A Novel Method for Graphical Password Mechanism

For the verification of authorized users in computer systems, various text based or biometrics methods are used. But these methods have some drawbacks. It is difficult to remember and recall the textual i.e. alphanumeric passwords. To avoid this drawback users prefer to create effortless, short, easy and insecure passwords which are easily guessable by hacker and this makes the system more vulnerable to attacks. On other hand, verification mechanisms based on biometrics offers security to a good extents. But they are quite luxurious for implementation. Cost becomes a key factor in the case of biometrics. Also any injury to the body part used in biometric authorization results in denial of access or performance issues. Graphical password provides another way by providing passwords that are more protected and unforgettable in a reasonable price. In this system, user clicks on images instead of typing passwords for accessing the system. This paper describes and examines usability and security of graphical password mechanism for authentication using graphical passwords. Proposed system describes characteristics for security and performed empirical study comparing Graphical password mechanism with Biometric passwords and alphanumeric password. DOI: 10.17762/ijritcc2321-8169.15013

A Protected Single Sign-On Technique Using 2D Password in Distributed Computer Networks

Single Sign-On (SSO) is a new authentication mechanism that enables a legal user with a single credential to be authenticated by multiple service providers in a distributed computer network. Recently, a new SSO scheme providing well-organized security argument failed to meet credential privacy and soundness of authentication. The main goal of this project is to provide security using Single Sign-On scheme meeting at least three basic security requirements, i.e., unforgetability, credential privacy, and soundness. User identification is an important access control mechanism for client–server networking architectures. The concept of Single Sign-On can allow legal users to use the unitary token to access different service providers in distributed computer networks. To overcome few drawbacks like not preserving user anonymity when possible attacks occur and extensive overhead costs of time-synchronized mechanisms, we propose a secure Single Sign-On mechanism that is efficient, secure, and suitable for mobile devices in distributed computer networks. In a real-life application, the mobile user can use the mobile device, e.g., a cell phone, with the unitary token to access multiservice, such as downloading music; receive/reply electronic mails etc. Our scheme is based on one-way hash functions and random nonce to solve the weaknesses described above and to decrease the overhead of the system. The proposed scheme is more secure with two types of password scheme namely, Text password and Graphical Password referred as 2D password in distributed computer networks that yields a more efficient system that consumes lower energy. The proposed system has less communication overhead. It eliminates the need for time synchronization and there is no need of holding multiple passwords for different services

Patient Preferences for Authentication and Security: A Comparison Study of Younger and Older Patients

We examine authentication and security preferences of younger versus older patients in the healthcare domain. Previous research has investigated users\u27 perception of the acceptability of various forms of authentication in nonhealthcare domains, but not patients’ preferences. First, we developed an interactive prototype to test three authentication methods: passwords, pattern, and voice. Our results indicate that younger patients prefer passwords by a significant margin. Older patients indicated more mixed preferences. In addition, we evaluated the level of security patients desired for protection of health information compared to financial information. We found no difference based on age: both groups felt financial security is more important than health data security. The findings of this research can be used to improve and enhance usability of future PHRs and overall PHR usage by patients. While this study is specific to cardiology patients we believe the results are generalizable to all patients with chronic conditions

IEDs on the Road to Fingerprint Authentication : Biometrics have vulnerabilities that PINs and passwords don't

Almost every 2016 flagship mobile phone, whether Android or iOS-based, is set to come with an integrated fingerprint reader. The convenience benefits of fingerprint readers are clear to users, but is the underlying technology really ready for widespread adoption? This article explores some of the background of the challenge of secure user authentication on mobile devices, as well as recent weaknesses identified in the handling of fingerprints on many consumer devices. It also considers legislatory and social implications of the widespread adoption of fingerprint authentication. Finally, it attempts to look forward to some resulting problems we may encounter in the future

Biometrics and the United Kingdom National Identity Register: Exploring the privacy dilemmas of proportionality and secondary use of biometric information

Despite the obvious importance of privacy concerns in the information age, “privacy” remains a messy concept in the academic literature. Scholars are thus attempting to clarify and systematize the privacy concept. They have proposed two important dimensions of privacy concerns: 1) proportionality, or the adequate, relevant and non-excessive collection of personal data, and 2) secondary usage, or the prohibition of subsequent, unspecified uses of personal information. This paper takes measure of the proportionality and potential secondary uses of biometric data in the proposed United Kingdom (UK) National Identity Register (NIR). It argues that the UK Identity Cards Act 2006 fails to guard against violations of the principles of proportionality and secondary usage of biometric data. After reviewing the modern literature on informational privacy protection, I analyze biometrics and their privacy implications. I then discuss these implications in the context of the UK government’s NIR plans. The analysis yields insights into how biometrics on the proposed NIR interplay with purpose specifications, architectural concerns, knowledge asymmetries and public anxieties. I also explore potential secondary uses of the types of biometric data that could be stored in the NIR. Last, a brief note is offered about the possible means of regulating against privacy infringements

AN EMPIRICAL STUDY OF CYBER SECURITY PERCEPTIONS, AWARENESS AND PRACTICE

ABSTRAC

Secure eHealth-Care Service on Self-Organizing Software Platform

There are several applications connected to IT health devices on the self-organizing software platform (SoSp) that allow patients or elderly users to be cared for remotely by their family doctors under normal circumstances or during emergencies. An evaluation of the SoSp applied through PAAR watch/self-organizing software platform router was conducted targeting a simple user interface for aging users, without the existence of extrasettings based on patient movement. On the other hand, like normal medical records, the access to, and transmission of, health information via PAAR watch/self-organizing software platform requires privacy protection. This paper proposes a security framework for health information management of the SoSp. The proposed framework was designed to ensure easy detection of identification information for typical users. In addition, it provides powerful protection of the user’s health information

On the Usability of Next-Generation Authentication: A Study on Eye Movement and Brainwave-based Mechanisms

Passwords remain a widely-used authentication mechanism, despite their well-known security and usability limitations. To improve on this situation, next-generation authentication mechanisms, based on behavioral biometric factors such as eye movement and brainwave have emerged. However, their usability remains relatively under-explored. To fill this gap, we conducted an empirical user study (n=32 participants) to evaluate three brain-based and three eye-based authentication mechanisms, using both qualitative and quantitative methods. Our findings show good overall usability according to the System Usability Scale for both categories of mechanisms, with average SUS scores in the range of 78.6-79.6 and the best mechanisms rated with an "excellent" score. Participants particularly identified brainwave authentication as more secure yet more privacy-invasive and effort-intensive compared to eye movement authentication. However, the significant number of neutral responses indicates participants' need for more detailed information about the security and privacy implications of these authentication methods. Building on the collected evidence, we identify three key areas for improvement: privacy, authentication interface design, and verification time. We offer recommendations for designers and developers to improve the usability and security of next-generation authentication mechanisms

Influencing users towards better passwords: Persuasive cued click-points

Usable security has unique usability challenges because the need for security often means that standard human-computerinteraction approaches cannot be directly applied. An important usability goal for authentication systems is to support users in selecting better passwords, thus increasing security by expanding the effective password space. In click-based graphical passwords, poorly chosen passwords lead to the emergence of hotspots ' portions of the image where users are more likely to select click-points, allowing attackers to mount more successful dictionary attacks. We use persuasion to influence user choice in click-based graphical passwords, encouraging users to select more random, and hence more secure, click-points. Our approach is to introduce persuasion to the Cued Click-Points graphical password scheme (Chiasson, van Oorschot, Biddle, 2007). Our resulting scheme significantly reduces hotspots while still maintaining its usability

Access Policies in Institutional Digital Repositories: Analysis of Global Trends

This paper compared and contrasted the open access (OA) self-archiving policies of different organizations registered in OpenDOAR, ROAR and ROARMAP databases. It highlights and discusses key policies along with several issues to suggest an institute-specific model policy framework in the line of recommendations and best practises of IDRs (Institutional Digital Repositories) listed in global tertiary sources in green open access ROARMAP, OpenDOAR and ROAR. This paper focuses on IDR policy issues concerning rights, access, and user interfaces. A total of 66 repositories have been selected after overlap checking and based on the selection parameters mentioned in the methodology section. It has been discovered that most IDRs lack policies in the four areas mentioned. Several policy issues are missing, and some of the policy issues used by these repositories are still being developed and improved. Based on the study, some suggestions for the development of IDR policies have been made. It has implications for administrators, funding agencies, policymakers, and professional librarians in developing repository policies of their own