45 research outputs found

    Authentication and transaction verification using QR codes with a mobile device

    Get PDF
    User authentication and the verification of online transactions that are performed on an untrusted computer or device is an important and challenging problem. This paper presents an approach to authentication and transaction verification using a trusted mobile device, equipped with a camera, in conjunction with QR codes. The mobile device does not require an active connection (e.g., Internet or cellular network), as the required information is obtained by the mobile device through its camera, i.e. solely via the visual channel. The proposed approach consists of an initial user authentication phase, which is followed by a transaction verification phase. The transaction verification phase provides a mechanism whereby important transactions have to be verified by both the user and the server. We describe the adversarial model to capture the possible attacks to the system. In addition, this paper analyzes the security of the propose scheme, and discusses the practical issues and mechanisms by which the scheme is able to circumvent a variety of security threats including password stealing, man-in-the-middle and man-in-the-browser attacks. We note that our technique is applicable to many practical applications ranging from standard user authentication implementations to protecting online banking transactions

    NETWORK INTRUSION DETECTION SYSTEM

    Get PDF
    This report discusses the research done on the chosen topic, which is Network Intrusion Detection System. This project shows that monitoring and detection of the network will reduce the down time of the network and reducing future attacks. In addition, acomprehensive and organised analysis is conducted to verify the causes of the attack. It has been found that most household internet user lacks the means to strengthen their internet connection or networking system. The problem of this project is an unauthorised access into a home networking system that may cause harm by stealing private and confidential information as firewall and anti-virus won’t be sufficient against a determine attacker. The scope for this project is to develop an intrusion detection system that will improve the security of home network as that is the potential user of this system. The objective of this project is to investigate the methods needed to detect any unauthorised access into a home networking system. The detection system will use an open source system that are readily available but will be tuned for the usage of home user and based on Windows operating system. The literature review component talks about all the research that has being done prior to the pre-development and post-development of the project. All about intrusion detection and prevention system and its research are further discussed in detail. In methodology section, it will discuss regarding the usage of Iteration Development Model as the methodology used in developing this project. In the results and discussions section, the preliminary findings consist of the findings from literature review research, own research and the use case diagrams of the system. Then, the prototype development process and results together with the testing results will be discussed in detail. All the justifications are made clearly. In the recommendations section, all the related recommendations and some improvements that can be done for the future of this project are listed and elaborated. The conclusion section concludes the overall project. The project phases are also being discussed in detail. The project will focus on developing a network intrusion detection system for Windows-based operating system

    Pico: No More Passwords!

    Get PDF
    Abstract. From a usability viewpoint, passwords and PINs have reached the end of their useful life. Even though they are convenient for implementers, for users they are increasingly unmanageable. The demands placed on users (passwords that are unguessable, all different, regularly changed and never written down) are no longer reasonable now that each person has to manage dozens of passwords. Yet we can’t abandon passwords until we come up with an alternative method of user authentication that is both usable and secure. We present an alternative design based on a hardware token called Pico that relieves the user from having to remember passwords and PINs. Unlike most alternatives, Pico doesn’t merely address the case of web passwords: it also applies to all the other contexts in which users must at present remember passwords, passphrases and PINs. Besides relieving the user from memorization efforts, the Pico solution scales to thousands of credentials, provides “continuous authentication ” and is resistant to brute force guessing, dictionary attacks, phishing and keylogging. 1 Why users are right to be fed up Remembering an unguessable and un-brute-force-able password was a manageable task twenty or thirty years ago, when each of us had to use only one or two. Since then, though, two trends in computing have made this endeavour much harder. First, computing power has grown by several orders of magnitude: once upon a time, eight characters were considered safe from brute force 1; nowadays, passwords that are truly safe from brute force and from advanced guessing attacks 2 typically exceed the ability of ordinary users to remember them 3 4. Second, and most important, the number of computer-based services with which It’s OK to skip all these gazillions of footnotes

    Investigating Information Structure of Phishing Emails Based on Persuasive Communication Perspective

    Get PDF
    Current approaches of phishing filters depend on classifying messages based on textually discernable features such as IP-based URLs or domain names as those features that can be easily extracted from a given phishing message. However, in the same sense, those easily perceptible features can be easily manipulated by sophisticated phishers. Therefore, it is important that universal patterns of phishing messages should be identified for feature extraction to serve as a basis for text classification. In this paper, we demonstrate that user perception regarding phishing message can be identified in central and peripheral routes of information processing. We also present a method of formulating quantitative model that can represent persuasive information structure in phishing messages. This paper makes contribution to phishing classification research by presenting the idea of universal information structure in terms of persuasive communication theories
    corecore