Password Authentication Method Research Articles

A Survey on Secure Eye: Blink-Based Morse Authentication

Real-time password authentication methods are widely used by people, but they can be exploited or defeated with the help of a hot track or high-speed scan. By using blinding hand motions in place of visible fingerprints, pin verification offers a more secure method of password entry. The procedure of blinking the eyes while taking many picture frames and coming up with a PIN is known as blink-based authentication. This paper provides a range of real-time applications that combine instant-based PIN, facial detection, and One-time Passwords to eliminate shoulder-to-shoulder and scratch tracking

Single Sign On Using Keycloak Integrated Public Key Infrastructure for User Authentication In Indonesia’s Electronic Based Government System

The government in carrying out its function as a public administration servant is regulated in law of the Republic of Indonesia number 25/2009 on public services. In this regulated about electronic government (e-government), many individuals use various web applications that require users to authenticate themselves to access each application. Many entities require various web- based applications for operational activities. This makes centralized access management for web-based applications very much needed. Currently, access management is often implemented using Single Sign On (SSO) with password authentication method. Security considerations arise against the use of passwords. This is because passwords have a vulnerability to brute forcing using a password list, and human nature often uses repeated or uncomplicated passwords. There is an alternative authentication method, namely Mutual TLS which utilizes Public Key Infrastructure (PKI). Users authenticate with X.509 digital certificates, so the authentication factor becomes something you have. This research aims to implement an integrated PKI SSO system and RBAC access automation. The approach of this project is research, design, implementation, and testing. The entire system is built with open-source software and implemented on a cloud infrastructure. The system has three subsystems, namely registration, login and RBAC access automation. All subsystems are tested according to the specified flow. The test results show that the registration subsystem has been successfully carried out as evidenced by the success of filling in personal data, approval flow, and downloading of certificates. The login subsystem was also successfully implemented, as evidenced by the existence of mTLS authentication with certificate validation. In testing the RBAC access automation subsystem, it is shown that the script created can perform access checks and access remediation if needed.

Deep learning based graphical password authentication approach against shoulder-surfing attacks

The password used to authenticate users is vulnerable to shoulder-surfing assaults, in which attackers directly observe users and steal their passwords without using any other technical upkeep. The graphical password system is regarded as a likely backup plan to the alphanumeric password system. Additionally, for system privacy and security, a number of programs make considerable use of the graphical password-based authentication method. The user chooses the image for the authentication procedure when using a graphical password. Furthermore, graphical password approaches are more secure than text-based password methods. In this paper, the effective graphical password authentication model, named as Deep Residual Network based Graphical Password is introduced. Generally, the graphical password authentication process includes three phases, namely registration, login, and authentication. The secret pass image selection and challenge set generation process is employed in the two-step registration process. The challenge set generation is mainly carried out based on the generation of decoy and pass images by performing an edge detection process. In addition, edge detection is performed using the Deep Residual Network classifier. The developed Deep Residual Network based Graphical Password algorithm outperformance than other existing graphical password authentication methods in terms of Information Retention Rate and Password Diversity Score of 0.1716 and 0.1643, respectively.

A Comparison of a Touch-Gesture- and a Keystroke-Based Password Method: Toward Shoulder-Surfing Resistant Mobile User Authentication

The pervasive use of mobile devices exposes users to an elevated risk of shoulder-surfing attacks. Despite the prior work on shoulder-surfing resistance of mobile user authentication methods, there is a lack of empirical studies on textual password authentication methods, particularly the hybrid passwords that integrate textual passwords with biometrics. To fill the literature gap, this research compares two hybrid password methods, touch-gesture- and keystroke-based passwords, with respect to their shoulder-surfing resistance performance. We select a touch-gesture-based password method that deploys multiple shoulder-surfing resistance strategies and a keystroke-based password method that leverages keystroke dynamics. To gain a holistic understanding of these password methods, we examine them under a variety of shoulder-surfing settings by varying interaction mode, observation angle, entry error, and observation effort. Going beyond effectiveness metrics, we also introduce efficiency metrics to assess shoulder-surfing resistance performance more comprehensively. We hypothesize and test the effects of shoulder-surfing settings by conducting both a longitudinal lab experiment and an online experiment with diversified participants. The results of both studies demonstrate the superior performance of the touch-gesture-based password method to the keystroke-based counterpart. The results also provide evidence for the effects of interaction mode, observation angle, and observation effort on shoulder-surfing resistance of hybrid passwords. Our findings offer suggestions for the design and strategies for strengthening the security of password authentication methods.

Attacking Windows Hello for Business: Is It What We Were Promised?

Traditional password authentication methods have raised many issues in the past, including insecure practices, so it comes as no surprise that the evolution of authentication should arrive in the form of password-less solutions. This research aims to explore the problems that password authentication and password policies present and aims to deploy Windows Hello for Business (WHFB) on-premises. This includes creating three virtual machines (VMs) and evaluating WHFB as a password-less solution and showing how an attacker with privileged access may retrieve the end user’s domain password from the computer’s memory using Mimikatz and describing the possible results. The conducted research tests are in the form of two attack methods. This was feasible by the creation of three VMs operating in the following way. The first VM will act as a domain controller (DC) and certificate authority server (CA server). The second VM will act as an Active Directory Federation Service (ADFS). The third VM will act as the end-user device. The test findings research summarized that password-less authentication is far more secure than the traditional authentication method; this is evidenced throughout the author’s tests. Within the first test, it was possible to retrieve the password from an enrolled device for WHFB while it was still in the second phase of the deployment. The second test was a brute-force attack on the PIN of WHFB; since WHFB has measures to prevent such attacks, the attack was unsuccessful. However, even though the retrieval of the password was successful, there are several obstacles to achieving this outcome. It was concluded that many organizations still use password authentication as their primary authentication method for accessing devices and applications. Larger organizations such as Microsoft and Google support the adoption of password-less authentication for end-users, and the current usage of password-less authentication shared by both organizations is encouraged. This usually leads organizations to adopt this new solution for their IT infrastructure. This is because it has been used and tested by millions of people and has proven to be safe. This supports the findings of increased usage and the need for password-less authentication by today’s users.

To Survey Graphical Password Verification Method

Abstract: In this present time, authentication is the way of giving persons access to system object based on user's uniqueness. If the codes match, the process will be succeed and user will get the consent to access the system. Text based password scheme follows the guidelines such as at least 8 characters long, should combine upper-case and lower-case and digit. user have problem to remember their complicated password over time due to the limitation of human brain, user tend to forget about their password. User tend to use the same password for all type of account. So if one account is hacked, the possibility for other account to be hack is a high. Graphical password can be used as alternative to solve the issue related to the text-based authentication based on the fact that humans can tend to remember pictures batter then text. Now a day’s many computer system, Network and internet based environment are trying to use of graphical authentication technique in this paper we make a survey of the basic authentication and its technique and also presents a comprehensive study of graphical password authentication method and graphical password system.

Attack Resistant Graphical Password Authentication Method Against Shoulder Surfing, Smudge and Brute Force Attacks

Attack Resistant Graphical Password Authentication Method Against Shoulder Surfing, Smudge and Brute Force Attacks

Differential Contour Stellar-Based Radio Frequency Fingerprint Identification for Internet of Things

Data attacks from illegal access devices of the Internet of Things will cause serious interference and threats to the entire network. It is difficult to ensure the security of the communication system only by relying on traditional application layer password authentication methods. Therefore, it is of great significance to design an effective physical layer authentication system based on radio frequency fingerprints. Regarding the issue above, this paper proposes a novel physical layer authentication method for Internet of Things based on differential contour stellar. Through the test of identification and authentication of 20 WiFi network card devices from same manufacturer, same type and same batch, the recognition accuracy rate can reach 98.6% by the proposed method. The proposed method can improve the effect of radio frequency fingerprint identification from three aspects: i. The differential processing can effectively reduce the negative influence of phase rotation caused by carrier frequency offset and Doppler effects; ii. The color processing can effectively reduce the negative influence of random noise caused by channel noise; iii. It is suitable for processing large-scale networks and the massive data they bring.

Gateway‐oriented two‐server password authenticated key exchange protocol for unmanned aerial vehicles in mobile edge computing

With the popularity of unmanned aerial vehicles (UAVs), more and more valuable data can be collected by UAVs. In order to balance the data usage and communication cost, the data can be preprocessed in UAVs rather than directly transmitting to the data centre in the edge computing paradigm. Users can obtain information of interest by accessing the data centre remotely by authenticating themselves to the data centre using the most pervasive password authentication method. Unfortunately, the data centre becomes the main attack target because it not only stores the data but also maintains the passwords of all the users. Aiming at protecting the data as well as the password in the UAV-enabled mobile edge computing environment, the authors combine the advantages of gateway-oriented password authenticated key exchange (PAKE) protocols and two-server PAKE protocols and put forward an efficient gateway-oriented two-server PAKE protocol. The security of the proposed protocol is given in the random oracle model. The performance comparison shows their proposal has comparable efficiency in computation and communication costs. Their protocol provides better protection to the password without sacrificing efficiency. Consequently, their protocol is more suitable for real applications in UAV-enabled mobile edge computing environment.

AcSIS: Authentication System Based on Image Splicing

Text-based passwords are widely used for the authentication of digital assets. Typically, password security and usability is a trade-off, i.e. easy-to-remember passwords have higher usability that makes them vulnerable to brute-force and dictionary attacks. Complex passwords have stronger security but poor usability. In order to strengthen the security in conjunction with the improved usability, we hereby propose a novel graphical authentication system. This system is a picture-based password scheme which comprises of the method of image splicing. Authentication data were collected from 33 different users. The usability of the method was evaluated via a comparison between the number of correct and incorrect authentication attempts and time taken. Additionally, a comparison was made between our proposed method and a complex text-based password authentication method using the authentication success rate. Authentication using image splicing proved to be resilient to brute-force attacks since the processing of images consumes a voluminous password space. The evaluation of the usability revealed that graphical passwords were easy-to-remember, resulting in a higher number of correct attempts. The proposed method produced 50% higher success rate compared to the text-based method. Findings motivate the use of the proposed method for securing digital assets.

Securing Stored Biometric Template Using Cryptographic Algorithm

The biometric template protection technique provides the security in many authentication applications. Authentication based on biometrics has more advantages over traditional methods such as password and token-based authentication methods. The advantage of any biometric-based authentication system over a traditional one is that the person must physically be present at that place while recognizing him. So, it is essential to secure these biometrics by combining these with cryptography. In the proposed algorithm, the AES algorithm is used for securing the stored and transmitted biometric templates using helping data. The helping data is a variable type of data which is changed at every attempt for registration. The final symmetric key AES algorithm is a combination of helping data and actual symmetric keys of the AES algorithm. The experimental analysis shows that a brute force attack takes a long time to recover the original biometric template from cipher biometric template. So, the proposed technique provides sufficient security to stored biometric templates.

Dynamic Cryptographic Algorithm to Provide Password Authentication using Cued Click Points

Nowadays, password based authentication is one the most common way of authentication for most of the user logins. However, the advancement in technology also posing many threats for the password authentication systems. Everybody will be keen to know others password. But there exists a very few who is very keen to devise a new authentication. In this paper, we have proposed a more advanced password authentication method yet a simple one which gives a tough competition for the attacker to break the password. For this, we are providing a special key-display interface to assist the modified cued click point’s technique which helps in the more sophisticated dynamic authentication method. This interface helps to break the single password into a combination of 4 passwords and also adds three more password strings to the current password which is entered. It also uses a special one way encryption algorithm called Nesting 93 which is developed explicitly for this system. It helps to prevent almost any kind of attacks<strong></strong>.

A password authentication method for remote users based on smart card and biometrics

Das has improved the biometric-based remote user authentication using smart card [13]. This scheme is based on biometric, password, and the random nonce generated by the user and the server. It is very efficient as far as the computational cost is concerned. This scheme however has some security weaknesses such as replay and offline password guessing attacks. In this paper, we present a review of the Das’s scheme and discuss its weaknesses. In this paper, we develop a new scheme that overcomes all its weaknesses.

Proposal for Optical One-time Password Authentication Using Digital Holography

A new optical one-time password (OTP) authentication method using digital holography is proposed, which enhances security strength in the authentication system. A challenge-response optical OTP algorithm based on two-factor authentication is presented using two-step phase-shifting digital holography, and two-way authentication is also performed using challenge-response handshake in both directions. Identification (ID), password (PW), and OTP are encrypted with a shared key by applying phase-shifting digital holography, and these encrypted pieces of information are verified by each party by means of the shared key. The encrypted digital holograms are obtained by Fourier-transform holography and are recorded on a CCD with 256 quantized gray-level intensities. Because the intensity pattern of such an encrypted digital hologram is distributed randomly, it guards against a replay attack and results in higher security level. The proposed method has advantages, in that it does not require a time-synchronized OTP, and can be applied to various authentication applications. Computer experiments show that the proposed method is feasible for high-security OTP authentication.

An image edge based approach for image password encryption

AbstractAuthentication plays a major role in ensuring the security of the system by allowing only the authorized user. The traditional authentication system of using text‐based passwords has many flaws in the aspects of usability and security issues. Hence, graphical passwords, which consist of clicking or dragging activities on the pictures rather than typing textual characters, were introduced to overcome this problem. However, it is found that these graphical passwords are susceptible to brute force and dictionary attack methods. To overcome this drawback, images can be used as password replacing alphanumeric and graphical passwords. The challenge lies in encrypting the image password and storing it in the database. An image edge password encryption (IEPE) algorithm is proposed to encrypt the image passwords based on its edge values. Experimental results are shown to prove that encrypted image passwords using IEPE algorithm requires a less internal storage space when compared with the existing password encryption techniques. It is also shown that IEPE algorithm scales better when compared with the existing text‐based and graphical password authentication methods. Also, IEPE algorithm is shown to resist various password cryptanalytic attacks. Copyright © 2017 John Wiley & Sons, Ltd.

A New Password Authentication Method Based on Fingerprint and Mobile Phone Assistance

A New Password Authentication Method Based on Fingerprint and Mobile Phone Assistance

Harmonized authentication based on ThumbStroke dynamics on touch screen mobile phones

The pervasive and prevalent use of touch screen mobile phones in both work and daily life has generated more and more private and sensitive information on those devices. Accordingly, there is an ever-increasing need to improve the security of mobile phones. Recent advances in mobile user authentication technologies mainly focus on entry-point authentication. Although post-log-in continuous authentication has attracted increasing attention from researchers, none of the previous studies addressed mobile user authentication at both stages simultaneously. In addition, extant authentication systems are subject to the common trade-off between security and usability. To address the above limitations, we propose Harmonized Authentication based on ThumbStroke dynamics (HATS) that supports both entry-point and post-log-in mobile user authentication. HATS integrates password, gesture, keystroke, and touch dynamics-based authentication methods to address the vulnerabilities of individual methods to certain security attacks. Moreover, HATS supports one-handed thumb stroke-based interaction with touch screen mobile phones to improve the usability of authentication systems. We empirically evaluated HATS through controlled lab experiments. The results provide strong evidence that HATS improved both security and usability of mobile user authentication compared with keystroke dynamics based user authentication.

모바일 환경에서 안전한 일회용 패스워드 인증

Abstract With the active Internet e-commerce and the financial sector, mutual authentication between users and service providers has become very important. Because ID- and password-based authentication is of low security, one-time password authentication methods are widely used. The existing one-time password authentication scheme of S/Key authentication method is fraught with a number of issues in addition to plain text transmission, and the method of Kim Gong-ki et al. does not offer suggestions for session key generation and distribution method. Proposed in this paper is a protocol that solves these problems. Key Words : One Time Password, Authentication, Security, Smart Phone, Hash Function Received 1 December 2013, Revised 20 December 2013Accepted 20 December 2013Corresponding Author: Dong-Ryool Kim(Tongmyong University)Email: drkim@tu.ac.krⒸ The Society of Digital Policy & Management. All rights reserved. This is an open-access article distributed under the terms of the Creative Commons Attribution Non-Commercial License (http://creativecommons.otg/licenses/by-nc/3.0), which permits unrestricted non-commercial use, distribution, and reproduction in any medium, provided the original work is ISSN: 1738-1916 properly cited.

Random Board: Password Authentication Method with Tolerance to Video-Recording Attacks

The user authentication is widely used in the automatic teller machines (ATMs) and many Internet services. Recently, the crimes that ATM passwords are stolen using a small charge-coupled device (CCD) cameras have increased. In addition, in the mobile environment, there is a high risk of observation attacks that steal passwords, because many people possess devices such that camera-equipped mobile phones and miniature cameras. In this paper, we propose the authentication methods that are secure against the brute-force and video recording attacks. In the article, a video-recording attack is defined as an attacker's analysis of videos, in which a user's password entry operations are recorded once or twice, in order to obtain the user's password. We propose a basic method and an improved method. In the basic method, a user must provide the correct entry position of each password beforehand. On the other hand, in the improved method, a user does not need to provide any information beforehand, other than the password. The relative security of the two proposed methods is then evaluated.

A Novel Approach For Pass Word Authentication Using Bidirectional Associative Memory

Password authentication is a very important system security procedure to gain access to user resources. In the Traditional password authentication methods a server has check the authenticity of the users. In our proposed method users can freely select their passwords from a predefined character set. They can also use a graphical image as password. The password may be a character or an image it will be converted into binary form and the binary values will be normalized. Associative memories have been used recently for password authentication in order to overcome drawbacks of the traditional password authentication methods. In this paper we proposed a method using Bidirectional Associative Memory algorithm for both alphanumeric (Text) and graphical password. By doing so the amount of security what we provide for the user can be enhanced. This paper along with test results show that converting user password in to Probabilistic values and giving them as input for BAM improves the security of the system