Dual-Stage Biometrics-Based Password Authentication Scheme Using Smart Cards
TL;DR: A dual-stage biometrics-based authentication mechanism using smart card that exploits two servers for authentication and the analysis results show that the proposed scheme is secure than the conventional schemes with negligible computational complexity.
Abstract: This paper proposes a dual-stage biometrics-based authentication mechanism using smart card. It is considered the improvement over the conventional single-stage biometrics-based authentication mechanism, which exploits only one server for authentication, whereas the proposed scheme exploits two servers. The user authentication is performed in one server and hence it is called an authentication server. The credentials of the authentication server are stored in the second server, called the master server. The master server facilitates the authentication by providing required credentials to the authentication server. Both the security analysis and complexity analysis are conducted between the proposed and the conventional schemes. The analysis results show that the proposed scheme is secure than the conventional schemes with negligible computational complexity.
Citations
More filters
26 Sep 2019
TL;DR: A novel algorithm is proposed to authenticate the legal users based on the empirical threshold values and can be a useful resource for identifying illegal invasion and is valuable in securing the system as a correlative or substitute form of client validation.
Abstract: Through the application of a password-based authentication technique, users are granted permission to access a secure system when the username and password matches with that logged in database of the system. Furthermore, anyone who provides the correct username and password of a valid user will be able to log in to the secure network. In current circumstances, impostors can hack the system to obtain a user’s password, while it has also been easy to find out a person’s private password. Thus, the existing structure is exceptionally flawed. One way to strengthen the password-based authentication technique, is by keystroke dynamics. In the proposed keystroke dynamics based authentication system, despite the password match, the similarity between the typing pattern of the typed password and password samples in the training database are verified. The timing features of the user’s keystroke dynamics are collected to calculate the threshold values. In this paper, a novel algorithm is proposed to authenticate the legal users based on the empirical threshold values. The first step involves the extraction of timing features from the typed password samples. The password training database for each user is constructed using the extracted features. Moreover, the empirical threshold limits are calculated from the timing features in the database. The second step involves user authentication by applying these threshold values. The Journal of ICT, 18, No. 4 (October) 2019, pp: 383-413 384 experimental analyses are carried out in MATLAB simulation, and the results indicate a significant reduction in false rejection rate and false acceptance rate. The proposed methodology yields very low equal error rate of 0.5% and the authentication accuracy of 99.5%, which are considered suitable and efficient for real-time implementation. The proposed method can be a useful resource for identifying illegal invasion and is valuable in securing the system as a correlative or substitute form of client validation.
6 citations
Additional excerpts
...…or behavioral trademark such as face, speech, fingerprint, eye iris, signature and voice (Albashish, Sahran, Abdullah, Alweshah, & Adam, 2018; Boopathi & Aramudhan, 2017; Kaewwit, Lursinsap, & Sophatsathit, 2017; Mohamed, Zainudin, Sulaiman, Perumal, & Mustapha, 2018; Odei-Lartey et al.,…...
[...]
TL;DR: This paper provides multiple security checks in three steps to form a strong authentication and authorization framework for electronic devices other than smart phones that needs greater level of safety from attackers.
Abstract: The global use of smart electronic devices has given rise to new security and privacy concerns. The attacker can launch any security attacks by using a person's Smartphone which can threaten the se...
3 citations
04 Jan 2020
TL;DR: Experimental results show that the proposed keystroke dynamics approach used in augmenting password security emerged to be superior as compared to existing customary distance metrics.
Abstract: Web security is a critical aspect for many web-based applications, along its research track, keystroke dynamics techniques have attracted broad interests due to their high efficiency in security. In this paper, the aim was to come out with a keystroke login system that overcomes the typical challenges associated with keystroke dynamics and improves on password security but with focus on irritability nature of keystroke dynamics based systems. Specifically, we proposed two stages user matching method, training/enrolment phase of users and authenticating registered users with previously stored data. Furthermore, the proposed algorithm added dwell, flight times and multiplied by the locate time to get the upper and lower bounds. Moreover, the uniform Original Research Article Osei et al.; AJRCOS, 4(4): 1-26, 2019; Article no.AJRCOS.53624 2 differences between the bound timings were calculated to further enhance security. Experimental results show that the proposed keystroke dynamics approach used in augmenting password security emerged to be superior as compared to existing customary distance metrics.
2 citations
Cites background from "Dual-Stage Biometrics-Based Passwor..."
...Biometrics use unique personal traits to identify and authenticate users into a system whether being a physical or behavioural feature [13,14,15]....
[...]
TL;DR: The proposed keystroke dynamics-based authentication method can be valuable in securing the system protection as a correlative or substitute form of client validation and as a useful resource for identifying the illegal invasion.
Abstract: In a password-based authentication technique, whenever the typed password and username matches the system database, the secure login page allows the client to access it. Despite the password matching, the proposed method checks the similarity between the typing rhythm of entered password and the rhythm of password samples in client's database. In this paper, a novel algorithmic procedure is presented to authenticate the legal client based on empirical threshold values obtained from the timing information of the client's keystroke dynamics. The exploratory outcomes demonstrate an impressive diminish in both false rejection rate and false acceptance rate. Equal error rate and authentication accuracy are also assessed to show the superiority and robustness of the method. Therefore, the proposed keystroke dynamics-based authentication method can be valuable in securing the system protection as a correlative or substitute form of client validation and as a useful resource for identifying the illegal invasion.
References
More filters
TL;DR: A method of user password authentication is described which is secure even if an intruder can read the system's data, and can tamper with or eavesdrop on the communication between the user and the system.
Abstract: A method of user password authentication is described which is secure even if an intruder can read the system's data, and can tamper with or eavesdrop on the communication between the user and the system. The method assumes a secure one-way encryption function and can be implemented with a microcomputer in the user's terminal.
2,874 citations
"Dual-Stage Biometrics-Based Passwor..." refers background in this paper
...Since its introduction in 1981 (Lamport 1981), it has gained good interest from researchers in the last decade (Choo, Boyd, and Hitchcock 2006; Lee, Hwang, and Liao 2006; Huang et al. 2011; Lu et al. 2012; Martinez-Diaz, Fierrez, and Galbally 2013; Saxena and Chaudhari 2014)....
[...]
TL;DR: In this paper, the authors examined the noise characteristics of the power signals and developed an approach to model the signal-to-noise ratio (SNR) using a multiple-bit attack.
Abstract: This paper examines how monitoring power consumption signals might breach smart-card security. Both simple power analysis and differential power analysis attacks are investigated. The theory behind these attacks is reviewed. Then, we concentrate on showing how power analysis theory can be applied to attack an actual smart card. We examine the noise characteristics of the power signals and develop an approach to model the signal-to-noise ratio (SNR). We show how this SNR can be significantly improved using a multiple-bit attack. Experimental results against a smart-card implementation of the Data Encryption Standard demonstrate the effectiveness of our multiple-bit attack. Potential countermeasures to these attacks are also discussed.
1,554 citations
TL;DR: This work provides mutual authentication between the user and the server and achieves more functionality and requires much less computational cost than other smart card-based schemes.
474 citations
"Dual-Stage Biometrics-Based Passwor..." refers background in this paper
...Since then, the smart-card-based authentication mechanism has gained much interest among the researchers (Chien, Jan, and Tseng 2002) because it has been found as more robust than the sole password-based authentication mechanism (Ku and Chen 2004)....
[...]
Book•
01 Jan 2001
TL;DR: This book explains the basic methods of modern cryptography and is written for readers with only basic mathematical knowledge that are interested in modern cryptographic algorithms and their mathematical foundation.
Abstract: From the Publisher:
Cryptography is a key technology in electronic key systems. It is used to keep data secret, digitally sign documents, access control, etc. Therefore, users should not only know how its techniques work, but they must also be able to estimate their efficiency and security. Based on courses taught by the author, this book explains the basic methods of modern cryptography. It is written for readers with only basic mathematical knowledge that are interested in modern cryptographic algorithms and their mathematical foundation.
385 citations
TL;DR: The present study makes the first step towards understanding the underlying evaluation metric for anonymous two-factor authentication, which is believed to facilitate better design of anonymousTwo-factor protocols that offer acceptable trade-offs among usability, security and privacy.
Abstract: Despite two decades of intensive research, it remains a challenge to design a practical anonymous two-factor authentication scheme, for the designers are confronted with an impressive list of security requirements (e.g., resistance to smart card loss attack) and desirable attributes (e.g., local password update). Numerous solutions have been proposed, yet most of them are shortly found either unable to satisfy some critical security requirements or short of a few important features. To overcome this unsatisfactory situation, researchers often work around it in hopes of a new proposal (but no one has succeeded so far), while paying little attention to the fundamental question: whether or not there are inherent limitations that prevent us from designing an “ideal” scheme that satisfies all the desirable goals? In this work, we aim to provide a definite answer to this question. We first revisit two foremost proposals, i.e. Tsai et al.’s scheme and Li’s scheme, revealing some subtleties and challenges in designing such schemes. Then, we systematically explore the inherent conflicts and unavoidable trade-offs among the design criteria. Our results indicate that, under the current widely accepted adversarial model, certain goals are beyond attainment. This also suggests a negative answer to the open problem left by Huang et al. in 2014. To the best of knowledge, the present study makes the first step towards understanding the underlying evaluation metric for anonymous two-factor authentication, which we believe will facilitate better design of anonymous two-factor protocols that offer acceptable trade-offs among usability, security and privacy.
355 citations
"Dual-Stage Biometrics-Based Passwor..." refers background in this paper
...Similarly, Wang et al. (2015) have addressed practical challenges that reside in two-factor authentication schemes....
[...]
...Few researchers have worked toward providing the benchmark to define the robustness of such protocols against security threats (Wang et al. 2015)....
[...]
...Among them, password authentication with smart card is one of the easiest and robust two-factor authentication mechanisms in the distributed environment (Wang et al. 2015)....
[...]