Abstract

Knowledge based authentication schemes are divided into textual password schemes and graphical password schemes. Textual password schemes are easy to use but have well known security issues, such as weak against online security attacks. Graphical password schemes are generally weak against shoulder surfing attacks. Usability is another issue with most of the graphical password schemes. For improving security of knowledge-based authentication schemes complex password entry procedures are used, which improve security but weakens useability of the authentication schemes. In order to resolve this security and usability conflict, a user authentication scheme is proposed, which contains one registration and two login screens called easy and secure login screens. Easy login screen provides easy and quick way of authentication while secure login screen is resilient to different online security attacks. A user has to decide based upon the authentication environment, which login screen to be used for authentication. For secure environment, where chances of security attacks are less easy login screen is recommended. For insecure environments where chances of security attacks are high, secure login screen is recommended for authentication. In the proposed scheme, image based passwords can also be set along with alphanumeric passwords. Results suggest that proposed scheme improves security against offline and online attacks.

Highlights

  • Textual password scheme is easy to use because it has very simple password entry procedure

  • Shoulder surfing and spyware attacks can be applied in the easy login screen but these attacks are resisted in secure login screen

  • The proposed scheme does not replaces the traditional textual password scheme but it enhances the security of textual password scheme in terms of password entry procedure and list of password elements

Read more

Summary

INTRODUCTION

Textual password scheme is easy to use because it has very simple password entry procedure This scheme is weak in security because passwords can be recorded or observed from the login screen. Strong textual passwords are difficult to guess from offline guessability attacks but they can be theft by observability and recordability attacks [4] Another issue with textual passwords is that users generally set similar passwords in different accounts [5]. Due to this approach strong alphanumeric passwords can be guessed through offline guessability attacks after hacking a password from one user account [6]. Users have option to authenticate with any of the login screen by using same password

RELATED WORK
TOWARDS SOLUTION
PROPOSED SCHEME
Registration Activity
Login Activity
USABILITY AND MEMORABILITY ANALYSIS
Testing Procedure
Testing Results
SECURITY ANALYSIS
Findings
CONCLUSION
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call