13,144 research outputs found
Multivariate Polynomial and Exponential Mappings based Password Authentication Protocol
In this paper, a multivariate polynomial and exponential mappings based password protocol is presented. The method can be utilized in public domains. The key generator generates a vector, intended to be used as a password by the authentication protocol subsequently, such that when the vector is substituted and evaluated in certain fixed multivariate polynomials -- that may be listed in a public domain -- the value is found as a result of proper authentication. The public domain in this context could be internal to a large, and possibly distributed, system. The key generator can take hints from the owner of the password to generate the particular zero vector to suit the user. It may take into consideration biometric and any other user specific information at the time of key generation. The information collected by the key generator can be saved by the owner of the password for its possible retrieval upon requisition by the user, during the period of its validity, in case it is forgotten by the user
Perlindungan Data Terhadap Serangan Menggunakan Metoda Tebakan Pada Sistem Operasi Linux
In a security system that allows users to use their password, users usually choose a password that is easy to remember and are usually easy to guess the password. This weakness is often the case in almost all of the existing system. Rather than forcing the user choose a good password, which means it's difficult to remember or long terralu.Li Gong propose a solution that will preserve user comfort while delivering high security guarantees. The basic idea proposed is to ensure that data can be stolen by the attacker can not be predicted and tested in a way to guess. This can be achieved by using a random number generator, ie by performing XOR operations on each message contains confidential information with a value generated by a random number generator.By utilizing a random number generator is expected that each message sent at different times have different shapes. This way every effort to keep it guesses attack more difficult, where the attackers have to guess on the random number is used as to disguise the message, before making a guess on the key of the message.In this study will be discussed about the methods above in more detail and try. To be implemented on the Linux operating system. By utilizing the technique as mentioned above, studied authenticity protocol used in Linux to test the authenticity of the wearer, in order to create a program that utilizes the above method to exchange messages to verify the authenticity of the user
PALPAS - PAsswordLess PAssword Synchronization
Tools that synchronize passwords over several user devices typically store
the encrypted passwords in a central online database. For encryption, a
low-entropy, password-based key is used. Such a database may be subject to
unauthorized access which can lead to the disclosure of all passwords by an
offline brute-force attack. In this paper, we present PALPAS, a secure and
user-friendly tool that synchronizes passwords between user devices without
storing information about them centrally. The idea of PALPAS is to generate a
password from a high entropy secret shared by all devices and a random salt
value for each service. Only the salt values are stored on a server but not the
secret. The salt enables the user devices to generate the same password but is
statistically independent of the password. In order for PALPAS to generate
passwords according to different password policies, we also present a mechanism
that automatically retrieves and processes the password requirements of
services. PALPAS users need to only memorize a single password and the setup of
PALPAS on a further device demands only a one-time transfer of few static data.Comment: An extended abstract of this work appears in the proceedings of ARES
201
GOTCHA Password Hackers!
We introduce GOTCHAs (Generating panOptic Turing Tests to Tell Computers and
Humans Apart) as a way of preventing automated offline dictionary attacks
against user selected passwords. A GOTCHA is a randomized puzzle generation
protocol, which involves interaction between a computer and a human.
Informally, a GOTCHA should satisfy two key properties: (1) The puzzles are
easy for the human to solve. (2) The puzzles are hard for a computer to solve
even if it has the random bits used by the computer to generate the final
puzzle --- unlike a CAPTCHA. Our main theorem demonstrates that GOTCHAs can be
used to mitigate the threat of offline dictionary attacks against passwords by
ensuring that a password cracker must receive constant feedback from a human
being while mounting an attack. Finally, we provide a candidate construction of
GOTCHAs based on Inkblot images. Our construction relies on the usability
assumption that users can recognize the phrases that they originally used to
describe each Inkblot image --- a much weaker usability assumption than
previous password systems based on Inkblots which required users to recall
their phrase exactly. We conduct a user study to evaluate the usability of our
GOTCHA construction. We also generate a GOTCHA challenge where we encourage
artificial intelligence and security researchers to try to crack several
passwords protected with our scheme.Comment: 2013 ACM Workshop on Artificial Intelligence and Security (AISec
S-Mbank: Secure Mobile Banking Authentication Scheme Using Signcryption, Pair Based Text Authentication, and Contactless Smartcard
Nowadays, mobile banking becomes a popular tool which consumers can conduct
financial transactions such as shopping, monitoring accounts balance,
transferring funds and other payments. Consumers dependency on mobile needs,
make people take a little bit more interest in mobile banking. The use of the
one-time password which is sent to the user mobile phone by short message
service (SMS) is a vulnerability which we want to solve with proposing a new
scheme called S-Mbank. We replace the authentication using the one-time
password with the contactless smart card to prevent attackers to use the
unencrypted message which is sent to the user's mobile phone. Moreover, it
deals vulnerability of spoofer to send an SMS pretending as a bank's server.
The contactless smart card is proposed because of its flexibility and security
which easier to bring in our wallet than the common passcode generators. The
replacement of SMS-based authentication with contactless smart card removes the
vulnerability of unauthorized users to act as a legitimate user to exploit the
mobile banking user's account. Besides that, we use public-private key pair and
PIN to provide two factors authentication and mutual authentication. We use
signcryption scheme to provide the efficiency of the computation. Pair based
text authentication is also proposed for the login process as a solution to
shoulder-surfing attack. We use Scyther tool to analyze the security of
authentication protocol in S-Mbank scheme. From the proposed scheme, we are
able to provide more security protection for mobile banking service.Comment: 6 page
Oblivious Transfer based on Key Exchange
Key-exchange protocols have been overlooked as a possible means for
implementing oblivious transfer (OT). In this paper we present a protocol for
mutual exchange of secrets, 1-out-of-2 OT and coin flipping similar to
Diffie-Hellman protocol using the idea of obliviously exchanging encryption
keys. Since, Diffie-Hellman scheme is widely used, our protocol may provide a
useful alternative to the conventional methods for implementation of oblivious
transfer and a useful primitive in building larger cryptographic schemes.Comment: 10 page
- …