An Overview on Authentication Approaches and Their Usability in Conjunction with Internet and Mobile Applications (original) (raw)
Related papers
Authentication systems: A literature review and classification
One of the most important parts of any system is authentication. Appreciated as the first and the last line of defense in the great majority of cases, authentication systems can usually prevent the kleptomaniac from unauthorized accessing to users' data. However, the traditional text-based password is still used in many websites and applications which are vulnerable to different kinds of attacks. Accordingly, there exist some other alternative ways to boost this traditional method. In this study, we classified and identified different types of authentication systems in a variety of platforms. Their usage, similarity, usability, performance and drawbacks were discussed. The goal of this study is to provide useful, classified information with the aim of understanding of how different authentication systems work and of what their usability and drawbacks are to the readers.
A Review on Authentication Methods
HAL (Le Centre pour la Communication Scientifique Directe), 2013
The Internet has consolidated itself as a very powerful platform that has changed the communication and business transactions. Now, the number of users navigating through the Internet is more than 2.4 billions. This large audience demands online commerce, knowledge sharing, social networks etc., which grew exponentially over the past few years. Thus, it leads to the need for security and enhanced privacy. In recent days, fraud over the Internet constitutes one of the main drawbacks for the widespread of the use of commercial applications. Therefore, the three vital security issues take place every day in our world of transparent fashion, more precisely: identification, authentication and authorisation. An identification is a process that enables recognition of an entity, which may be either a human, a machine, or another asset such as a software programme. In security systems, authentication and authorisation are two complementary mechanisms for determining who can access the information resources over a network. Many solutions have been proposed in the literature, from a simple password to recent technologies based on RFID (Radio Frequency IDentification) or biometrics (Mahier et al., 2008). This paper provides an overview on existing authentication methods, and its pros and cons when designing an online service.
A Study of Various Passwords Authentication Techniques
2015
Information and computer security is supported by passwords. Password is the principal part of authentication process. The traditional authentication method is to use text-based password which is also called alphanumeric password. But it has significant drawbacks. So to overcome vulnerabilities of this traditional password scheme a graphical password scheme is developed. But major drawback of graphical scheme is it is vulnerable to shoulder surfing attack and also sometimes to spyware attack. So alternative technique to graphical password a Captcha technique is developed. The major advantage of Captcha is that it can not be identified by bots. Captcha gives the protection from unwanted bots. Also there are some limitations of Captcha, and to overcome those after Captcha for more robust security a new technique is developed which is CaRP (Captcha as gRaphical Passwords).This paper will explore all the passwords techniques for security. General Terms Information Security, Password Tec...
IJERT-An Enhanced Authentication Protocol Resistant to Password Stealing and Reuse Attack
International Journal of Engineering Research and Technology (IJERT), 2014
https://www.ijert.org/an-enhanced-authentication-protocol-resistant-to-password-stealing-and-reuse-attack https://www.ijert.org/research/an-enhanced-authentication-protocol-resistant-to-password-stealing-and-reuse-attack-IJERTV3IS061302.pdf With the fast propagation of time, most of the activities are now available on internet. In this environment, users have to be authenticated before to being granted access to sensitive contents. Password is the predominant tool which protects data and keeps information digitally safe. It is been seen that text password stays popular than the other forms of passwords due to its simplicity and convenience. Therefore, it can be easily stolen and misused under different vulnerabilities such as hacking, identity theft, Cyber stalking and website cloning. Users are likely to choose weak passwords and reuse the password for various websites. In this case if one password is revealed, it can be used for all other websites. This is called as the Domino Effect. Another issue is when a person enters his/her password into an untrusted computer; the adversary can steal password by launching attacks such as phishing, malware and key loggers etc. In this paper, we propose a simple approach which allows a client to counter such attacks by separately entering a long-term secret used to generate one-time password for each login session on all websites through an independent personal trusted device such as a cell phone, which provides two-factor authentication. Along with this, system requires each participating website possesses a user's unique cell phone number and involves telecommunication services in registration and recovery phases.
EFFECTIVENESS OF VARIOUS USER AUTHENTICATION TECHNIQUES
IAEME PUBLICATION, 2014
Text passwords are the most popular form of user authentication on the internet due to simplicity of the passwords. The internet users are required to remember many passwords to access their online accounts. These user passwords are prone to be stolen and compromised under different vulnerabilities. Passwords are compromised due to its simplicity of the passwords; the user select weak password that are easier to remember. The end users are not much concerned about the security issues and that’s why they go for simple passwords. This makes the textual passwords easy to break and vulnerable to dictionary or brute force attacks. Many password based schemes with smart cards, graphical passwords and biometrics have been proposed; each scheme has its merits and demerits. In this paper, we analyzed and compared some of the user authentication mechanisms that are commonly used.
IJERT-Survey of Existing Authentication Systems
International Journal of Engineering Research and Technology (IJERT), 2014
https://www.ijert.org/survey-of-existing-authentication-systems https://www.ijert.org/research/survey-of-existing-authentication-systems-IJERTV3IS030800.pdf In last few decades large technology development raised new needs. Financial sector has no exception. People are approaching all over the world to fulfill their dreams. Any sector needs to understand changing need of customer. Recently, with the awareness of businessmen and consumers and the development of mobile technologies, the potential use of mobile devices in financial applications such as banking and stock trading has seen a rapid increase. However, the security challenges being faced are diverse and increasing in number because of huge amount of money flowing across the mobiles. The aim of this work is to provide a secure environment in terms of security for transaction by various ways. But due to many security flaws these schemes are not feasible for real-life implementation. In this project we focus on mobile banking and explore different ways to make authentications more secure as means to improve the security of communication in various channels for any intrusion by the hackers.
A New Advanced User Authentication and Confidentiality Security Service
International Journal of Computer Applications
Network & internet security is the burning question of today’s world and they are deeply related to each other for secure successful data transmission. Network security approach is totally based on the concept of network security services. In this paper, a new system of network security service is implemented which is more secure than conventional network security services. This technique is mainly deals with two essential network security services, one is user authentication and other is data confidentiality. For user authentication this paper introduces ‘Graphical Username’ & ‘Voice Password’ approaches which provides better security than conventional ‘username ‘& ‘password’ authentication process. In data confidentiality section this paper introduces two layer private key for both message encryption & decryption which is mainly applicable on 8 bit plain text data. This paper also provides the hints of introducing other two network security services (integrity and non-repudiation)...
Stronger authentication for password credential Internet Services
2017 Third International Conference on Mobile and Secure Services (MobiSecServ), 2017
Most Web and other on-line service providers ("Internet Services") only support legacy ID (or email) and password (ID/PW) credential authentication. However, there are numerous vulnerabilities concerning ID/PW credentials. Scholars and the industry have proposed several improved security solutions, such as MFA, however most of the Internet Services have refused to adopt these solutions. Mobile phones are much more sensitive to these vulnerabilities (so this paper focuses on mobile phones). Many users take advantage of password managers, to keep track of all their Internet Service profiles. However, the Internet Service profiles found in password managers, are normally kept on the PC or mobile phone's disk, in an encrypted form. Our first contribution is a design guideline, whereby the Internet Service profiles never need to touch the client's disk. Most users would benefit, if they had the ability to use MFA, to login to a legacy Internet Service, which only supports ID/PW credential authentication. Our second contribution is a design guideline, whereby users can choose, for each legacy ID/PW Internet Service, which specific MFA they wish to use. We have also presenting conceptual design guidelines, showing that both of our contributions are minor changes to existing password managers, which can be implemented easily with low overhead.
A Survey on Different Authentication Schemes for Session Passwords
To provide the security mainly authentication and authorisation is given to the system. For that purpose mostly textual passwords are being used. Now day’s graphical passwords are also available. The password schemes those are being used by now Days are mostly textual password and the graphical password (pattern matching), textual passwords are vulnerable to eves dropping, dictionary attacks, social engineering and shoulder surfing. Graphical passwords are introduced as alternative techniques to textual passwords. But Most of the graphical schemes are vulnerable to shoulder surfing. This paper shows the study of the available authentication schemes for session password.
A Survey of Password Attacks and Comparative Analysis on Methods for Secure Authentication
World Applied Sciences Journal, 2012
Passwords play an important role in daily life in various computing applications like ATM machines, internet services, windows login, authentication in mobiles etc. The major aim for using passwords is to restrict unauthorized users to access the system. Passwords are necessary but, still they are not considered much safe to provide the security to the users because of many flaws in the conventional password systems. A large number of attacks on many systems are related to the passwords. This paper describes password attacks and comparative analysis of different authentication methods for awareness of attacks and selection of authentication method in a particular scenario.