RSJ Approach for User Authentication
12 Aug 2016-pp 101
TL;DR: RSJ approach is a secure way for providing the security to the user form both bots and malicious users, here the authors are proposing a novel RSJ Approach by User Authentication.
Abstract: Some of the common works like, upload and retrieval of data, buying and selling things, earning and donating or transaction of money etc., are the most common works performed in daily life through internet. For every user who is accessing the internet regularly, their highest priority is to make sure that there data is secured. Users are willing to pay huge amount of money to the service provider for maintaining the security. But the intention of malicious users is to access and misuse others data. For that they are using zombie bots. Always Bots are not the only malicious, legitimate authorized user can also impersonate to access the data illegally. This makes the job tougher to discriminate between the bots and boots. For providing security form that threats, here we are proposing a novel RSJ Approach by User Authentication. RSJ approach is a secure way for providing the security to the user form both bots and malicious users.
Citations
More filters
06 Dec 2018
TL;DR: The proposed mechanism incorporates multi-factor authentication and validates the user based on a username, a password, a security question which is sent to the user via Short-Message-Service (SMS), and a security pin (if necessary).
Abstract: Identifying and validating the user is a major concern in a heterogeneous network domain. Conventional algorithms and mechanisms could authenticate the users/messages, but with certain vulnerabilities. This paper analyzes the vulnerabilities and downsides of some present-day authentication mechanisms that are being used and proposes an authentication mechanism that cannot be bypassed easily. The proposed mechanism incorporates multi-factor authentication and validates the user based on a username, a password, a security question which is sent to the user via Short-Message-Service (SMS), and a security pin (if necessary). List of security questions posed to the end-user makes the proposed mechanism stronger and protect the system from security breaches by an unknown user to guess the answer.
1 citations
TL;DR: Analytical results support the claim to enhance the security services and also the performance factors such as resource utilizations and cost.
Abstract: Cloud computing is an internet-based computing where shared resources, software and information provided to the end-users, on demand. The end users can be comfortable with the cloud as its features on-demand self-services, broad network access, resource pooling, rapid elasticity and measured service, make it more efficient. Security is one of the major issues which hamper the growth of cloud. Confidentiality–Integrity–Availability are the major security goals to be ensured by the security mechanisms. Authentication could provide a better solution in all three aspects. Various authentication based methodologies proposed by experts are in the field, with their own strength and weakness. This paper proposed an authentication scheme along with performance enhancement. Initial phase of the proposal differentiates the request as wired or wireless network. Based on which, appropriate authentication protocol comes into play, wired adopts keystroke behaviour and wireless follows SSID. In the second phase, users behaviour were analysed and credits assigned to them, based on which resource accessibility is restricted. In the third phase, performance characteristics were taken into account. Analytical results support the claim to enhance the security services and also the performance factors such as resource utilizations and cost.
References
More filters
Book•
01 Jan 1976
TL;DR: This book develops an alternative to the additive set functions and the rule of conditioning of the Bayesian theory: set functions that need only be what Choquet called "monotone of order of infinity." and Dempster's rule for combining such set functions.
Abstract: Both in science and in practical affairs we reason by combining facts only inconclusively supported by evidence. Building on an abstract understanding of this process of combination, this book constructs a new theory of epistemic probability. The theory draws on the work of A. P. Dempster but diverges from Depster's viewpoint by identifying his "lower probabilities" as epistemic probabilities and taking his rule for combining "upper and lower probabilities" as fundamental. The book opens with a critique of the well-known Bayesian theory of epistemic probability. It then proceeds to develop an alternative to the additive set functions and the rule of conditioning of the Bayesian theory: set functions that need only be what Choquet called "monotone of order of infinity." and Dempster's rule for combining such set functions. This rule, together with the idea of "weights of evidence," leads to both an extensive new theory and a better understanding of the Bayesian theory. The book concludes with a brief treatment of statistical inference and a discussion of the limitations of epistemic probability. Appendices contain mathematical proofs, which are relatively elementary and seldom depend on mathematics more advanced that the binomial theorem.
14,565 citations
TL;DR: A novel family of graphical password systems built on top of Captcha technology, which is called Captcha as graphical passwords (CaRP), which offers reasonable security and usability and appears to fit well with some practical applications for improving online security.
Abstract: Many security primitives are based on hard mathematical problems. Using hard AI problems for security is emerging as an exciting new paradigm, but has been under-explored. In this paper, we present a new security primitive based on hard AI problems, namely, a novel family of graphical password systems built on top of Captcha technology, which we call Captcha as graphical passwords (CaRP). CaRP is both a Captcha and a graphical password scheme. CaRP addresses a number of security problems altogether, such as online guessing attacks, relay attacks, and, if combined with dual-view technologies, shoulder-surfing attacks. Notably, a CaRP password can be found only probabilistically by automatic online guessing attacks even if the password is in the search set. CaRP also offers a novel approach to address the well-known image hotspot problem in popular graphical password systems, such as PassPoints, that often leads to weak password choices. CaRP is not a panacea, but it offers reasonable security and usability and appears to fit well with some practical applications for improving online security.
92 citations
TL;DR: The proposed algorithm generates a face image-based CAPTCHA that offers better human accuracy and lower machine attack rates compared to existing approaches.
64 citations
"RSJ Approach for User Authenticatio..." refers background in this paper
...[12] Truong, Huy D. , Christopher F. Turner and Cliff Changchun Zou.2011. iCAPTCHA: the next generation of CAPTCHA designed to defend against 3rd party human attacks....
[...]
...Turner, and Cliff Changchun Zou [11] gives Icaptcha, uses a sequence of mouse clicks to solve the captcha....
[...]
...Truong, Huy D., Christopher F. Turner, and Cliff Changchun Zou [11] gives Icaptcha, uses a sequence of mouse clicks to solve the captcha....
[...]
Proceedings Article•
08 Aug 2012TL;DR: This work presents an attack that defeats instances of such a captcha (NuCaptcha) representing the state-of-the-art, involving dynamic text strings called codewords, and considers design modifications to mitigate the attacks (e.g., overlapping characters more closely).
Abstract: We explore the robustness and usability of moving-image object recognition (video) captchas, designing and implementing automated attacks based on computer vision techniques. Our approach is suitable for broad classes of moving-image captchas involving rigid objects. We first present an attack that defeats instances of such a captcha (NuCaptcha) representing the state-of-the-art, involving dynamic text strings called codewords. We then consider design modifications to mitigate the attacks (e.g., overlapping characters more closely). We implement the modified captchas and test if designs modified for greater robustness maintain usability. Our lab-based studies show that the modified captchas fail to offer viable usability, even when the captcha strength is reduced below acceptable targets--signaling that the modified designs are not viable. We also implement and test another variant of moving text strings using the known emerging images idea. This variant is resilient to our attacks and also offers similar usability to commercially available approaches. We explain why fundamental elements of the emerging images concept resist our current attack where others fails.
63 citations
"RSJ Approach for User Authenticatio..." refers background in this paper
...[9] proposed a new geographical password based captcha called as geographical passwords (carp)....
[...]
05 Jun 2011
TL;DR: A performance and usability study of iCAPTCHA shows the proposed scheme is effective in attack detection, is easy to use, and is a viable replacement of the current text-based CAPTCHA.
Abstract: CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) is a simple test that is easy for humans but extremely difficult for computers to solve. CAPTCHA has been widely used in commercial websites such as web-based email providers, TicketMaster, GoDaddy, and Facebook to protect their resources from attacks initiated by automatic scripts. By design, CAPTCHA is unable to distinguish between a human attacker and a legitimate human user. This leaves websites using CAPTCHA vulnerable to 3rd party human CAPTCHA attacks. In order to demonstrate the vulnerabilities in existing CAPTCHA technologies we develop a new streamlined human-based CAPTCHA attack that uses Instant Messenger infrastructure. Facing this serious human-based attack threat, we then present a new defense system called Interactive CAPTCHA (iCAPTCHA), which is the next generation of CAPTCHA technology providing the first steps toward defending against 3rd party human CAPTCHA attacks. iCAPTCHA requires a user to solve a CAPTCHA test via a series of user interactions. The multi-step back-and-forth traffic between client and server amplifies the statistical timing difference between a legitimate user and a human solver, which enables better attack detection performance. A performance and usability study of iCAPTCHA shows the proposed scheme is effective in attack detection, is easy to use, and is a viable replacement of the current text-based CAPTCHA.
46 citations
"RSJ Approach for User Authenticatio..." refers background in this paper
..., and KB Sri Sathya [12] presented an approach based on the keystroke....
[...]
...Pavithra, M., and KB Sri Sathya [12] presented an approach based on the keystroke....
[...]