[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1145/2998476.2998484acmotherconferencesArticle/Chapter ViewAbstractPublication PagescomputeConference Proceedingsconference-collections
research-article

Three Steps Secure Login: A systematic approach

Published: 21 October 2016 Publication History

Abstract

Generally, user authentication performs through user's Id and password. In this process, user id remains visible and password remains secret. But through shoulder surfing and other attacks, the password can also be traced due to exact password characters are typed or marked by users during login. To counter this vulnerability of tracing password, we propose a novel login method that does not reveal the user-id/password even if keylogging traces the typed keyboard's characters. We also do a security analysis to show that proposed mechanism is able to withstand a number of attacks and also mitigates some of the attacks. We also do a usability survey to show its feasibility among real-time users without compromising any security features.

References

[1]
Web hacking incident database (July 18 2014), https://www.google.com/fusiontables/data?docid=1PqKeOdhn14po2MY31Knz1nJ48Qk7uVCJcIqFg"#'summary:id= 35
[2]
Anderson, R.: Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley India Pvt. Ltd., India, second edition edn. (2008)
[3]
Bock, J.T.: Visual authentication. Project Defence 2 (1996)
[4]
Chakraborty, N., Mondal, S.: Color pass: An intelligent user interface to resist shoulder surfing attack. In: Students' Technology Symposium (TechSym). pp. 13--18. IEEE (2014)
[5]
Devi, D. Surya, e.a.: Generating session password using text and color to prevent shoulder surfing. In: Procedia Engineering. pp. 1309--1317. Elsevier (2012)
[6]
Gowraj, Narayan, e.a.: Safe: Shoulder-surfing attack filibustered with ease. In: Dependable Systems and Networks Workshop (DSN-W). pp. 1--7. IEEE (2013)
[7]
Huang, Yao-Wen, e.a.: Web application security assessment by fault injection and behavior monitoring. In: Proceedings of the 12th international conference on World Wide Web. pp. 148--159. ACM (2003)
[8]
Kassner, M.: Userids and password are equally important for access security (2010), http://www.techrepublic.com/blog/it-security/user-ids-and-passwords-equally-important-for-access-security/
[9]
Lee, M.K.: Security notions and advanced method for human shoulder-surfing resistant pin-entry. Information Forensics and Security pp. 695--708 (2014), IEEE
[10]
Lei, Ming, e.a.: A virtual password scheme to protect passwords." communications. In: ICC'08. IEEE International Conference on. pp. 1536--1540. IEEE (2008)
[11]
Lei, Ming, e.a.: Virtual password using random linear functions for on-line services, atm machines, and pervasive computing. Computer Communications pp. 4367--4375 (2008)
[12]
LLC, P.I.: The sql injection threat study. Research report, Ponemon Institute (April 2014)
[13]
Perkovi, Toni, M.a., Saxena., N.: Shoulder-surfing safe login in a partially observable attacker model. In: Financial Cryptography and Data Security. Springer Berlin Heidelberg. pp. 351--358. Springer (2010)
[14]
Raza, Mudassar, e.a.: A survey of password attacks and comparative analysis on methods for secure authentication. World Applied Sciences Journal 19, 439--444(2012)
[15]
Roth, V., Richter, K.: How to fend off shoulder surfing. Journal of Banking & Finance, Elsevier 30, 1727--1751 (2006)
[16]
Sharma, Anand, e.a.: Password based authentication: Philosophical survey. In: Intelligent Computing and Intelligent Systems (ICIS). vol. 3, pp. 619--622. IEEE (2010)
[17]
Shi, Peipei, B.Z., Youssef, A.: A rotary pin entry scheme resilient to shoulder-surfing. In: Internet Technology and Secured Transactions. pp. 1--7. IEEE (2009)
[18]
Stallings, W.: CRYPTOGRAPHY AND NETWORK SECURITY PRINCIPLES AND PRACTICE. Prentice hall, fifth edn. (2011)
[19]
Tari, Furkan, A.O., Holden, S.H.: A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords. In: Proceedings of the second symposium on Usable privacy and security. pp. 56--66. ACM (2006)
[20]
Wilfong, G.T.: Method and apparatus for secure pin entry (1999)
[21]
Xiao, Yang, e.a.: Secret little functions and codebook for protecting users from password theft. In: Communications, 2008. ICC'08. IEEE International Conference on. pp. 15251529. IEEE (2008)

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences
COMPUTE '16: Proceedings of the 9th Annual ACM India Conference
October 2016
178 pages
ISBN:9781450348089
DOI:10.1145/2998476
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 October 2016

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. SQL injection
  2. authentication
  3. keylogging
  4. shoulder surfing
  5. usability
  6. web-login

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Conference

ACM COMPUTE '16
ACM COMPUTE '16: Ninth Annual ACM India Conference
October 21 - 23, 2016
Gandhinagar, India

Acceptance Rates

COMPUTE '16 Paper Acceptance Rate 22 of 117 submissions, 19%;
Overall Acceptance Rate 114 of 622 submissions, 18%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • 0
    Total Citations
  • 187
    Total Downloads
  • Downloads (Last 12 months)6
  • Downloads (Last 6 weeks)1
Reflects downloads up to 28 Dec 2024

Other Metrics

Citations

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media