16 research outputs found
A robustness verification system for mobile phone authentication based on gestures using Linear Discriminant Analysis
This article evaluates an authentication technique for mobiles based on gestures. Users create a remindful identifying gesture to be considered as their in-air signature. This work analyzes a database of 120 gestures of different vulnerability, obtaining an Equal Error Rate (EER) of 9.19% when robustness of gestures is not verified. Most of the errors in this EER come from very simple and easily forgeable gestures that should be discarded at enrollment phase. Therefore, an in-air signature robustness verification system using Linear Discriminant Analysis is proposed to infer automatically whether the gesture is secure or not. Different configurations have been tested obtaining a lowest EER of 4.01% when 45.02% of gestures were discarded, and an optimal compromise of EER of 4.82% when 19.19% of gestures were automatically rejected
Password Based a Generalize Robust Security System Design Using Neural Network
Among the various means of available resource protection including biometrics, password based system is most simple, user friendly, cost effective and commonly used. But this method having high sensitivity with attacks. Most of the advanced methods for authentication based on password encrypt the contents of password before storing or transmitting in physical domain. But all conventional cryptographic based encryption methods are having its own limitations, generally either in terms of complexity or in terms of efficiency. Multi-application usability of password today forcing users to have a proper memory aids. Which itself degrades the level of security. In this paper a method to exploit the artificial neural network to develop the more secure means of authentication, which is more efficient in providing the authentication, at the same time simple in design, has given. Apart from protection, a step toward perfect security has taken by adding the feature of intruder detection along with the protection system. This is possible by analysis of several logical parameters associated with the user activities. A new method of designing the security system centrally based on neural network with intrusion detection capability to handles the challenges available with present solutions, for any kind of resource has presented
Password Cracking and Countermeasures in Computer Security: A Survey
With the rapid development of internet technologies, social networks, and
other related areas, user authentication becomes more and more important to
protect the data of the users. Password authentication is one of the widely
used methods to achieve authentication for legal users and defense against
intruders. There have been many password cracking methods developed during the
past years, and people have been designing the countermeasures against password
cracking all the time. However, we find that the survey work on the password
cracking research has not been done very much. This paper is mainly to give a
brief review of the password cracking methods, import technologies of password
cracking, and the countermeasures against password cracking that are usually
designed at two stages including the password design stage (e.g. user
education, dynamic password, use of tokens, computer generations) and after the
design (e.g. reactive password checking, proactive password checking, password
encryption, access control). The main objective of this work is offering the
abecedarian IT security professionals and the common audiences with some
knowledge about the computer security and password cracking, and promoting the
development of this area.Comment: add copyright to the tables to the original authors, add
acknowledgement to helpe
Cumulative and Ratio Time Evaluations in Keystroke Dynamics To Improve the Password Security Mechanism
The password mechanism is widely adopted as a control security system to legitimate access to a database or a transaction content or computing resources. This is because of the low cost of the mechanism, the software routine simplicity, and the facility for the user. But the password mechanism can suffer from serious vulnerabilities, which have to be reduced in some way. An aid comes from the keystroke dynamic evaluation, which uses the rhythm in which an individual types characters on a keyboard. It has been demonstrated how the keystroke dynamics are unique biometric template of the users typing pattern. So, the dwell time (the time a key pressed) and the flight time (the time between âkey upâ and the next âkey downâ) are used to verify the real userâs identity. In this work we investigated the keystroke dynamic already reported in literature but with some differences, so to obtain additional benefits. Rather than the commonly adopted absolute times (dwell and fly times), we deal with cumulative and ratio ones (i.e. sum and ratio of dwell and fly times), taking into account that the latest are times which do not change even if the userâs typing style evolves with practic
Costs and benefits of authentication advice
When it comes to passwords, conflicting advice can be found everywhere.
Different sources give different types of advice related to authentication. In
this paper such advice is studied. First, using a sample collection of
authentication advice, we observe that different organizations' advice is often
contradictory and at odds with current research. We highlight the difficulties
organizations and users have when determining which advice is worth following.
Consequently, we develop a model for identifying costs of advice. Our model
incorporates factors that affect organizations and users, including, for
example, usability aspects. Similarly, we model the security benefits brought
by such advice. We then apply these models to our taxonomy of advice to
indicate the potential effectiveness of the security recommendations. We find
that organizations experience fewer costs than users as a result of
authentication policies. Reassuringly, the advice our model has classified as
good or bad, is in line with the NIST 2017 digital authentication guidelines
From Very Weak to Very Strong: Analyzing Password-Strength Meters
Millions of users are exposed to password-strength meters/checkers at highly popular web services that use user- chosen passwords for authentication. Recent studies have found evidence that some meters actually guide users to choose better passwordsâwhich is a fairly rare-bit of good news in password research. However, these meters are mostly based on ad-hoc design. At least, as we found, most vendors do not provide any explanation of their design choices, sometimes making them appear to be a black box. We analyze password meters deployed in selected popular websites, by measuring the strength labels assigned to common passwords from several password dictionaries. From this empirical analysis with millions of passwords, we report prominent characteristics of meters as deployed at popular websites. We shed light on how the server-end of some meters functions, provide examples of highly inconsistent strength outcomes for the same password in different meters, along with examples of many weak passwords being labeled as strong or even very strong. These weaknesses and inconsistencies may confuse users in choosing a stronger password, and thus may weaken the purpose of these meters. On the other hand, we believe these findings may help improve existing meters, and possibly make them an effective tool in the long run
From Very Weak to Very Strong: Analyzing Password-Strength Meters
Millions of users are exposed to password-strength meters/checkers at highly popular web services that use user- chosen passwords for authentication. Recent studies have found evidence that some meters actually guide users to choose better passwordsâwhich is a fairly rare-bit of good news in password research. However, these meters are mostly based on ad-hoc design. At least, as we found, most vendors do not provide any explanation of their design choices, sometimes making them appear to be a black box. We analyze password meters deployed in selected popular websites, by measuring the strength labels assigned to common passwords from several password dictionaries. From this empirical analysis with millions of passwords, we report prominent characteristics of meters as deployed at popular websites. We shed light on how the server-end of some meters functions, provide examples of highly inconsistent strength outcomes for the same password in different meters, along with examples of many weak passwords being labeled as strong or even very strong. These weaknesses and inconsistencies may confuse users in choosing a stronger password, and thus may weaken the purpose of these meters. On the other hand, we believe these findings may help improve existing meters, and possibly make them an effective tool in the long run
Zipfâs Law in Passwords
Despite more than thirty years of research efforts, textual passwords are still enveloped in mysterious veils. In this work, we make a substantial step forward in understanding the distributions of passwords and measuring the strength of password datasets by using a statistical approach. We first show that Zipf\u27s law perfectly exists in real-life passwords by conducting linear regressions on a corpus of 56 million passwords. As one specific application of this observation, we propose the number of unique passwords used in regression and the slope of the regression line together as a metric for assessing the strength of password datasets, and prove it in a mathematically rigorous manner. Furthermore, extensive experiments (including optimal attacks, simulated optimal attacks and state-of-the-art cracking sessions) are performed to demonstrate the practical effectiveness of our metric. To the best of knowledge, our new metric is the first one that is both easy to approximate and accurate to facilitate comparisons, providing a useful tool for the system administrators to gain a precise grasp of the strength of their password datasets and to adjust the password policies more reasonably
Improving system security via proactive password checking
As the Internet has grown, its user community has changed from a small tight-knit group of researchers to a loose gathering of people on a global network. The amazing and constantly growing numbers of machines and users ensures that untrustworthy individuals have full access to that network. High speed inter-machine communication and even higher speed computational processors have made the threats of system âcrackersâ, data theft. and data corruption very real. This paper outlines some of the problems of current password security by demonstrating the ease by which individual accounts may be broken. Various techniques used by crackers arc outlined. and finally one solution to this point of system vulnerability. a proactive password checker, is documented