1 / 56

“HYBRID AUTHENTICATION SCHEMES”

Jawaharlal Nehru National College of Engineering, Shimoga – 577204 Department of Computer Science & Engineering. Technical Seminar on,. “HYBRID AUTHENTICATION SCHEMES”. Presented By Bhavatarini.N 1 st semester, M.Tech . Coordinator, Dr. R Sanjeev Kunte B.E., M.Tech ., Ph.D

ilori
Download Presentation

“HYBRID AUTHENTICATION SCHEMES”

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Jawaharlal Nehru National College of Engineering, Shimoga – 577204 Department of Computer Science & Engineering Technical Seminar on, “HYBRID AUTHENTICATION SCHEMES” Presented By Bhavatarini.N 1st semester, M.Tech. Coordinator, Dr. R SanjeevKunteB.E., M.Tech., Ph.D Professor. Dept. of CS&E,JNNCE • Under the guidance of, • Mrs. SowmyaDB.E., M.Tech., • Asst. Prof. • Dept. of CS&E,JNNCE

  2. ABSTRACT Authentication is basic step of information security. Textual passwords used to authenticate are prone to eves dropping, dictionary attacks, etc. Graphical passwords are believed to be more secure than textual passwords, but they are also susceptible for many attacks such as shoulder surfing. To solve this problem, text can be combined with images or colors to generate session passwords for authentication, or one or more authentication schemes may be combined forming hybrid authentication schemes, which provide more security, reliability than traditional schemes.

  3. CONTENTS • Password • Authentication • Graphical passwords • Classification of graphical passwords • Hybrid authentication schemes

  4. Password

  5. Password Ideal Password> Required for authenticating in order to provide access to something(resource, object). PASSWORD AUTHENTICATION PROVIDE ACCESS

  6. <Password Ideal Password Authentication> IDEAL PASSWORD

  7. Authentication

  8. <Authentication Classifications Drawbacks> Classifications Of Authentication Methods

  9. <Classifications Drawbacks Graphical Passwords> Drawbacks • Biometric • Expensive • Increases login time. • Entire device may become useless incase of a surgery or an accident changing the biometric feature. • Alphanumeric • Easily remembered or difficult to guess but not both. • Vulnerable to shoulder surfing.

  10. Graphical Passwords

  11. <Graphical Passwords Graphical Passwords Graphical passwords> An authentication system that works by having the user select from images, in a specific order, presented in a graphical user interface (GUI). Also called as graphical user authentication (GUA)

  12. <Graphical Passwords Graphical Passwords Hierarchy of Graphical passwords> • It is Promising alternative to conventional password based authentication systems. • Uses pictures instead of textual alternative. • Easier to remember • User friendly • Increases the level of security

  13. <Graphical Passwords Hierarchy of Graphical Passwords Recall Based Systems>

  14. Recall Based Systems

  15. <Recall Based Systems DAS algorithm Disadvantages> Draw-a-Secret (DAS) Algorithm (2,2), (3,2), (3,3), (2,3), (2,2), (2,1), (5, 5)

  16. <DAS algorithm Disadvantages Cued Recall Based Systems> • User finds difficulty in recalling the stroke order • Weak passwords are susceptible to graphical dictionary attack. • Susceptible to shoulder surfing and guessing attack. Disadvantages

  17. Cued Recall Based Systems

  18. <Cued Recall Based Systems Blonder Algorithm Blonder Algorithm> • Password is created by having the user click on several locations on an image. • The image can assist users to recall their passwords • Prone to guessing attack Blonder Algorithm

  19. <Blonder Algorithm Blonder Algorithm Recognition Based Technique> Disadvantages : password space is relatively small

  20. Recognition Based Technique

  21. <Recognition Based Technique Recognition Based Technique Dharmija and Perrig Technique > Recognition is easier than recall. “I know you but I forgot your name”

  22. <Recognition Based Technique Dharmija and Perrig Technique Passface algorithm > Dhamija and Perrig Technique Disadvantage: prone to shoulder surfing.

  23. <Shoulder-Surfing Passface Algorithm Hybrid Authentication > Passface Algorithm

  24. Technique is based on the assumption that people can recall human faces easier than other pictures. • Disadvantages : • requires more time • Some obvious patterns were found • Prone to shoulder surfing and guessing attacks

  25. Hybrid Authentication Schemes

  26. <Hybrid Authentication Hybrid Authentication Pair Based Authentication> Combination of • two or more authentication scheme • Shape ,colors and text • Used in Personal digital assistants (PDA) • Used to provide secure authentication during E-transaction Hybrid Authentication Scheme

  27. Pair Based Authentication Scheme

  28. <Pair Based Authentication Pair Based Authentication Hybrid Textual Authentication> Pair based authentication scheme Login:

  29. <Pair Based Authentication Pair Based Authentication Hybrid Textual Authentication> Example: STEP 1: If the password considered is SACHIN46 STEP 2: Consider the password selected in pairs. SACHIN46 STEP 3: Search for the letter which is in the intersection of the pair of letters, considering the row of first letter and column of second letter

  30. <Pair Based Authentication Pair Based Authentication Hybrid Textual Authentication> SACHIN46 Login:

  31. <Pair Based Authentication Pair Based Authentication Hybrid Textual Authentication> Login: LPV2

  32. Hybrid Textual Authentication Scheme

  33. <Hybrid Textual Authentication Hybrid Textual Authentication Hybrid Textual Authentication> • Registration phase • Enter the username • Rate the colors

  34. <Hybrid Textual Authentication Hybrid Textual Authentication Secure E-transaction> Login:

  35. <Hybrid Textual Authentication Hybrid Textual Authentication Secure E-transaction> Login: 5

  36. Hybrid Authentication Scheme For Secure E-transaction

  37. <Secure E-transaction Secure E-transaction Registration Algorithm> • 3 step process • Resistant to phishing attack, shoulder surfing and guessing attacks. • Used to provide secured and reliable authentication procedure for E-Transactions. Hybrid Authentication Scheme For Secure E-Transaction

  38. <Secure E-Transaction Registration Algorithm Registration Algorithm> Registration algorithm 1. Enter Username (Ur) (If exists Enter New Username) {Ur: It is a set of characters.} 2. Now user selects the desired text password (Tr). {Tr: It is a set alphabets, characters and etc.} 3. Draw a Secret (DASr) for producing recall based password. {DASr: It is combination of Dot Pattern produce by user.}

  39. <Registration Algorithm Registration Algorithm Authentication Algorithm> 4. User selects the images (Ir) from the various categories of images for recognition based password. {Ir: It is a set of images selected for authentication by user in a definite order} 5. Registration complete.

  40. <Registration Algorithm Authentication Algorithm Authentication Algorithm> Authentication algorithms 1. Enter Username (Ua) (If not valid enter valid username.) {Ua: It is the username given during registration.} 2. Now user enters the text password (Ta). (If not verified enter valid text password) {Ta: Text password selected during registration.} 3. Draw the DASa. {DASa: It is combination of Dot Pattern produced by the user during registration.}

  41. <Authentication Algorithm Authentication Algorithm Based On Shape And Text> 4. Selects the images (Ia) from the various categories of images for recognition based password. {Ia: It is a set of images selected during registration by user in a definite order.} 5. If successful then, 6. Authentication Complete

  42. A Hybrid Password Authentication Scheme Based On Shape And Text

  43. <Based On Shape And Text Basic Idea Notations> BASIC IDEA • Map the shape from strokes and grids to text. Strokes and grid Text Shape

  44. <Basic Idea Notations Password Set Interface> Notations • U: The set of elements appeared in the grid in the interface. • V: Input passwords vector, which consists of elements in U. • |V|: Size of the V. It also represents the length of the input passwords, or the strokes’ size. • g: the size of the grid. • S: Shape of the password. • |S|: Number of strokes of the password

  45. <Notations Password Set Interface Password Set Procedure> Password Set Interface

  46. <Password Set Interface Password Set Procedure Original Stroke> Password Set Procedure

  47. <Password Set Procedure Original Stroke Different Input Style> Original Stroke On The Interface

  48. <Original Stroke Different Input Style Security Analysis> Different input style

  49. Security Analysis

  50. <Security Analysis Brute Force Attack Dictionary Attack> Brute Force Attack • Produces every combination of password • Text based passwords contain 94 ˄N number of space where 94->number of printable characters , N -> length • Almost proven successful against text passwords • Hybrid authentication schemes are resistant to brute force attack.

More Related