Novel Visual Authentication Protocols to Defend Key Logging Issues
Abstract
The way to achieve secure communication is to have authentication protocol, which is a type of cryptographic protocol with the purpose of authenticating entities. The design of secure authentication protocols is quite challenging, considering that various kinds of root kits reside in PCs (Personal Computers) to observe user’s behavior and to make PCs untrusted devices. Involving human in authentication protocols, while promising, is not easy because of their limited capability of computation and memorization. Therefore, relying on users to enhance security necessarily degrades the usability. On the other hand, relaxing assumptions and rigorous security design to improve the user experience can lead to security breaches that can harm the users’ trust. In this paper, we demonstrate how careful visualization design can enhance not only the security but also the usability of authentication. To that end, we propose two visual authentication protocols: one is a one-time-password protocol, and the other is a password-based authentication protocol. Through rigorous analysis, we verify that our protocols are immune to many of the challenging authentication attacks applicable in the literature. Furthermore, using an extensive case study on a prototype of our protocols, we highlight the potential of our approach for real-world deployment: we were able to achieve a high level of usability while satisfying stringent security requirements.
Keywords
References
—. Google authenticator. http://code.google.com/p/google-authenticator/.
—. Rsa securid. http://www.emc.com/security/rsa-securid.htm.
Cronto. http://www.cronto.com/.
—. BS ISO/IEC 18004:2006. information technology. Automatic identification and data capture techniques. ISO/IEC, 2006.
—. ZXing. http://code.google.com/p/zxing/, 2011.
D. Boneh and X. Boyen. Short signatures without random racles. In Proc. of EUROCRYPT, pages 56–73, 2004.
J. Bonneau, C. Herley, P. C. Van Oorschot, and F. Stajan . The quest to replace passwords: A framework for comparative evaluation of web authentication schemes. In Security and Privacy (SP), 2012 IEEE Symposium on, pages 553–567. IEEE, 2012.
J. Brown. Zbar bar code reader, zbar android sdk 0.2. http://zbar. sourceforge.net/, April 2012.
C.-H. O. Chen, C.-W. Chen, C. Kuo, Y.-H. Lai, J. M. McCune, A. Studer, A. Perrig, B.-Y. Yang, and T.-C. Wu. Gangs: gather, authenticate ’n group securely. In J. J. Garcia-Luna-Aceves, R. Sivakumar, and P. Steenkiste, editors, MOBICOM, pages 92–103. ACM, 2008.
S. Chiasson, P. van Oorschot, and R. Biddle. Graphical password authentication using cued click points. In Proc. of ESORICS, 2008.
D. Crockford. The application/json media type for javascript object notation (json). ttp://www.ietf.org/rfc/rfc4627.txt?number=4627, July 2006.
D. Davis, F. Monrose, and M. Reiter. On user choice in graphical password schemes. In Proc. of USENIX Security, 2004.
N. Doraswamy and D. Harkins. IPSec: the new security standard for the Internet, intranets, and virtual private networks. Prentice Hall, 2003.
M. Farb, M. Burman, G. Chandok, J. McCune, and A. Perrig. Safeslinger: An easy-to-use and secure approach for human trust establishment. Technical report, CMU, 2011.
Ms.Ch.Niharika is a student of MVR College of Engineering & Technology, Paritala. Presently she is pursuing her M.Tech [Computer Science and Engineering] from this college and she received her B.Tech from Nimra womens college of Engineering, affiliated to JNT University, Kakinada in the year 2012. Her area of interest includes Computer Networks and Object oriented Programming languages and information security, all current trends and techniques in Computer Science.
Refbacks
- There are currently no refbacks.
Copyright © 2013, All rights reserved.| ijseat.com
International Journal of Science Engineering and Advance Technology is licensed under a Creative Commons Attribution 3.0 Unported License.Based on a work at IJSEat , Permissions beyond the scope of this license may be available at http://creativecommons.org/licenses/by/3.0/deed.en_GB.