Improved Password Authentication System against Password attacks for web Applications
| International Journal of Computer Trends and Technology (IJCTT) | |
© - August Issue 2013 by IJCTT Journal | ||
Volume-4 Issue-8 | ||
Year of Publication : 2013 | ||
Authors :Dr.P.Pandarinath, Vaishnavi Yalamanchili |
Dr.P.Pandarinath, Vaishnavi Yalamanchili "Improved Password Authentication System against Password attacks for web Applications"International Journal of Computer Trends and Technology (IJCTT),V4(8):2878-2883 August Issue 2013 .ISSN 2231-2803.www.ijcttjournal.org. Published by Seventh Sense Research Group.
Abstract:- Password security is important for user authentication on small networking system as well as large networking system. Till today many researchers introduced various practices to protect passwords on network. Passwords prone to various types of attacks like brute force attack, password stealing attack, password reuse attack, password cracking attack, etc. To scale back the harm of phishing and spyware attacks, banks, governments, as well as other security-sensitive industries are deploying one-time password systems, where users have numerous passwords and utilize each password only once in the existing approach using opass. Unfortunately, the password entropy that users can comfortably memorize seems insufficient to build up unique, secure passwords for all those these accounts, and it will be likely to remain constant as the range of passwords. In existing work a user authentication protocol named oPass which leverages a user’s cellphone and short message service to secure password stealing and password reuse attacks is designed[2]. oPass only requires each participating website possesses a unique telephone number, and involves a telecommunication service specialist in registration and recovery phases. But existing system entirely depends on telecommunication service provision and users contact number . Existing oPass approach is a bit more cost effective . Within this proposed system , we propose a method that utilizes a strengthened cryptographic hash function to compute secure passwords for arbitrarily many accounts while requiring the user to memorize merely a single short password. This mechanism functions entirely on the client; no server-side changes are needed. In our proposed system we implemented email service in order to recover the users password after registration. Proposed System framework generates strong passwords by enhancing the hash function utilizing a large random salt. Using the support of a salt repository, it gains a significantly stronger security guarantee than existing mechanisms. Proposed approach is less vulnerable to of?ine attacks, and this provides stronger protection against password theft. Our system is less cost effective and better defense mechanism against attacks.
References-
[1] ProcurePass: A User Authentication Protocol to Resist Password Stealing and Password reuse Attacks Mariam M. Kassim, A. Sujitha B.Tech., M.E. International Journal of Scientific & Engineering Research, Volume 4, Issue 6, June-2013 57 ISSN 2229-5518
[2] oPass: A User Authentication Protocol Resistant to Password Stealing and Password Reuse Attacks Hung-Min Sun.
[3]Yao-Hsin Chen, and Yue-Hsun Lin IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 7, NO. 2, APRIL 2012.
[4] J. Thorpe and P. van Oorschot, ?Towards secure design choices for im-plementing graphical passwords, presented at the 20th. Annu. Com-puter Security Applicat. Conf, 2004.
[5] S.Wiedenbeck, J. Waters, J.-C. Birget, A. Brodskiy, and N. Memon,?Passpoints: Design and longitudinal evaluation of a graphical pass-word system,Int. J. Human-Computer Studies, vol. 63, no. 1–2, pp.102–127, 2005.
[6] B. Pinkas and T. Sander, ?Securing passwords against dictionary at-tacks, inCCS ’02: Proc. 9th ACM Conf. Computer Communications Security, New York, 2002, pp. 161–170, ACM.
[7] J. A. Halderman, B. Waters, and E. W. Felten, ?A convenient method for securely managing passwords, inWWW ’05: Proc. 14th Int. Conf. World Wide Web, New York, 2005, pp. 471–479, ACM.
[8] K.-P. Yee and K. Sitaker, ?Passpet: Convenient password management and phishing protection, inSOUPS 06: Proc. 2nd Symp. Usable Pri-vacy Security,New York,2006,pp.32–43,ACM.
[9] L. Lamport,, ?Password authentication with insecure communication, Commun. ACM, vol. 24, pp. 770–772, Nov. 1981.
[10] H. Krawczyk, ?The order of encryption and authentication for pro-tecting communications (or: How secure is SSL?), inAdvances Cryp-tology—CRYPTO 2001, 2001, pp. 310–331.
Keywords : — Password Protection, Authentication, Hashing, TSP,Telecommunications,SMS.