Implementation Opass Authentication Protocol System for net Security

P.Shanmukha kumar; Sri. k.Ishthaq Ahamed

doi:https://doi.org/10.14445/22312803/IJCTT-V4I5P72

Research Article | Open Access | Download PDF

Volume 4 | Issue 5 | Year 2013 | Article Id. IJCTT-V4I5P72 | DOI : https://doi.org/10.14445/22312803/IJCTT-V4I5P72

Implementation Opass Authentication Protocol System for net Security

P.Shanmukha kumar, Sri. k.Ishthaq Ahamed

Citation :

P.Shanmukha kumar, Sri. k.Ishthaq Ahamed, "Implementation Opass Authentication Protocol System for net Security," International Journal of Computer Trends and Technology (IJCTT), vol. 4, no. 5, pp. 1336-1340, 2013. Crossref, https://doi.org/10.14445/22312803/IJCTT-V4I5P72

Abstract

Safety may be a major focus of awareness for operators and users of the web site and its several applications, among the tough issues still inefficiently self-addressed is identity authentication for functions of associating specific user with particular services and authorizations. Asking may be thanks to classify users such shaping recommendation is tough for adversaries, whereas providing robust authentication of their chosen identifiers remains straightforward and convenient for users. Text based mostly word is that the most well liked style of user authentication on websites as a result of its convenience and ease. However, users’ passwords are at risk of be purloined and compromised beneath completely different threats and vulnerabilities. Firstly, users usually choose weak passwords and utilize similar passwords across completely different websites. Habitually reusing words causes a domino effect; once Associate in nursing resister compromises one password, she`s going to exploit it to realize access to additional websites. Second, typewriting words into untrusted computers suffers password outlaw threat. Associate in nursing resister will launch many word stealing attacks to grab passwords, like phishing, key loggers and malware. During this paper, we tend to style a user authentication protocol named oPass that leverages a user’s telephone and short message service to thwart word stealing and word utilize attacks. OPass solely needs every taking part web site possesses a novel signaling, and involves a telecommunication service supplier in registration and recovery phases. Through oPass, users solely ought to bear in mind a long word for login on all websites. Once evaluating the OPass example, we tend to believe OPass is economical and reasonable compared with the standard internet authentication mechanisms.

Keywords

Network security, parole use attack, parole stealing attack, user authentication, just the once parole, SMS.

References

[1] B. Ives, K. R. Walsh, and H. Schneider, “The domino effect of password reuse,” Commun. ACM, vol. 47, no. 4, pp. 75–78, 2004.
[2] S. Gawand E. W. Felten, “Password management strategies for online accounts,” in SOUPS ’06: Proc. 2nd Symp. Usable Privacy . Security, New York, 2006, pp. 44–55, ACM.
[3] D. Florencio and C. Herley, “A large-scale study of web password habits,” in WWW ’07: Proc. 16th Int. Conf. World Wide Web., New York, 2007, pp. 657–666, ACM.
[4] S. Chiasson, A. Forget, E. Stobert, P. C. van Oorschot, and R. Biddle, “Multiple password interference in text passwords and click-based graphical passwords,” in CCS ’09: Proc. 16th ACM Conf. Computer Communications Security, New York, 2009, pp. 500–511, ACM.
[5] I. Jermyn, A. Mayer, F. Monrose, M. K. Reiter, and A. D. Rubin, “The design and analysis of graphical passwords,” in SSYM’99: Proc. 8th Conf. USENIX Security Symp., Berkeley, CA, 1999, pp. 1–1, USENIX Association.
[6] A. Perrig and D. Song, “Hash visualization: A new technique to improve real-world security,” in Proc. Int.Workshop Cryptographic Techniques E-Commerce, Citeseer, 1999, pp. 131–138.
[7] J. Thorpe and P. van Oorschot, “Towards secure design choices for implementing graphical passwords,” presented at the 20th. Annu. Computer Security Applicat. Conf., 2004.
[8] S. Wiedenbeck, J. Waters, J.-C. Birget, A. Brodskiy, and N. Memon, “Passpoints: Design and longitudinal evaluation of a graphical password system,” Int. J. Human-Computer Studies, vol. 63, no. 1–2, pp. 102–127, 2005.
[9] S. Wiedenbeck, J. Waters, L. Sobrado, and J.-C. Birget, “Design and evaluation of a shoulder-surfing resistant graphical password scheme,” in AVI ’06: Proc. Working Conf. Advanced Visual Interfaces, New York, 2006, pp. 177–184, ACM. [10] B. Pinkas and T. Sander, “Securing passwords against dictionary attacks,” in CCS ’02: Proc. 9th ACM Conf. Computer Communications Security, New York, 2002, pp. 161–170, ACM.
[11] J. A. Halderman, B. Waters, and E. W. Felten, “A convenient method for securely managing passwords,” in WWW ’05: Proc. 14th Int. Conf. World Wide Web, New York, 2005, pp. 471–479, ACM.
[12] K.-P. Yee and K. Sitaker, “Passpet: Convenient password management and phishing protection,” in SOUPS ’06: Proc. 2nd Symp. Usable Privacy Security, New York, 2006, pp. 3243, ACM.
[13] S. Chiasson, R. Biddle, and P. C. van Oorschot, “A second look at the usability of click-based graphical passwords,” in SOUPS ’07: Proc. 3rd Symp. Usable Privacy Security, New York, 2007, pp. 1–12, ACM.
[14] K. M. Everitt, T. Bragin, J. Fogarty, and T. Kohno, “A comprehensive study of frequency, interference, and training of multiple graphical passwords,” in CHI ’09: Proc. 27th Int. Conf. Human Factors Computing Systems, New York, 2009, pp. 889–898, ACM.
[15] J. Thorpe and P. C. van Oorschot, “Graphical dictionaries and thememorable space of graphical passwords,” in SSYM’04: Proc. 13th Conf. USENIX Security Symp., Berkeley, CA, 2004, pp. 10–10, USENIX Association.
[16] J. Thorpe and P. C. van Oorschot, “Human-seeded attacks and exploiting hot-spots in graphical passwords,” in SS’07: Proc. 16th USENIX Security Symp. USENIX Security, Berkeley, CA, 2007, pp. 1–16, USENIX Association.
[17] P. van Oorschot, A. Salehi-Abari, and J. Thorpe, “Purely automated attacks on passpoints-style graphical passwords,” IEEE Trans. Information Forensics Security, vol. 5, no. 3, pp. 393–405, Sep. 2010.
[18] R. Dhamija, J. D. Tygar, and M. Hearst, “Why phishing works,” in CHI ’06: Proc. SIGCHI Conf. Human Factors Computing Systems, New York, 2006, pp. 581–590, ACM.
[19] C.Karlof,U. Shankar, J. D.Tygar, andD.Wagner, “Dynamic pharming attacks and locked same-origin policies for web browsers,” in CCS ’07: Proc. 14th ACMConf. Computer Communications Security, NewYork, 2007, pp. 5871, ACM.
[20] T. Holz, M. Engelberth, and F. Freiling, “Learning more about the underground economy:Acase-study of keyloggers and dropzones,” Proc. Computer Security ESORICS 2009, pp. 1–18, 2010.
[21] N. Provos, D. Mcnamee, P. Mavrommatis, K. Wang, and N. Modadugu, “The ghost in the browser: Analysis of webbased malware,” in Proc. 1st Conf. Workshop Hot Topics in Understanding Botnets, Berkeley, CA, 2007.
[22] Phishing Activity Trends Rep., 2nd Quarter/2010 AntiPhishing Working Group [Online]. Available: http://www.antiphishing.org/
[23] B. Parno, C. Kuo, and A. Perrig, “Phoolproof phishing prevention,” Financial Cryptography Data Security, pp. 1–19, 2006.