(IJCSIS) International Journal of Computer Science and Information Security,Vol.
8
, No.
8
, 2010
SECURED AUTHENTICATION PROTOCOL
SYSTEM USING IMAGES
G. Arumugam
Prof. & Head, Department of Computer ScienceMadurai Kamaraj UniversityMadurai, India.gurusamyarumugam@gmail.com
R. Sujatha
Research Associate, SSE Project, Department of Computer ScienceMadurai Kamaraj UniversityMadurai, India.sujamurali72@gmail.com
Abstract
—In order to protect secret information from sensitiveand various applications, secured authentication system shouldbe incorporated; it should contain security and confidentiality.Even if it is assumed that the cryptographic primitives areperfect, the security goals may not be achieved: the system itself may have weaknesses that can be exploited by an attacker innetwork attacks. In this paper a Secured AuthenticationProtocol System using Images (SAPSI) is presented. It ensuresconfidentiality, and authentication using server and Image basedauthentication mechanism.
Keywords- Confidentiality, Security, Server, Image-Based Authentication System, Authentication.
I.
I
NTRODUCTION
A significant challenge in providing an effective network system defence mechanism is to detect the intrusions andimplement counter-measures. Organizations who use SecuredAuthentication system tolerate no leakage at all.Cryptographic primitives are useful tools but security of the primitives does not guarantee security of the system. Usage of different level of security provides a security policy thatallows the classification of data and users based on a system of hierarchical security levels combined with a system of non-hierarchical security categories.[1, 5, 6].Cryptographic mechanisms are communication systemsthat rely upon cryptography to provide security services acrossdistributed systems. Applications increasingly rely onencryption services provided by cryptographic systems toensure confidentiality and authentication during securetransactions over the network. However the security provided by these encryption services might be undermined if theunderlying security system has any flaws in the design or implementation. Weaknesses in security systems such asmisuse of encryption, compromising the private encryption keyetc., are yet to be addressed. [8].Secured Authentication System is an application of acomputer system to process information with differentsensitivities (i.e. classification of information at differentlevels) to permit simultaneous access by users with differentsecurity clearance and to prevent users from obtaining accessto information for which they lack authorization. SecuredAuthentication has two goals: first goal is to preventunauthorized personnel from accessing information. Secondgoal is to prevent unauthorized personnel from declassifyinginformation. The traditional view of secured authentication isone of ensuring that information at a high securityclassification cannot flow down to a lower securityclassification.[1, 3, 12].In this paper, Secured Authentication Protocol Systemusing Images is proposed. It overcomes the identifieddrawbacks of existing systems. The attacks on existing modelembedded in encrypted sessions are detected as monitoring the processes taking part in the systems is integrated. The newsystem uses encryption mechanisms. Hence the insideinformation is protected and also the outside attacks are prevented. To establish this, a server with authenticationmechanism is used. Types of attacks were proscribed in the proposed system are Brute force attack, Dictionary attack,Keyloggers, Shoulder Surfing, Man-In-The-Middle attack andDatabase Server Compromise attack.
Brute force attack.
The hacker can try two kinds of Bruteforce attacks on this system. One is re-using of images andanother is without re-use of images. For a user, there will be aunique password of length 8 or above selected in SAPSI for the given session. Possible image patterns were dynamicallychanged on every session along with random numbers. By performing this attack in SAPSI hacker unable to break the password because it needs two processes.
Dictionary attack.
Dictionary attack is one of the mostcommonly used techniques to break a Password-based system.If same kind of sequences appeared in the network for a longtime it can be guessed by the hacker.
Keyloggers.
Keylogger is a program, which captures theuser’s keystrokes and sends this information to the hacker.The natural protection for an authentication system from thekeylogger is to have a one-time password (or Dynamic password).
Shoulder Surfing.
Shoulder surfing is looking over someone’s shoulder when they enter a password or a PIN code.It is an effective way to get information in crowded places because it is relatively easy to stand next to someone andwatch as they fill out a form, enter a PIN number at an ATMmachine, or use a calling card at a public pay phone. Shoulder surfing can also be done at a distance with the aid of
110http://sites.google.com/site/ijcsis/ISSN 1947-5500
(IJCSIS) International Journal of Computer Science and Information Security,Vol.
8
, No.
8
, 2010
binoculars or other vision-enhancing devices to know the password.
Man-In-The-Middle Attack.
A man in the middle attack isone in which the attacker intercepts messages in a public keyexchange and then retransmits them, substituting his own public key for the requested one, so that the two original parties still appear to be communicating with each other.This strategy is implemented to protect information fromunauthorized disclosure or modification and to providemechanisms to authenticate users participating in the exchangeof information.[7].In section 2 related works are discussed with their drawbacks.Section 3 discusses the overview of Proposed SecuredAuthentication System with server and Authenticationmechanism using images methodology.In section 4 implementation details related to the system are presented. Conclusion is given in section 5.II.
RELATED
WORK Enhanced authentication mechanism using multilevelsecurity model (EAMMSM) is the system that belongs to andapplies multilevel security. Any sensitive application itincludes confidential and secret information which must beused effectively in complicated and authenticated procedures.Using five levels of authentication methods with a set of privileges assigned, each user has to surpass 50% of everylevel to get the privileges rights.[1].During authentication the information was hacked from thenetwork plane using network analyser tool. Leakage of information occurred in three levels while transmittinganswers with username and multiple questions methods.In Improving text password through persuasion (ITPTP),users entered their passwords with visibility.[2].Users tend to choose their passwords in a simple manner byentering visibility method, which makes the hacker to knowwith shoulder-surfing process.An authentication method combining text and graphical passwords (AMCTGP), and users selecting their passwordsusing random numbers assigned to images, is given in [11].Users selecting their passwords by clicking randomnumbers listed in the selection panel can be identified by ahacker using movie-clip camera phones.In Multiple password interference in text and click-basedgraphical passwords (MPITCGP), users select their passwordsfrom the given image as pass points.[10].Users’ selecting their passwords from the given image is ahectic process. If any mismatch of pass points occurred theoriginal user itself would be unable to get authentication even by knowing pass point selections.In Pass Pattern System (PPS): A Pattern-Based User Authentication Scheme, data hacked from database throughdatabase compromise server attack is represented. [7].There are several attempts reported in literature aboutauthentication schemes in lieu of the traditional Password- based system. Each attempt is successful in increasing thestrength of the system against some of the known attacks.They are either computationally intensive or they requireadditional hardware/software in the infrastructure. In thissection we review the current attempts, identify the gaps andemphasize the motivation for developing SecuredAuthentication Protocol System using Images.
SSE Project funded through NTRO, New Delhi.
VerificationProcess inServer
Denied
AUTHENTICATIONPROCESS
Client
Level 1
User Name
Password
Authentication usingImages
Level 2
Security Questions
Resultant Factor
Security QuestionsAuthentication
AuthenticationGranted
Figure 1:
Secured Authentication Protocol System using Images Flow Diagram
111http://sites.google.com/site/ijcsis/ISSN 1947-5500
(IJCSIS) International Journal of Computer Science and Information Security,Vol.
8
, No.
8
, 2010
Motivation for Secured Authentication Protocol Systemusing Images:
We proposed secured authentication system isrobust against attacks such as the brute force, shoulder surfing,social engineering, database server compromise attack andMan-In-The-Middle attacks. It incorporates the essence of Image-based authentication system.III.
SECURED AUTHENTICATION PROTOCOL SYSTEMUSING IMAGES
This system involves the use of authentication mechanismand a server that minimizes the hacking by the attackers. Itmonitors the clock cycle process effectively. Two processesare involved in this system. They are a) Authentication usingImages and b) Security Questions Authentication using server represented as flow diagram in Figure 1.
A.
Authentication using Images
This is a Image-based authentication system based on the premise that ‘humans are good at identifying, rememberingand recollecting graphical image patterns than text patterns’.[9].In SAPSI the client gets authenticated in two levels. In thefirst level the client gets authenticated using username and password method with graphical image patterns. It isillustrated in Figure 2.For providing the password the client has to enter the indexnumber provided at the images. While entering indexnumbers in the password area it will be hidden and bulletmarks will be displayed. For example, if the client choosesimages rose, white lion and lord shiva then the index numbers27, 44 and 17 should be entered in a selected order. Whileconfirming password images index numbers were shuffled, souser has to re-enter the password by giving different indexnumbers according to the images chosen. Here both image patterns and index numbers are represented as dynamicarrangements in every login attempt. Due to this setup no onewould be able to read or guess the mechanism involved.For every authentication the images were shuffled andindex numbers were varied and shuffled. It is represented inFigure 3.
237012413117274455
237012413117274455
Figure 2:
A sample Secured
Authentication Protocol Systemusing Image Patterns
The client has to enter the index numbers according to theselected images in an order given during registration. As per the selection made during registration, the client has to enter index numbers now as 29, 34 and 61.Each image will be mapped with a corresponding number which is stored in the Image-Map table. Instead of comparingthe images, the mapped numbers are compared. It serves asuser friendly for the end-user and machine friendly for thesystem by reducing the comparison time by using numbersrather than images. A mapping mechanism which validatesthe index numbers with hidden letters is represented in Table I.
Figure 3:
A sample shuffling mechanism of Secured Authentication Protocol System using Image Patters.
The client can select the images on some sequences familiar to him/her. Due to shuffling mechanism, this method reducesthe guess ability of the persons who are related to the clients.During entry of password, only bullets appear in the passwordarea which avoids the shoulder surfing attacks.When sending random numbers in the network plane, it will be converted into a computed ascii value, so that Man-In-The-Middle attack is prohibited.
TABLE
IA
S
AMPLE IMAGE
-
MAP MECHANISM FOR
SAPSI
ImageNumbersConst HidCharactersRandom Numbers1 Itera-tion2 Itera-tion3 Itera-tion
I1 AO 23 15 20I2 IP 70 21 24I3 LJ 31 10 18I4 X1 41 16 13I5 YU 12 19 35I6 MK 17 29 26I7 HR 27 34 90I8 EW 44 61 67I9 SA 55 65 58
112http://sites.google.com/site/ijcsis/ISSN 1947-5500
Search History:
Result 00 of 00
00 results for result for
p.
Secured Authentication Protocol System Using Images
In order to protect secret information from sensitive and various applications, secured authentication system should be incorporated; it should contain security and confidentiality. Even if it is assumed that the cryptographic primitives are perfect, the security…
(More)
791
Reads
2
Readcasts
1
Embed Views
More From This User
Notes
Load more
