“hybrid authentication schemes”
DESCRIPTION
Jawaharlal Nehru National College of Engineering, Shimoga – 577204 Department of Computer Science & Engineering. Technical Seminar on,. “HYBRID AUTHENTICATION SCHEMES”. Presented By Bhavatarini.N 1 st semester, M.Tech . Coordinator, Dr. R Sanjeev Kunte B.E., M.Tech ., Ph.D - PowerPoint PPT PresentationTRANSCRIPT
Jawaharlal Nehru National College of Engineering, Shimoga – 577204
Department of Computer Science & Engineering
“HYBRID AUTHENTICATION SCHEMES”
Technical Seminar on,
Under the guidance of,Mrs. Sowmya DB.E.,
M.Tech., Asst. Prof.
Dept. of CS&E,JNNCE
Presented ByBhavatarini.N
1st semester, M.Tech.Coordinator,
Dr. R Sanjeev Kunte B.E.,
M.Tech., Ph.DProfessor.
Dept. of CS&E,JNNCE
Authentication is basic step of information security. Textual passwords used to authenticate are prone to eves dropping, dictionary attacks, etc. Graphical passwords are believed to be more secure than textual passwords, but they are also susceptible for many attacks such as shoulder surfing.
To solve this problem, text can be combined with images or colors to generate session passwords for authentication, or one or more authentication schemes may be combined forming hybrid authentication schemes, which provide more security, reliability than traditional schemes.
ABSTRACT
CONTENTS
PasswordAuthentication Graphical passwordsClassification of graphical passwordsHybrid authentication schemes
Password
AUTHENTICATION
Required for authenticating in order to provide access to something(resource, object).
PASSWORD
PROVIDE ACCESS
Password Ideal Password >
REDUCES LOGIN TIME
DIFFICULT TO GUESS
EASE TO ACCESS
IDEAL PASSWORD
< Password Ideal Password Authentication >
Authentication
Classifications Of Authentication Methods
< Authentication Classifications Drawbacks >
Drawbacks
AlphanumericEasily remembered
or difficult to guess but not both.
Vulnerable to shoulder surfing.
BiometricExpensive
Increases login time.
Entire device may become useless incase of a surgery or an accident changing the biometric feature.
< Classifications Drawbacks Graphical Passwords >
Graphical Passwords
An authentication system that works by having the user select from images, in a specific order, presented in a graphical user interface (GUI).
Also called as graphical user authentication (GUA)
< Graphical Passwords Graphical Passwords Graphical passwords >
It is Promising alternative to conventional password based authentication systems.
Uses pictures instead of textual alternative.
Easier to remember User friendly Increases the level of security
< Graphical Passwords Graphical Passwords Hierarchy of Graphical passwords >
Graphical Passwords
RECALL BASED
CUED RECALL BASED
RECOGNITION BASED
< Graphical Passwords Hierarchy of Graphical Passwords Recall Based Systems >
Recall Based Systems
Draw-a-Secret (DAS) Algorithm
< Recall Based Systems DAS algorithm Disadvantages >
(2,2), (3,2), (3,3), (2,3), (2,2), (2,1), (5, 5)
Disadvantages
•User finds difficulty in recalling the stroke order
•Weak passwords are susceptible to graphical dictionary attack.
• Susceptible to shoulder surfing and guessing attack.
< DAS algorithm Disadvantages Cued Recall Based Systems >
Cued Recall Based Systems
Blonder Algorithm< Cued Recall Based Systems Blonder Algorithm Blonder Algorithm >
• Password is created by having the user click on several locations on an image.
• The image can assist users to recall their passwords
• Prone to guessing attack
Disadvantages : password space is relatively small
< Blonder Algorithm Blonder Algorithm Recognition Based Technique >
Recognition Based Technique
Recognition is easier than recall.“I know you but I forgot your name”
< Recognition Based Technique Recognition Based Technique Dharmija and Perrig Technique >
Dhamija and Perrig Technique
Disadvantage: prone to shoulder surfing.
< Recognition Based Technique Dharmija and Perrig Technique Passface algorithm >
Passface Algorithm< Shoulder-Surfing Passface Algorithm Hybrid Authentication >
• Technique is based on the assumption that people can recall human faces easier than other pictures.
Disadvantages :
• requires more time• Some obvious patterns were found• Prone to shoulder surfing and guessing attacks
Hybrid Authentication Schemes
Hybrid Authentication SchemeCombination of
•two or more authentication scheme
•Shape ,colors and text
Used in Personal digital assistants (PDA) Used to provide secure authentication
during E-transaction
< Hybrid Authentication Hybrid Authentication Pair Based Authentication >
Pair Based Authentication Scheme
Pair based authentication scheme
1 A J R H 70 K 9 I Q G3 B O C P 6Z L 4 S T 2M Y W D 5 F8 X N V E U
Login:
< Pair Based Authentication Pair Based Authentication Hybrid Textual Authentication >
< Pair Based Authentication Pair Based Authentication Hybrid Textual Authentication >
STEP 1:If the password considered is SACHIN46
Example:
STEP 2:Consider the password selected in pairs.SACHIN46STEP 3:Search for the letter which is in the intersection of the pair of letters, considering the row of first letter and column of second letter
1 A J R H 70 K 9 I Q G3 B O C P 6Z L 4 S T 2M Y W D 5 F8 X N V E U
Login:
< Pair Based Authentication Pair Based Authentication Hybrid Textual Authentication >SACHIN46
1 A J R H 70 K 9 I Q G3 B O C P 6Z L 4 S T 2M Y W D 5 F8 X N V E U
Login:
< Pair Based Authentication Pair Based Authentication Hybrid Textual Authentication >
LPV2
Hybrid Textual Authentication Scheme
Registration phase
•Enter the username•Rate the colors
1 2 3 4 5 6 7 8
< Hybrid Textual Authentication Hybrid Textual Authentication Hybrid Textual Authentication >
3 4 6 8 5 2 7 1
1 2 3 4 5 6 7 8
1 5 7 8 3 1 4 2 6
2 8 6 4 2 3 1 5 7
3 3 5 6 4 7 8 1 2
4 2 3 5 6 8 7 4 1
5 7 2 1 5 4 6 8 3
6 1 4 7 8 2 3 6 5
7 4 1 2 7 6 5 3 8
8 6 8 3 1 5 2 7 4
Login:
< Hybrid Textual Authentication Hybrid Textual Authentication Secure E-transaction >
3 4 6 8 5 2 7 1
1 2 3 4 5 6 7 8
1 5 7 8 3 1 4 2 6
2 8 6 4 2 3 1 5 7
3 3 5 6 4 7 8 1 2
4 2 3 5 6 8 7 4 1
5 7 2 1 5 4 6 8 3
6 1 4 7 8 2 3 6 5
7 4 1 2 7 6 5 3 8
8 6 8 3 1 5 2 7 4
5Login:
< Hybrid Textual Authentication Hybrid Textual Authentication Secure E-transaction >
Hybrid Authentication Scheme For Secure E-transaction
Hybrid Authentication Scheme For Secure E-Transaction
• 3 step process
• Resistant to phishing attack, shoulder surfing and guessing attacks.
•Used to provide secured and reliable authentication procedure for E-Transactions.
< Secure E-transaction Secure E-transaction Registration Algorithm >
Registration algorithm
1. Enter Username (Ur) (If exists Enter New Username)
{Ur: It is a set of characters.}
2. Now user selects the desired text password (Tr).
{Tr: It is a set alphabets, characters and etc.}
3. Draw a Secret (DASr) for producing recall based password.
{DASr: It is combination of Dot Pattern produce by user.}
< Secure E-Transaction Registration Algorithm Registration Algorithm >
4. User selects the images (Ir) from the various categories of images for recognition based password. {Ir: It is a set of images selected for authentication by user in a definite order}
5. Registration complete.
< Registration Algorithm Registration Algorithm Authentication Algorithm >
Authentication algorithms1. Enter Username (Ua) (If not valid enter
valid username.)
{Ua: It is the username given during registration.}
2. Now user enters the text password (Ta). (If not verified enter valid text password)
{Ta: Text password selected during registration.}
3. Draw the DASa.
{DASa: It is combination of Dot Pattern produced by the user during registration.}
< Registration Algorithm Authentication Algorithm Authentication Algorithm >
4. Selects the images (Ia) from the various categories of images for recognition based password.{Ia: It is a set of images selected during registration by user in a definite order.}
5. If successful then,
6. Authentication Complete
< Authentication Algorithm Authentication Algorithm Based On Shape And Text >
A Hybrid Password Authentication Scheme Based On Shape And Text
BASIC IDEA
•Map the shape from strokes and grids to text.
Shape TextStrokes and grid
< Based On Shape And Text Basic Idea Notations >
Notations • U: The set of elements appeared in the grid in the
interface.
• V: Input passwords vector, which consists of elements in U.
• |V|: Size of the V. It also represents the length of the input passwords, or the strokes’ size.
• g: the size of the grid.
• S: Shape of the password.
• |S|: Number of strokes of the password
< Basic Idea Notations Password Set Interface >
Password Set Interface< Notations Password Set Interface Password Set Procedure >
Password Set Procedure< Password Set Interface Password Set Procedure Original Stroke >
Original Stroke On The Interface
< Password Set Procedure Original Stroke Different Input Style >
Different input style< Original Stroke Different Input Style Security Analysis >
Security Analysis
Brute Force Attack
• Produces every combination of password • Text based passwords contain 94 ˄N number
of space where 94->number of printable characters , N -> length•Almost proven successful against text
passwords•Hybrid authentication schemes are resistant
to brute force attack.
< Security Analysis Brute Force Attack Dictionary Attack >
Dictionary attack
•Generally directed towards textual passwords.
• It is a method of breaking into a password protected system by systematically entering every word in a dictionary as password.
•Dictionary attack has no effect on hybrid authentication scheme because of the session passwords.
< Brute Force Attack Dictionary Attack Guessing Attack >
Guessing attack
•Mechanism in which passwords are guessed.
• Text passwords are sometimes easy to guess
•Guessing attacks fails in case of hybrid authentication schemes.
< Dictionary Attack Guessing Attack Shoulder Surfing Attack >
Shoulder Surfing Attack
• Passwords are identified by looking over a person’s shoulder.• Common in crowded places
• Both text and graphical passwords are vulnerable.
•Hybrid authentication scheme is resistant and hence can be used in e-transactions
< Guessing Analysis Shoulder Surfing Attack Conclusion >
Conclusion
< Conclusion Conclusion
Currently many schemes and techniques are available for authentication. There is a growing interest in using pictures as passwords rather than text passwords. The major advantage of the hybrid authentication scheme is that, it is a secure authentication system for E-transaction, and for PDAs. In fact, this particular system needs not to be depended on any elements like cards or human parts etc. for authenticating the user. It increases the reliability, accuracy, security and also the memorability of the system.
Conclusion