In today's world of ubiquitous computing, cyber attacks are becoming more virulent, costlier, and larger in scope than ever before. Unlike previous incarnations of hacking, current attacks on computer systems are professionally coordinated, multifaceted, and motivated by the promise of profits on a massive scale. With millions of new electronic devices connecting to the internet every day, hackers are increasingly focused on a new type of target: mobile and embedded systems. Such systems include point-of-sale terminals, wireless routers, phones, networked office machines such as printers, and even the utility infrastructure. Pass points scheme is one of the techniques used in Authentication using Graphical Images. In this method, users click on images rather than typing a long and complex alphanumeric password with the computer keyboard. Psychological studies have shown that people can remember pictures better than text. During the time of registration a user may choose several areas (click points) on an image. In order to log in the user has to click close to the chosen click points, e.g. within 0.25cm to 0.50cm from the click point, because users cannot click exactly on the same pixel on which they have clicked at the time of registration. This margin of error around the click point is called Tolerance. Existing Pass points scheme uses a fixed tolerance (say 20X20 pixels) over a number of clicks by the user. But by varying the tolerance (i.e., decrementing the tolerance level) as users click on more points, the information left to an attacker is reduced. We have also introduced multiple graphical passwords approach to counter shoulder surfing attack. Cutting-edge hackers are acutely aware that many of the security procedures and applications in use today have been designed for PC workstations, and are thus unable to thwart attacks on mobile and embedded systems. Smart phones, for example, remain notoriously insecure, yet they are gaining popularity as platforms for exchanging confidential data and conducting financial transactions. Billions of dollars are at risk as people do more and more of their everyday banking and shopping on mobile and wireless devices. Even heart pacemakers have joined the networked world and are now vulnerable to hacking. upsurge in cyber attacks against our utility infrastructure. If hackers continue to attack the so-called smart grid, which connects sensors and control systems with sophisticated computers and networks, they could bring our nation's commerce to a standstill, endanger lives, and put our national security at risk. Now a days, all business, government, and academic organizations are investing a lot of money for the security of information. In this dangerous new interconnected world, we need to take a serious look at what types of hacking strategies are being employed today, and implement security solutions that are designed specifically for mobile and embedded devices. This paper attempts to highlight some of the latest attacks against embedded systems, including mobile phones, medical devices, and the nation's electric infrastructure. A key area in securing the valuable information authentication. What is Authentication? Authentication refers to the process of verifying the Identity of a communication partner. It determines whether a user is allowed to access a particular system or resource. Today it is a critical area of security research. Authentication techniques can be classified into three categories. They are 1) Token based authentication 2) Biometric based authentication 3) Knowledge based authentication The classification is shown in Fig. 1. The best example for token based authentication is a bank cards like credit or debit. Some authentication systems also use knowledge based authentication technique to enhance the security of information. For example, ATM debit cards generally require a PIN number which is to be remembered by the user.
Read full abstract