Secure3 Authentication for Sensitive Data on Cloud Using Normal, Chessboard and QR Code Password...

7/24/2019 Secure3 Authentication for Sensitive Data on Cloud Using Normal, Chessboard and QR Code Password System

http://slidepdf.com/reader/full/secure3-authentication-for-sensitive-data-on-cloud-using-normal-chessboard 1/6

International Journal of Emerging Technologies and Engineering (IJETE)

Volume 2 Issue 1, January 2015, ISSN 2348 – 8050

1www.ijete.org

Secure3 Authentication for Sensitive Data on Cloud Using

Normal, Chessboard and QR Code Password System

Bhushan Shinde1, Pankaj Patil

2, Puja Kasbe

3, Sharad Ghodake

4, Prof. V. Waghmare

5

1,2,3,4,5Information Technology (MMIT, Lohgaon), Savitribai Phule Pune University, Pune

ABSTRACT

Existing systems of authentication are plagued by manyweaknesses. As a high-speed cloud infrastructure is

being developed and people are informationalized, thesensitive data are also engaged in cloud field. However,the existing cloud sensitive file upload and download on

cloud was exposed to the danger of hacking. Recently,the personal information has been leaked by a high-degree method such as Phishing or Pharming beyondsnatching a user ID and Password. Seeing that most ofexamples which happened in the file uploading and

downloading were caused by the appropriation of ID orPassword belonging to others, a safe user confirmationsystem gets much more essential. In this paper, we

propose a new authentication system file uploading anddownloading on cloud using HADOOP technique. This

authentication system is a combination of a threeauthentication system i.e. Secure3 system that

Normal+Chessboard+QR-code Authentication.

Keywords :-OTP(oneTimePassword),QR(Quick-

Response),CBS(Chess Board System).

1. INTRODUCTION

File uploading and downloading is most sensitive task performed by general internet User.In this paper, we

propose authentication system for sensitive fileuploading and downloading on cloud based hadoopframework. Cloud network which can provide greatersecurity and convenience to user for sensitive

information by Secure 3 authentication system i.e.textual password, chessboard system and mobile OTPwith the QR-code. Once the user enter a textual

password it matches with the users original password ifit correct then user goes to chessboard authentication.Inchessboard authentication user plays a chess game on

both the side and stores the playing moves in a database.When he login to his account this time he play this

moves again if this moves is match with database storedmoves then he goes to QR code authentication.QR codeauthentication is very secure system in that OTP is used

OTP is send on users mobile. In QR code users mobile

IMEI no is added with random no between (0-99999)this number store in database.

2. RELATED WORK

Authentication is accepting proof of identity given by a

credible person who has evidence on the said identity oron the originator and the object under assessment as his

artifact respectively. Traditional authentication techniquegenerally requires an id and password to verify theidentity of user. By nature, user is looking for a

password that is easy to remember and secured from anyattack. However, remembering many complicated

passwords, especially when user has different accountsis not an easy task. Earlier two factor authenticationtechnique is common in use. In the two factor

authentication individual can be identified by his username and password. If username and password is

matched then process of authentication is done and usercan access the data. But in this technique anyone canhack password and access information. In many cases

users' passwords are stored in plain-text form on theserver machine. Anyone who can gain access to theserver's database has access to enough information toimpersonate any authenticable user. In cases in whichusers' passwords are stored in encrypted form on the

server machine, plain-text passwords are still sent acrossa possibly-insecure network from the client to the serverAnyone with access to the intervening network may beable to "snoop” pairs out of conversations and replay

them to forge authentication to the system. Each separatesystem must carry its own copy of each user'sauthentication information. As a result, users must

maintain passwords on each system to which theyauthenticate, and so are likely to choose less-than-secure

passwords for convenience. Knowledge basedauthentication uses secret information. When user

provides some information to authenticate himself as a

legitimate user, the system processes this informationand suggests whether the user is legitimate or not

http://www.ijete.org/







2www.ijete.org

3. PROPOSED WORK AND METHODS:

Here the designs secure3 system of two 3Denvironments are specified,and one normal environmentis specified. The first is a normal authentication system

the second one being a chess game and the third being aOTP with QR code.In the chess game, the password is based on placing the chess pieces in predefined positionson the chess board and in the case of the QR code, the

password is constructed base on mobile IMEI no. addinga random number(0-99999)on mobile IMEI no.

3.1.

Environment1-Normal Login:

When a new user enters the environment, the user mustinitially enter all his details in the registration form. Theuser must then click on the environment1 button toselect the chess environment. Figure1 below shows anenvironment for a Normal-Login, having its username

and password. Password should contain a minimum 8digit including all character,number and spetial symbols.

Figure 1: Enviornment2 (Normal-Login)

3.1.1.Encryption:

The process of converting plain text to cipher text isknown as encryption. In this system the password ofthat user will send or receive will be in encrypted form.

To achieve this we will be using AES (AdvancedEncryption Standard) algorithm which is advanced

version of DES (Data Encryption Standard).The mainadvantages of AES are that its resistance against allknown attacks; speed and code compactness on a widerange of platforms; design simplicity .

3.2. Environment 2 – Chess:

When a new user enters the environment, the usermust initially enter all his details in the registration form.The user must then click on the environment2 button to

select the chess environment. Figure2 below shows anenvironment for a chess game, having a total of 32objects, out of which 16 are red and 16 are white. It also

encloses seven buttons all together namely, New buttonRecord button, Stop button, Play button, Confirm buttonClose button and Swap button, and one Checkboxoption. Each button works as specified below:

Figure 2: Enviornment2 (Chess)

The following buttons are used in a chessboard

environment.

1.New button :

Clicking this button initializes all the objects(white and red). Prior to clicking this button, theenvironment is completely empty. 2.Swap button:

This button is used in order to change the position of the red and white objects. In simple words, iexchanges the positions of the white and red objects

respectively.

3. Record button :

Before creating the 3D password, the user mustclick this button, as a result of which the sequence ofactions and interactions are stored as the 3D password as

a string. In the event that the record button has not been

clicked initially, nothing is recorded and an error occurswhen the user slicks the stop button.

4.Stop button: This button is used to end the sequence of actions

and interactions. Clicking this button stops recording theusers movements and the recorded actions andinteractions are saved as a 3D password in the form of astring.








3www.ijete.org

5. Play button:This button can be used by to user to check the

actions and interactions that have been performed after

pressing the stop button. Once this button is clicked, theuser can see a playback of the actions and interactionswhich have been stored as a 3D password.

6. Confirm button : This button confirms the 3D password. Once this

button is clicked, the user cannot change the 3D password. The user can however, change his/her password prior to clicking this button by selecting thenew button.

7.Close button :

Once clicked, the environment is closed andcontrol returns to the registration form.

Mathematical Equation:-

In the suggested scheme we are calculating the passwordspace taking into consideration that the user wants tomove a single chess piece at a time when the

environment is in view. Assume that we are starting witha chess board that is set up for the start of a game. . Each

player has 16 pieces. Consider the scenario where whitestarts first, white has a total number of 20 moves thathe/she can possible make.

1. The white player may move any pawn forward by oneor two positions.

2. The white player can move either knight in twodifferent ways. The white player chooses one of those 20moves and makes it.

The equation for calculating the password space is N=Lmax

П ( Lmax , G) = Σ (m + g ( AC )) nn=l

Here,m → All possible actions and interaction towards allexisting objects. In the case of our example, the value is20.

g(AC) → The count of the total number of actions andinputs towards the environment. In our example, theaction is only one i.e. moving the object and the

interactions are 3 (moving pawn forward, moving eitherknight in two different ways). So the value of g(AC) is3.G → (G×G×G) Number of actions, interactions andinputs, for consideration action is only one i.e. move,

interactions are 3 and inputs are nil. So the value of G is3.

Lmax →The maximum length of password. Here Lmax= 17. Then the possible password space for ourconsideration is:

n=17 П (17 , 3) = Σ (20+ 3)

n=1 = 3.7714x1043

The above value gives the total amount of space

in bytes.

3.1. Environment 3 – QR Code :

3.1.1.OTP(One Time Password): An OTP is a generated password which only valid onceThe user is given a device that can generate an OTP

using an algorithm and cryptographic keys. On theserver side, an authentication server can check the

validity of the password by sharing the same algorithmand keys.Several software or devices can be used togenerate the OTP,for example personal digital assistants

mobile phones,dedicated hardware tokens as it the mostsecure smart cards is devices among all the OTP

generator provide tamper-resistant two-factorauthentication: a PIN to unlock the OTP generator(something you know), and the OTP smart card itself

(something you have). Figure 1 illustrates the three stepsthat required to generate an OTP: the collection of some

external data, such as the time for synchronous OTP or achallenge for an asynchronous OTP, a cipheringalgorithm with secret keys shared by the device and the

authentication server, and finally a formatting step thatsets the size of the OTP to typically six to eight digits.

Figure3. The generation of One-Time password

3.1.2.QR-code(Two Dimensional Barcode):

The two-dimensional barcodes (2D barcode) are open

standards while others are proprietary such as








4www.ijete.org

Somacodes, Spotcodes, Rohs’visualcodes, ColorCode,Cybercode,MobileTag, VeriCode, Shot Code, eZcodes,HotScan,Codablock F, Aztec, FP C Code (Fine Picture

Code – Fujitsu)and Bee Tagg (conn Vision). PDF417 (Portable DataFile) and Maxi Code are used under AIM InternationalISO standardization. The two most well known 2D

barcode standers are Data Matrix (ISO/IEC 16022:2000)

and QR code (ISO/IEC 18004:2000)]. There is nolicense fee to be paid to use neither Data Matrix nor QR-code. Even though a study comparing them quote byexplained the superiority encoding, QR-codes are most

common in Asia and particularly popular in Japan.

Figure 4. The development of QR-code

A QR-code is a two-dimensional barcode introduced by

the Japanese company Denso-Wave in 1994. This kindof barcodewas initially used for tracking inventory in vehicle parts

manufacturing and now is widely used in a variety ofindustries. QR stands for “Quick Response” as thecreator intended the code to allow its contents to bedecoded at highspeed.

Figure 5. The structure of QR-code

Each QR-code symbol consists of an encodingregion and function patterns, as show in Fig 2. Function

patterns include finder, separator, timing patterns and

alignment patterns. The finder patterns located at threecomers of the symbol intended to assist in easy locationof its position, size and inclination. A QR-code is amatrix code developed and released primarily to be asymbol that is easily interpreted by scanner equipment

It contains information in both vertical and horizontaldirections, whereas a classical barcode has only onedirection of data (usually the vertical one). Compared toa 1D barcode, a QR-code can hold a considerably greater

volume of information: 7,089 characters for numeric4,296 characters for alphanumeric data, 2,953 bytes of

binary (8bits) and 1,817 characters of Japanese

Kanji/Kana symbols. Besides this, QR code also haserror correction capability. Data can be restored even

when substantial parts of the code are distorted ordamaged.

In the QR-code standard, comers are marked

and estimated so that the inside-code can be scannedThe barcode recognition process has 5 steps: (1) edge

detection, (2) shape detection, (3) identification of barcode control bar, (4) identification of the barcodeorientation, dimensions and bit density using the contro

bar,and lastly, (5) calculation the value of the barcode . For

camera phones and PDAs (Personal Digital Assistant)that are not equipped with QR-code readers, there aresome add-on tools that decode QR-codes simply by

positioning the device in front of the code. This is doneautomatically within the streaming flow and the userdoes not have to take a picture of the QR-code. QuickMark and 1-nigma readers are good examples of freetools using this technique that are available for many

manufactured models and devices. QuickMark providesextension functionalities to QR-codes, by allowing

partial or entire encryption of codes. Another interestingfeature is the “Magic Jigsaw”: this option encodes binary

data (a picture for example) as a chain of QR-codes thatthe user can scan to retrieve the original content.Alternatively, if there is no network connection is

available, the code management will have to be done bythe mobile device in an autonomous way. If the finauser only needs to scan codes and see the resultmessages, the softwarementioned above are sufficient enough. However the

developers, who have to manage QR-codes, some SDKs(Software Development kit) are announced and some arealready available in the market. For instants Microsoft








5www.ijete.org

Windows Live Barcode project, OpenNetCF, QRCodeLibrary for .NET Compact Framework and GoogleZXing (Zebra Crossing) project will be available soon.

Twit88 providesan open source project on QR-codes.

4. ARCHITECHTURE OF A PROPOSED

SYSTEM:

The archichture of a proposed system consist of acombination of a three authentication system.

1.Normal Login.

2.Chessboard Login.3.QR-code Login.

The figure 6.shows a typical architecture of a proposed system.

Figure6:ArchitechtureOfSystem.

The proposed system have required first user

registration. In user registration required users loginname and password is stored in the database at the time

of a registration.As well as in the time of registrationuser play a chessboard environment and this moves also

stored in a user database. The user registration nothing but a personnel information of a user.When thisinformation is fill then user account will be created.Then

user do their personnel work like file uploading anddownloading of a sensitive data.The proposed system is

more secure than a other authentication system.The proposed authentication system requires a

three step authentication.First is normal.In normal

authentication user requires his username and password

at the time of login.If user entered username and

password is correct then he moves from chessboardotherwise he display a message incorrect username or

password.After completion of first environment user goes to a

chessboard environment in this environment he plays achessboard moves that stored in a database.When thismoves is correct he goes to a QR code environment

otherwise he goes to a normal login.After completion of a chessboard user goes to a QR

code environment in that environment user requires aOTP.When this password is correct then user have a

permission to do their work(FileUploading and

FileDownloading)on cloud using a hadoop framework.








6www.ijete.org

5. ADVANTAGES:1.It is more secure system.2.Used for sensitive data.3.Used to store personnel information on cloud.4.Three authentication system is used so it is more

secure than other authenticationsystem.

6. BENIFITS OF PROPOSED SYSTEM:1. Critical server many large organizations have critical

servers that are usually protected by a textual password.A secure 3 password authentication proposes a sound

replacement for a textual password.2. Nuclear and military facilities such facilities should be

protected by the most Powerful authentication systems.The secure 3 password has a very large probable

password space, and since it can contain token,

biometrics, recognition and knowledge basedAuthentications in a single authentication system, it is a

sound choice for high level security locations.3. Airplanes and jet fighters Because of the possiblethreat of misusing airplanes and jet fighters for religion,

political agendas, usage of such airplanes should be protected by a powerful authentication system. In

addition, 3D passwords can be used in less criticalsystems because the 3D virtual environment can bedesigned to fit to any system needs.

4. A small virtual environment can be used in thefollowing systems like

4.1 Personal Digital Assistance4.2 Desktop Computers laptop logins4.3 Web Authentication

4.4 Security Analysis

7. CONCLUSION:We proposed a system called Secure Three password, inthis we provide 3 authentication system step by step (onelevel after another level). Our systems provide the

security or authentication for sensitive data as the hackerwill have to go through three levels of authentication in

which the complexity level increases at every step.

REFRENCES:

[1] Mohammad Mannan, P. C. Van Oorschot, “Securityand Usability: The Gap in Real-World Online Banking”,

NSPW’07, North Conway, NH,USA, Sep. 18-21, 2007.[2] AntiPhishingGroup, “Phishing Activity Trends

Report”, from:http://www.antiphishing.org,Dec. 2008.

[3] Sang-Il Cho, HoonJae Lee, Hyo-Taek Lim, SangGon Lee, “OTP Authentication Protocol Using StreamCipher with Clock-Counter”, October, 2009.

[4] Prof. Sonkar S.K.; Dr. Ghungrad S.B., “MinimumSpace and Huge Security in 3D Password Scheme”International Journal of Computer Applications (0975-8887), Volume 29-No.4, September 2011.[5]Cloud Computing: A Practical Approach Anthony T

VelteToby J. Velte, Ph.D. Robert Elsenpeter.




Secure3 Authentication for Sensitive Data on Cloud Using Normal, Chessboard and QR Code Password...

Documents

Transcript of Secure3 Authentication for Sensitive Data on Cloud Using Normal, Chessboard and QR Code Password...