tua% en"i onment +hich is consistin& of ea% time o$2ect scena ios' 3t is not actua% ea% time en"i onment( it is 2ust use inte face p o"i#e# to scheme +hich %oo,s %i,e same as ea% en"i onment' 0D pass+o # is mo e secu e authentication scheme than an! othe authentication techni-ues' /ecause this authentication scheme is mo e a#"ance# than an! othe schemes' A%so this scheme is ha # to $ ea, * eas! to use'

A$-+"./+ ,
P o"i#in& Authentication to an! s!stem %ea#s to p o"i#e mo e secu it! to that s!stem' The e a e man! authentication techni-ues a e a"ai%a$%e( 4uch as te.tua% pass+o #( G aphica% pass+o #( etc' $ut each of this in#i"i#ua%%! ha"in& some %imitations * # a+$ac,s' To o"e come the D a+$ac,s of p e"ious%! e.istin& authentication techni-ue' A ne+ imp o"e# authentication techni-ue is use#( This authentication 4cheme is ca%%e# as 0D pass+o #' The 0D pass+o # is mu%ti1pass+o # * mu%ti1facto authentication s!stem as it uses a "a ious authentication techni-ues such As te.tua% pass+o #( G aphica% pass+o # etc' Most impo tant pa t of 0D pass+o # scheme is inc%usion of 0D "i tua% en"i onment' 0D "i tua% en"i onment is "i tua% en"i onment +hich is consistin& of ea% time o$2ect scena ios' 3t is not actua% ea% time en"i onment( it is 2ust use inte face p o"i#e# to scheme +hich %oo,s %i,e same as ea% en"i onment' 0D pass+o # is mo e secu e authentication scheme than an! othe authentication techni-ues' /ecause this authentication scheme is mo e a#"ance# than an! othe schemes' A%so this scheme is ha # to $ ea, * eas! to use' 5e ha"e int o#uce# ou cont i$ution to+a #s 0D Pass+o # to $ecome mo e secu e * mo e use f ien#%! to use s of a%% cate&o ies'

A)' .*0 O$1&/+)2&- ,

To p o"i#e mo e secu e authentication techni-ue than e.istin& one' To #esi&n * #e"e%op mo e use f ien#%! * easie authentication scheme an# &i"in& use to f ee#om of se%ectin& mo e than one pass+o # scheme as sin&%e s!stem' To o"e come the # a+$ac,s * %imitations of p e"ious%! e.istin& s!stems 7te.tua% pass+o #( & aphica% pass+o # etc8' Ne+ scheme shou%# $e com$ination of eca%%( eco&nition( $iomet ics( an# to,en $ase# authentication schemes'

L)+&".+3"& S3"2&4 ,
No ma%%! the authentication scheme the use un#e &oes is pa ticu%a %! "e ! %enient o "e ! st ict' Th ou&hout the !ea s authentication has $een a "e ! inte estin& app oach' 5ith a%% the means of techno%o&! #e"e%opin&( it can $e "e ! eas! fo 9othe s9 to fa$ icate o to stea% i#entit! o to hac, someones pass+o #' The efo e man! a%&o ithms ha"e come up each +ith an inte estin& app oach to+a # ca%cu%ation of a sec et ,e!' The a%&o ithms a e such $ase# to pic, a an#om num$e in the an&e of 1:; an# the efo e the possi$i%ities of the sane num$e comin& is a e' T&1.% K#5*3%& .*0 Y35.*06.". T63'$"& .*0 S*&6.% K#5*3%& 3D 7.--8#"0 I*+&"*.+)#*.% 9#3"*.% #( C#'73+&" A77%)/.+)#*- :I9CA;, ! 1!. E<)-+)*5 S4-+&' , Cu ent authentication s!stems suffe f om man! +ea,nesses' Te.tua% pass+o #s a e common%! use#' Use s ten# to choose meanin&fu% +o #s f om #ictiona ies( +hich ma,e te.tua% pass+o #s eas! to $ ea, an# "u%ne a$%e to #ictiona ! o $ ute fo ce attac,s' Man! a"ai%a$%e & aphica% pass+o #s ha"e a pass+o # space that is %ess than o e-ua% to the te.tua% pass+o # space' 4ma t ca #s o to,ens can $e sto%en' Man! $iomet ic authentications ha"e $een p opose#' Ho+e"e ( use s ten# to esist usin& $iomet ics $ecause of thei int usi"eness an# the effect on thei p i"ac!' Mo eo"e ( $iomet ics cannot $e e"o,e#'

The 0D pass+o # is a mu%ti facto authentication scheme' The #esi&n of the 0D "i tua% en"i onment an# the t!pe of o$2ects se%ecte# #ete mine the 0D pass+o # ,e! space' Use ha"e f ee#om to se%ect +hethe the 0D pass+o # +i%% $e so%e%! eca%%( eco&nition( o to,en $ase#( o com$ination of t+o schemes o mo e' A.B.G.0)/6. , V.B.G.0)/6. V)"+3.% R&.%)=.+)#* 3-)*5 3D P.--8#"0 I*+&"*.+)#*.% 9#3"*.% #( E%&/+"#*)/- .*0 C#'73+&" S/)&*/& E*5)*&&")*5, ISSN !!>>-1?@ABV1N!-!1A-!!!. A++./C- .*0 C#3*+&"'&.-3"&- , To ea%i)e an# un#e stan# ho+ fa an authentication scheme is secu e( +e ha"e to consi#e a%% possi$%e attac, metho#s' 5e ha"e to stu#! +hethe the authentication scheme p opose# is immune a&ainst such attac,s o not' Mo eo"e ( if the p opose# authentication scheme is not immune( +e then ha"e to fin# the counte measu es that p e"ent such attac,s' 3n this section( +e t ! to co"e most possi$%e attac,s an# +hethe the attac, is "a%i# o not' Mo eo"e ( +e t ! to p opose counte measu es fo such attac,s' 9)' O8&*- , 9&.**. M.++6&8A S+304 #( P.--8#"0- .*0 M&+6#0- U-&0 )* B"3+&-F#"/& SSH A++./C- SIGCSE ! D 1.B"3+& F#"/& A++./C, The attac,e has to t ! a%% possi$%e 0D pass+o #s' This ,in# of attac, is "e ! #ifficu%t fo the fo%%o+in& easons' Time e-ui e# to %o&in The tota% time nee#e# fo a %e&itimate use to %o&in ma! "a ! #epen#in& on the num$e of inte actions an# actions( the si)e of the 0D "i tua% en"i onment( an# the t!pe of actions an# inte actions' The efo e( a $ ute fo ce attac, on a 0D pass+o # is "e ! #ifficu%t an# time consumin&' Cost of attac,s the 0D "i tua% en"i onment contains $iomet ic eco&nition o$2ects an# to,en $ase# o$2ects' The attac,e has to fo &e a%% possi$%e $iomet ic info mation an# fo &e a%% the e-ui e# to,ens' The cost of fo &in& such info mation is "e ! hi&h( the efo e c ac,in& the 0D pass+o # is mo e cha%%en&in&' The hi&h num$e of possi$%e 0D pass+o # spaces %ea"es the attac,e +ith a%most no chance of $ ea,in& the 0D pass+o #'


!.W&%% S+30)&0 A++./C , The attac,e t ies to fin# the hi&hest p o$a$%e #ist i$ution of 0D pass+o #s' 3n o #e to %aunch such an attac,( the attac,e has to ac-ui e ,no+%e#&e of the most p o$a$%e 0D pass+o # #ist i$utions' This is "e ! #ifficu%t $ecause the attac,e has to stu#! a%% the e.istin& authentication schemes that a e use# in the 0D en"i onment' 3t e-ui es a stu#! of the use =s se%ection of o$2ects fo the 0D pass+o #' Mo eo"e ( a +e%% stu#ie# attac, is "e ! ha # to accomp%ish since the attac,e has to pe fo m a customi)e# attac, fo e"e ! #iffe ent 0D "i tua% en"i onment #esi&n' This en"i onment has a num$e of o$2ects an# t!pes of o$2ect esponses that #iffe f om an! othe 0D "i tua% en"i onment' The efo e( a ca efu%%! customi)e# stu#! is e-ui e# to initia%i)e an effecti"e attac,' A. H. L.-6C."), D". O'." B)* E.C."). ,D". R#-%) S.%&6 S6#3%0&" S3"()*5 .++./C )* 5".76)/.% 7.--8#"0 .3+6&*+)/.+)#* :I9CSIS; I*+&"*.+)#*.% 9#3"*.% #( C#'73+&" S/)&*/& .*0 I*(#"'.+)#* S&/3")+4,V#%. A, N#. !, ! ? 3.S6#3%0&" S3"()*5 A++./C , An attac,e uses a came a to eco # the use =s 0D pass+o # o t ies to +atch the %e&itimate use +hi%e the 0D pass+o # is $ein& pe fo me#' This attac, is the most successfu% t!pe of attac, a&ainst 0D pass+o #s an# some othe & aphica% pass+o #s' Ho+e"e ( the use =s 0D pass+o # ma! contain $iomet ic #ata o te.tua% pass+o #s that cannot $e seen f om $ehin#' The efo e( +e assume that the 0D pass+o # shou%# $e pe fo me# in a secu e p%ace +he e a shou%#e su fin& attac, cannot $e pe fo me#' 9.-F. D6&', F. K#&3*& ,A. L&"#3< A P"./+)/.% I'7%&'&*+.+)#* #( +6& T)')*5 A++./C 4.T)')*5 A++./C, 3n this attac,( the attac,e o$se "es ho+ %on& it ta,es the %e&itimate use to pe fo m a co ect si&n in usin& the 0D pass+o #' This o$se "ation &i"es the attac,e an in#ication of the %e&itimate use =s 0D pass+o # %en&th' Ho+e"e ( this ,in# of attac, a%one cannot $e "e ! successfu% since it &i"es the attac,e me e hints' The efo e( it +ou%# p o$a$%! $e %aunche# as pa t of a +e%% stu#ie# o $ ute fo ce attac,' Timin& attac,s can $e "e ! effecti"e if the 0D "i tua% en"i onment is poo %! #esi&ne#'


P opose# authentication scheme is com$ination of man! othe authentication schemes to&ethe ' 0D pass+o # is com$ination of $oth eca%%1$ase# 7i'e' te.tua% pass+o #( etc8 * eco&nition $ase# 7i'e' & aphica% pass+o #( $iomet ics( etc8' 4o that 0D pass+o # is mu%ti facto * mu%ti pass+o # authentication scheme' Refe fi&'1

F)5.1 ,- 3D 7.--8#"0 .- M3%+) (./+#" .*0 M3%+)-7.--8#"0 A3+6&*+)/.+)#* -/6&'&. Fo authentication +ith 0D pass+o # a ne+ "i tua% en"i onment is int o#uce# ca%%e# as 0D "i tua% en"i onment +he e use na"i&ate ( mo"in& in 0D "i tua% en"i onment to c eate a pass+o # +hich is $ase# on $oth the schemes' 5e #on?t use $iomet ic scheme $ecause $iomet ic ha"in& some ma2o # a+$ac,s 7%i,e H@+ cost is mo e8 4o that +e ha"e not inc%u#e# $iomet ic authentication in ou 0D pass+o # scheme' /ecause $iomet ic authentication is efficient o"e shou%#e su fin& attac,s' /ut othe attac,s a e "ene a$%e * eas! on $iomet ic authentication' A%so inc%usion of $iomet ic ma! %ea#s to inc easin& the cost of scheme * mo e ha #+a e pa ts nee#e#'

F)5 ! ,- S.'7%& A*)'.+)#* #( V)"+3.% 3D E*2)"#*'&*+.

H)56 L&2&% D&-)5* ,

F)5.3 ,- A"/6)+&/+3"& #( 3D P.--8#"0.

F)5.4 ,- W#"C)*5 #( 3D P.--8#"0

S4-+&' R&F3)"&'&*+- ,
S#(+8."& R&F3)"&'&*+ , O7&".+)*5 S4-+&', L.*53.5&BT&/6*#%#54D T##%-D W&$ S&"2&"D D.+.$.-&D H."08."& R&F3)"&'&*+ , H."0 D)-C, RAM P"#/&--#" B: G/ 6 G/ Pentium P< @ a$o"e 5in#o+s CP@A Ea"a( E4P( 4e "%et( 4t uts( Ea"asc ipt( ED/C etc' Net$eans Apache Tomcat 4e "e M!4FL

R&(&"&*/&- ,
G1H A%su%aiman( F'A'I E% 4a##i,( A'( JTh ee1 fo 4ecu e(J 3EEE T ansactions on 3nst umentation an# measu ement( "o%'>A( no'K( pp 1K6K11K0B'4ept' 6::B' G6H Li#!a Mhas,e et a%( 3nt'E'Compute Techno%o&! * App%ications( Lo% 0 768( 344ND 666K1;:K0( >1:1>1K' G0H Te2a% Mo&nu%e an# Yu&an#ha a Thum$ e an# 4neha% Mo&nu%e( N0D pass+o #( 3nte nationa% Eou na% of Compute App%ications 73ECA8( 6:16' G<H A'/'Ga#icha ( L'/'Ga#icha ( NLi tua% Rea%i)ation usin& 0D Pass+o #( in 3nte nationa% Eou na% of E%ect onics an# Compute 4cience En&inee in&( 344N 66AA11K>;@L1N6161;1666'

You might also like