scispace - formally typeset
Proceedings ArticleDOI: 10.1145/2979779.2979880

RSJ Approach for User Authentication

12 Aug 2016-pp 101
Abstract: Some of the common works like, upload and retrieval of data, buying and selling things, earning and donating or transaction of money etc., are the most common works performed in daily life through internet. For every user who is accessing the internet regularly, their highest priority is to make sure that there data is secured. Users are willing to pay huge amount of money to the service provider for maintaining the security. But the intention of malicious users is to access and misuse others data. For that they are using zombie bots. Always Bots are not the only malicious, legitimate authorized user can also impersonate to access the data illegally. This makes the job tougher to discriminate between the bots and boots. For providing security form that threats, here we are proposing a novel RSJ Approach by User Authentication. RSJ approach is a secure way for providing the security to the user form both bots and malicious users. more

Topics: Authentication (51%), The Internet (51%)

Book ChapterDOI: 10.1007/978-3-030-16657-1_42
Rachit Bhalla1, N. Jeyanthi1Institutions (1)
06 Dec 2018-
Abstract: Identifying and validating the user is a major concern in a heterogeneous network domain. Conventional algorithms and mechanisms could authenticate the users/messages, but with certain vulnerabilities. This paper analyzes the vulnerabilities and downsides of some present-day authentication mechanisms that are being used and proposes an authentication mechanism that cannot be bypassed easily. The proposed mechanism incorporates multi-factor authentication and validates the user based on a username, a password, a security question which is sent to the user via Short-Message-Service (SMS), and a security pin (if necessary). List of security questions posed to the end-user makes the proposed mechanism stronger and protect the system from security breaches by an unknown user to guess the answer. more

Topics: Multi-factor authentication (64%), Password (59%), Authentication (58%) more

1 Citations

Journal ArticleDOI: 10.21767/2349-3917.100009
Abstract: Cloud computing is an internet-based computing where shared resources, software and information provided to the end-users, on demand. The end users can be comfortable with the cloud as its features on-demand self-services, broad network access, resource pooling, rapid elasticity and measured service, make it more efficient. Security is one of the major issues which hamper the growth of cloud. Confidentiality–Integrity–Availability are the major security goals to be ensured by the security mechanisms. Authentication could provide a better solution in all three aspects. Various authentication based methodologies proposed by experts are in the field, with their own strength and weakness. This paper proposed an authentication scheme along with performance enhancement. Initial phase of the proposal differentiates the request as wired or wireless network. Based on which, appropriate authentication protocol comes into play, wired adopts keystroke behaviour and wireless follows SSID. In the second phase, users behaviour were analysed and credits assigned to them, based on which resource accessibility is restricted. In the third phase, performance characteristics were taken into account. Analytical results support the claim to enhance the security services and also the performance factors such as resource utilizations and cost. more

Topics: Authentication protocol (63%), Access control (60%), Cloud computing (59%) more

Open accessBook
01 Jan 1976-
Abstract: Both in science and in practical affairs we reason by combining facts only inconclusively supported by evidence. Building on an abstract understanding of this process of combination, this book constructs a new theory of epistemic probability. The theory draws on the work of A. P. Dempster but diverges from Depster's viewpoint by identifying his "lower probabilities" as epistemic probabilities and taking his rule for combining "upper and lower probabilities" as fundamental. The book opens with a critique of the well-known Bayesian theory of epistemic probability. It then proceeds to develop an alternative to the additive set functions and the rule of conditioning of the Bayesian theory: set functions that need only be what Choquet called "monotone of order of infinity." and Dempster's rule for combining such set functions. This rule, together with the idea of "weights of evidence," leads to both an extensive new theory and a better understanding of the Bayesian theory. The book concludes with a brief treatment of statistical inference and a discussion of the limitations of epistemic probability. Appendices contain mathematical proofs, which are relatively elementary and seldom depend on mathematics more advanced that the binomial theorem. more

Topics: Dempster–Shafer theory (66%), Upper and lower probabilities (61%), Mathematical theory (60%) more

14,555 Citations

Journal ArticleDOI: 10.1109/TIFS.2014.2312547
Bin Zhu1, Jeff Yan2, Guanbo Bao, Maowei Yang3  +1 moreInstitutions (3)
Abstract: Many security primitives are based on hard mathematical problems. Using hard AI problems for security is emerging as an exciting new paradigm, but has been under-explored. In this paper, we present a new security primitive based on hard AI problems, namely, a novel family of graphical password systems built on top of Captcha technology, which we call Captcha as graphical passwords (CaRP). CaRP is both a Captcha and a graphical password scheme. CaRP addresses a number of security problems altogether, such as online guessing attacks, relay attacks, and, if combined with dual-view technologies, shoulder-surfing attacks. Notably, a CaRP password can be found only probabilistically by automatic online guessing attacks even if the password is in the search set. CaRP also offers a novel approach to address the well-known image hotspot problem in popular graphical password systems, such as PassPoints, that often leads to weak password choices. CaRP is not a panacea, but it offers reasonable security and usability and appears to fit well with some practical applications for improving online security. more

Topics: Password policy (67%), One-time password (66%), Password strength (65%) more

88 Citations

Open accessProceedings Article
Yi Xu1, Gerardo Reynaga2, Sonia Chiasson2, J-M. Frahm1  +2 moreInstitutions (2)
08 Aug 2012-
Abstract: We explore the robustness and usability of moving-image object recognition (video) captchas, designing and implementing automated attacks based on computer vision techniques. Our approach is suitable for broad classes of moving-image captchas involving rigid objects. We first present an attack that defeats instances of such a captcha (NuCaptcha) representing the state-of-the-art, involving dynamic text strings called codewords. We then consider design modifications to mitigate the attacks (e.g., overlapping characters more closely). We implement the modified captchas and test if designs modified for greater robustness maintain usability. Our lab-based studies show that the modified captchas fail to offer viable usability, even when the captcha strength is reduced below acceptable targets--signaling that the modified designs are not viable. We also implement and test another variant of moving text strings using the known emerging images idea. This variant is resilient to our attacks and also offers similar usability to commercially available approaches. We explain why fundamental elements of the emerging images concept resist our current attack where others fails. more

Topics: Usability (57%), CAPTCHA (53%)

61 Citations

Journal ArticleDOI: 10.1016/J.FUTURE.2012.08.013
Gaurav Goswami1, Brian M. Powell2, Mayank Vatsa1, Richa Singh1  +1 moreInstitutions (2)
Abstract: With data theft and computer break-ins becoming increasingly common, there is a great need for secondary authentication to reduce automated attacks while posing a minimal hindrance to legitimate users. CAPTCHA is one of the possible ways to classify human users and automated scripts. Though text-based CAPTCHAs are used in many applications, they pose a challenge due to language dependency. In this paper, we propose a face image-based CAPTCHA as a potential solution. To solve the CAPTCHA, users must correctly identify visually-distorted human faces embedded in a complex background without selecting any non-human faces. The proposed algorithm generates a CAPTCHA that offers better human accuracy and lower machine attack rates compared to existing approaches. more

Topics: CAPTCHA (62%), Face detection (53%)

58 Citations

Open accessProceedings ArticleDOI: 10.1109/ICC.2011.5963009
05 Jun 2011-
Abstract: CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) is a simple test that is easy for humans but extremely difficult for computers to solve. CAPTCHA has been widely used in commercial websites such as web-based email providers, TicketMaster, GoDaddy, and Facebook to protect their resources from attacks initiated by automatic scripts. By design, CAPTCHA is unable to distinguish between a human attacker and a legitimate human user. This leaves websites using CAPTCHA vulnerable to 3rd party human CAPTCHA attacks. In order to demonstrate the vulnerabilities in existing CAPTCHA technologies we develop a new streamlined human-based CAPTCHA attack that uses Instant Messenger infrastructure. Facing this serious human-based attack threat, we then present a new defense system called Interactive CAPTCHA (iCAPTCHA), which is the next generation of CAPTCHA technology providing the first steps toward defending against 3rd party human CAPTCHA attacks. iCAPTCHA requires a user to solve a CAPTCHA test via a series of user interactions. The multi-step back-and-forth traffic between client and server amplifies the statistical timing difference between a legitimate user and a human solver, which enables better attack detection performance. A performance and usability study of iCAPTCHA shows the proposed scheme is effective in attack detection, is easy to use, and is a viable replacement of the current text-based CAPTCHA. more

  • Figure 1: IMCA Architecture
    Figure 1: IMCA Architecture
  • Table 3: Ease of Use Table 4: Response Speed
    Table 3: Ease of Use Table 4: Response Speed
  • Figure 2 User Entering Data to Join Wii Tennis Club
    Figure 2 User Entering Data to Join Wii Tennis Club
  • Figure 4: CAPTCHA provided to human solver by IMCA
    Figure 4: CAPTCHA provided to human solver by IMCA
  • Figure 5: Operation of iCAPTCHA. (a) Initial display of iCAPTCHA (b) Display after test begins (c) Display after first input is processed
    Figure 5: Operation of iCAPTCHA. (a) Initial display of iCAPTCHA (b) Display after test begins (c) Display after first input is processed
  • + 6

Topics: CAPTCHA (66%)

45 Citations

No. of citations received by the Paper in previous years