Password Security

Abstract:

Authentication is the first line of defense against compromising confidentiality and integrity. Though traditional login/password based schemes are easy to implement, they have been subjected to several attacks. As alternative, token and biometric based authentication systems were introduced. However, they have not improved substantially to justify the investment. Thus, a variation to the login/password scheme, viz. graphical scheme was introduced. But it also suffered due to shoulder-surfing and screen dump attacks. In this paper, we introduce a framework of our proposed Implicit Password Authentication System, which is immune to the common attacks suffered by other authentication schemes.

Existing System:Token based systems rely on the use of a physical device such as smartcards or electronic-key for authentication purpose. Graphical-based password techniques have been proposed as a potential alternative to text-based techniques, supported partially by the fact that humans can remember images better than text. In general, the graphical password techniques can be classified into two categories: recognition-based and recall based graphical techniques. In recognition-based systems, a group of images are displayed to the user and an accepted authentication requires a correct image being clicked or touched in a particular order. In recall-based systems, the user is asked to reproduce something that he/she created or selected earlier during the registration phase. Recall based schemes can be broadly classified into two groups, pure recall-based technique and cued recall-based technique.

Proposed System:In this paper, we focus only on what you know types of authentication. We propose our Implicit Password Authentication System. IPAS is similar to the Pass Point scheme with some finer differences. In every what you know type authentication scheme we are aware of, the server requests the user to reproduce the fact given to the server at the time of registration. This is also true in graphical passwords such as Pass Point. In IPAS, we consider the password as a piece of information known to the server at the time of registration and at the time of authentication, the user give this information in an implicit form that can be understood only by the server.

Modules:

1. Create User profile Vector:

While registration of user information, the user id, security question and answer are getting for creating profile vector. Every user selects answer for security questions at the time of registration and provides their individual answer. For each question, the system then either creates an authentication space .Once the authentication space is created, the system is ready for authenticating a user.

2. Generate Random Question:For each question, the server may choose a random scenario from the authentication space that represents the correct answer. The chosen scenario will have one or more clickable points that represent the answer to the question provided by the particular user.

3. Compare User Profile/login Profile:Enters User name and answer as location points for the random security question will decide that the user is legitimate or an imposter. the authentication information is presented to the user in an implicit form that can be understood and decoded only by the legitimate end user.

System Requirements:Hardware Requirements:Processor: Intel Duel Core.Hard Disk : 60 GB.Floppy Drive: 1.44 Mb.Monitor: LCD Colour.Mouse: Optical Mouse.RAM: 512 Mb.

Software Requirements:Operating system: Windows XP.Coding Language: ASP.Net with C#Data Base: SQL Server 2005