Presentation is loading. Please wait.

Presentation is loading. Please wait.

Process by which a system verifies the identity of a user wishes to access it. Authentication is essential for effective security.

Published byHarry Boyd Modified over 9 years ago

Similar presentations

Presentation on theme: "Process by which a system verifies the identity of a user wishes to access it. Authentication is essential for effective security."— Presentation transcript:

1

2 Process by which a system verifies the identity of a user wishes to access it. Authentication is essential for effective security

3 Methods used for authentication o Textual passwords o Graphical passwords o Session passwords

4 Common Method: o textual passwords Alternative techniques: o graphical passwords o biometrics New authentication schemes: o session passwords

5 Dhamija and perig proposed a graphical authentication schema to identify the predefined images. User selects a random number of pictures. Identify the pre selected images for authentication.

6 Passface technique:- The user has to choose four images of human faces from a face database as their future password. User selects a human face. In the authentication stage, the user gets a grid of nine faces, consisting of one face previously chosen by the user and eight decoy faces.

7

8

9 Syukir developed a technique where the authentication is done by drawing user signature using mouse. » Registration phage » Verification phage At the time of registration the user draw his signature with the mouse. In the verification stage it takes the user signature as the input and verify it.

10 » Dictionary attacks » Shoulder surfing » Forgery

11 New authentication schemes: o Pair based o Hybrid textual

12 Authentication technique consist of 3 phases:  Registration phase: user enters his password  Login phase: the user has enter the password based on the interface displayed on the screen  Verification phase

13 Login interface

14 Intersection letter for the pair AN

15 Rating of colors by the user

16 Password:3573 Depending on the rating given to colors, we get session password Login interface

17 SECURITY ANALYSIS  Dictionary attack  A simple dictionary attack is by far the fastest way to break into a machine.  A dictionary file (a text file full of dictionary words) is loaded into a cracking application(such as L0phtCrack), which is run against user accounts located by the application.  Because the majority of passwords are often simplistic, running a dictionary attack is often sufficient to the job.

18 Brute Force Attack Brute Force Attack is the most widely known password cracking method. It based on attempts to use every possible character combination as a potential password. The number of possible combinations (and therefore required time) grows rapidly as the length of the password increases.

19 Phishing :- It is typically carried out by e-mail spoofinge-mailspoofing or instant messaging, and it often directs users to enter details at a fake websiteinstant messaging whose look and feel are almost identical tolook and feel the legitimate one. Phishing is an example of social engineering techniques used tosocial engineering deceive users, and exploits the poor usability of current web security technologies.

20 REQUIREMENTS HARDWARE SPECIFICATION – Processor : Intel Pentium IV, 2GHz – RAM : 512MB – Hard Disk Capacity : 40GB – Keyboard : Standard 104 keys – Mouse : Standard 3 Button – DVD/CD ROM : LG DVD RAM SOFTWARE SPECIFICATION – Operating System : Win XP and Above – Database : SQL Server 2008 – System Architecture :.NET Framework Programming Language : PHP

21 Two authentication techniques based on text and colors are proposed. Techniques generate session passwords and are resistant to dictionary attack, shoulder surfing. In Pair based during login time on the grid displayed a session password is generated. In hybrid textual scheme rating should be given to colors. Schemes are completely new to the users and the proposed authentication techniques should be verified extensively for usability and effectiveness.

22 [1] R. Dhamija, and A. Perrig. “Déjà Vu: A User Study Using Images for Authentication”. In 9th USENIX Security Symposium, 2000. [2] Real User Corporation: Passfaces. www.passfaces.comwww.passfaces.com [3] X. Suo, Y. Zhu and G. Owen, “Graphical Passwords: A Survey”. In Proc. ACSAC'05. [4] Z. Zheng, X. Liu, L. Yin, Z. Liu “A Hybrid password authentication scheme based on shape and Text” Journal of Computers, vol.5, no.5 May 2010.

23

24

Download ppt "Process by which a system verifies the identity of a user wishes to access it. Authentication is essential for effective security."

Similar presentations

WEB USAGE MINING FRAMEWORK FOR MINING EVOLVING USER PROFILES IN DYNAMIC WEBSITE DONE BY: AYESHA NUSRATH 07L51A0517 FIRDOUSE AFREEN 07L51A0522.

WEB USAGE MINING FRAMEWORK FOR MINING EVOLVING USER PROFILES IN DYNAMIC WEBSITE DONE BY: AYESHA NUSRATH 07L51A0517 FIRDOUSE AFREEN 07L51A0522.
Mr Greenhalgh S4 Computing Int 1 Things you could do with knowing before the Exam…

Mr Greenhalgh S4 Computing Int 1 Things you could do with knowing before the Exam…
Phishing Scams use spoofed emails and websites as lures to prompt people to voluntarily hand over sensitive information Phishing emails may contain.

Phishing Scams use spoofed s and websites as lures to prompt people to voluntarily hand over sensitive information Phishing s may contain.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
COMPUTER APPLICATIONS Mr. Toscano Computer Concepts Lesson Objectives Students are introduced to the differences between computer software and computer.

COMPUTER APPLICATIONS Mr. Toscano Computer Concepts Lesson Objectives Students are introduced to the differences between computer software and computer.
Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.

Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.
3d ..

3d ..
3D-password A more secured authentication G.Suresh babu Roll no:08H71A05C2 Computer science & engineering Mic college of technology Guide:Mrs A.Jaya Lakshmi.

3D-password A more secured authentication G.Suresh babu Roll no:08H71A05C2 Computer science & engineering Mic college of technology Guide:Mrs A.Jaya Lakshmi.
Chapter 3 Passwords Principals Authenticate to systems.

Chapter 3 Passwords Principals Authenticate to systems.
Lesson 5-Accessing Networks. Overview Introduction to Windows XP Professional. Introduction to Novell Client. Introduction to Red Hat Linux workstation.

Lesson 5-Accessing Networks. Overview Introduction to Windows XP Professional. Introduction to Novell Client. Introduction to Red Hat Linux workstation.
Delayed Password Disclosure Mutual Authentication to Fight Phishing Steve Myers Indiana University, Bloomington Joint work with: Markus Jakobsson Indiana.

Delayed Password Disclosure Mutual Authentication to Fight Phishing Steve Myers Indiana University, Bloomington Joint work with: Markus Jakobsson Indiana.
Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.

Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.
 Contents 1.Introduction about operating system. 2. What is 32 bit and 64 bit operating system. 3. File systems. 4. Minimum requirement for Windows 7.

 Contents 1.Introduction about operating system. 2. What is 32 bit and 64 bit operating system. 3. File systems. 4. Minimum requirement for Windows 7.
INTRUSION DETECTION SYSTEM

INTRUSION DETECTION SYSTEM
Presented By: Shashank Bhadauriya Varun Singh Shakti Suman.

Presented By: Shashank Bhadauriya Varun Singh Shakti Suman.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.

Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
IOTA Improved Design and Implementation of a Modular and Extensible Website Framework Andrew Hamilton – TJHSST Computer Systems Lab 2008-2009 Abstract.

IOTA Improved Design and Implementation of a Modular and Extensible Website Framework Andrew Hamilton – TJHSST Computer Systems Lab Abstract.
Abstract Provable data possession (PDP) is a probabilistic proof technique for cloud service providers (CSPs) to prove the clients' data integrity without.

Abstract Provable data possession (PDP) is a probabilistic proof technique for cloud service providers (CSPs) to prove the clients' data integrity without.
E XPLORING USABILITY EFFECTS OF INCREASING SECURITY IN CLICK - BASED GRAPHICAL PASSWORDS Elizabeth StobertElizabeth Stobert, Alain Forget, Sonia Chiasson,

E XPLORING USABILITY EFFECTS OF INCREASING SECURITY IN CLICK - BASED GRAPHICAL PASSWORDS Elizabeth StobertElizabeth Stobert, Alain Forget, Sonia Chiasson,

Similar presentations

Ads by Google