Vol. 8, No. 7, 2017 A Text Based Authentication Scheme For .
(IJACSA) International Journal of Advanced Computer Science and Applications,Vol. 8, No. 7, 2017A Text based Authentication Scheme for ImprovingSecurity of Textual PasswordsShah Zaman NizamaniTariq Jamil KhanzadaDepartment of Information TechnologyQuaid-e-Awam University of Engineering, Science &Technology, PakistanDepartment of Computer Systems EngineeringMehran University of Engineering & Technology, PakistanSyed Raheel HassanMohd Zalisham JaliDepartment of Computer Systems EngineeringQuaid-e-Awam University of Engineering, Science &Technology, PakistanFaculty of Science and TechnologyUniversiti Sains Islam (USIM), MalaysiaAbstract—User authentication through textual passwords isvery common in computer systems due to its ease of use. Howevertextual passwords are vulnerable to different kinds of securityattacks, such as spyware and dictionary attacks. In order toovercome the deficiencies of textual password scheme, manygraphical password schemes have been proposed. The proposedschemes could not fully replace textual passwords, due to usabilityand security issues. In this paper a text based user authenticationscheme is proposed which improves the security of textualpassword scheme by modifying the password input method andadding a password transformation layer. In the proposed schemealphanumeric password characters are represented by randomdecimal numbers which resist online security attacks such asshoulder surfing and key logger attacks. In the registration process password string is converted into a completely new string ofsymbols or characters before encryption. This strategy improvespassword security against offline attacks such as brute-force anddictionary attacks. In the proposed scheme passwords consistof alphanumeric characters therefore users are not required toremember any new kind of passwords such as used in graphicalauthentication. Hence password memorability burden has beenminimized. However mean authentication time of the proposedscheme is higher than the textual password scheme due to thesecurity measures taken for the online attacks.Keywords—Password security; security; usability; alphanumericpasswords; authenticationI.I NTRODUCTIONDespite of many weaknesses user authentication throughtextual passwords is widely used since long time. In textualpassword scheme credentials are directly inserted into loginfields, which results in easy capture of password throughspyware attack, and shoulder Surfing attack [1]. Other problemwith textual password scheme is that users tend to set shortand easy to remember passwords, such passwords are easy tobreak through brute force or dictionary attack [2]. Thereforeusers are restricted to add numbers or special characters intheir passwords but such policies make the passwords hard toremember.By recognizing the memorability and security issues in textual passwords, researchers proposed different graphical password techniques. In this category of authentication passwordsare consist of some pictures, lines or x, y coordinates insidea picture. Generally graphical passwords have memorabilityadvantage over textual passwords because visual informationis easy to remember and recall than alphanumeric characters[3] [4]. While security and usability of graphical passwordtechniques varies from one scheme to another.Graphical password technique was first proposed by Blonder [5] in 1996, since then many graphical password techniquesare proposed but none has replaced textual password scheme.Shoulder surfing and spyware attacks are common threat todifferent graphical password schemes. Android unlock scheme[6], is the only graphical password scheme being largelyused in smart phones because the scheme is easy to use.Although this technique has many security weaknesses suchas shoulder surfing attack but due to nature of the device,attackers have very little access to launch security attacks. Dueto security weaknesses Android unlock scheme is not used inonline systems for authentication. Secure graphical passwordschemes have timing and adoptability issues. Such schemesrequire large amount of physical and mental work to do forauthentication and users have to remember different kinds ofpasswords that is why many usability issues arises.User authentication can be made secure by biometric ortoken based authentication techniques but they require specialhardware for processing. The other easy to use authenticationoption remains the knowledge based technique. Authenticationthrough this technique is improved by two approaches. In first,different graphical password schemes have been proposed,while in second approach schemes are suggested by enhancingor mixing text based and graphical password techniques.In this paper second approach has been taken for improving the security of traditional textual passwords. Proposedscheme provides enhancements in the login screen and theway passwords are stored into the database. In the loginscreen every time user inserts a new set of numbers whichwww.ijacsa.thesai.org513 P a g e
(IJACSA) International Journal of Advanced Computer Science and Applications,Vol. 8, No. 7, 2017represent the password, therefore proposed scheme providesresistance from spyware and man-in-the middle attacks. In theproposed password storage technique, alphanumeric charactersof a user’s password are transformed to different alphanumericcharacters and symbols and then stored into database. Thispassword transformation makes harder to apply dictionary andbrute force attacks.The remaining paper is divided into six sections. In section 2 literature review is given regarding the field of userauthentication. Proposed authentication scheme along withtechnique to store passwords are explained in section 3. Insection 4 analysis of the proposed scheme is given with respectto security, usability and memorability. Proposed scheme iscompared with famous authentication techniques in section 5.Finally conclusion is given in section 6.II.L ITERATURE R EVIEWUser authentication works on the basis of something userknows (Knowledge-based), something user has (token-based)or something user are (Biometric). Focus of this researchis to design an efficient user authentication scheme underthe category of knowledge-based authentication. Thereforeliterature review targets knowledge-based authentication. Thissection has been divided into two parts in first, differentuser authentication schemes are discussed which are relatedwith the research work. In the second part, problems in userauthentication schemes are briefly discussed.A. Related workZhao and Li [7] proposed some changes in textual password scheme for adding resistance to shoulder surfing attackand called the scheme as S3PAS. In this scheme registrationprocess is same as textual password scheme but the login process is different. In the login screen alphanumeric charactersare randomly shown in the image format and a user has to clickon the logical triangles formed by the password elements ortype characters which belong to each password triangle. S3PASscheme provides resistance from shoulder surfing, keystrokelogger and mouse logger attacks. Searching password trianglesis time consuming task, therefore this scheme is very difficultto use. The scheme is also vulnerable to dictionary and bruteforce attacks.Ziran et.al [8] proposed a text-based password scheme. Inthis scheme a user set password by drawing a shape inside aregistration screen. In the login screen a grid filed with 0sand 1s are randomly shown, a user is required to insert alist of 0s and 1s, such that they form the shape of password.Proposed scheme provides resistance from spyware attacks butthe scheme is vulnerable to brute force, dictionary and shouldersurfing attacks.Chen et al. [9] proposed a mixed textual and graphicalpassword scheme for resisting shoulder surfing attack. In thisscheme passwords consist of some characters and numbersalong with a colour. In the login screen characters and numbersare shown in circular format. Password is entered by rotatingpassword characters in front of the colour chosen during registration. Proposed scheme does not contain symbols therefore ithas small password space and password entry process requiresphysically efforts.Rao and Yalamanchili [10] proposed an authenticationscheme known as Pair Pass Char (PPC), in this scheme registration process is same as ordinary textual password scheme.In the login screen all alphanumeric characters are shown in10 * 10 grid. For password entry a user has to search logicalrectangles, formed by different pairs of password charactersand then click on the corner characters of the rectangles. Thescheme contain different rules for rectangle searching thereforethe scheme is difficult to learn. Average authentication time for6 characters password is 47.4 seconds which is quite high.First graphical password scheme was proposed by Blonder[5]. He proposed a scheme where a password consists ofcertain points inside a password picture. Blonder’s scheme hasmany security issues such as shoulder surfing attack and mouselogger attack. Wiedenbeck [11] proposed “PassPoint” schemebased upon Blonder’s scheme. In PassPoint scheme users havefreedom to click on any point inside the password picture,this freedom was not available in Blonders scheme. Passpointscheme is better than Blonders scheme with respect to bruteforce and dictionary attacks but it is not resilient to shouldersurfing and spyware attacks.Wiedenbeck et al. [12] proposed a shoulder surfing resilientgraphical password scheme known as CHC (Convex HullClick). In this scheme users are given multiple challenges forauthentication. In each challenge users have to find out threepassword images and then need to click inside an invisibletriangle formed by the password images. This scheme providesresistant from shoulder surfing attack but authentication timeis 71.66 seconds which is quite high.Lopez et al. [13] suggested a challenge response basedshoulder surfing and spyware attack resilient graphical password scheme. In this scheme three images per row are shownin the login screen. A user has to identify whether numberof password images are even or odd in different rows. Thescheme is weak with respect to brute force attack becausesmall number of images are used in this scheme. Combinedscreen scrapper and key logger attack become successful aftermultiple rounds of recordings.Weinshall [14] proposed a recognition based graphicalpassword scheme known as cognitive authentication scheme. Itprovides resistance form key logger and mouse logger spywareattacks. In the the scheme, 80 icons are presented into 8 *10 grid based login screen. Password icons are selected bycomputing a path generated by the icons. Learnability and highauthentication time are the issues with this scheme.Google introduced android unlock scheme, in which ninepoints are given into a 3 * 3 grid based login screen. Passwordof the scheme consists of some lines inside the grid. Thisscheme is very easy to use but the passwords can be capturedby shoulder surfing attack and the scheme also provides lowpassword space [6]. Microsoft introduced a graphical passwordscheme in windows 8, in which passwords consist of somepoints, lines or circles inside a picture. This scheme is alsovery easy to use but it has Hot-Spot and shoulder surfing issues[15].Akpulat et al. [16] proposed a hybrid graphical passwordscheme known as T&C. In hybrid schemes multiple userauthentication schemes are combined into single scheme. Inthis scheme passwords are consist of alphanumeric characterswww.ijacsa.thesai.org514 P a g e
(IJACSA) International Journal of Advanced Computer Science and Applications,Vol. 8, No. 7, 2017and a location inside a picture. Users enter alphanumeric partof a password in text field through keyboard while locationis identified through mouse. Usability is not a big issues inT&C scheme but passwords can be captured by online attacks,because they are directly inserted into the login screen. Anotherhybrid graphical password scheme was proposed by Alsaiari etal. [17], the scheme is known as Gotpass. GOTPass scheme isdesigned by combining properties of Android unlick, Deja Vuand textual password schemes. For authentication a user hasto draw password lines and insert some codes which representdifferent password images. The scheme provide resistancefrom key logger, mouse logger and dictionary attacks butcombined screen scrapper and key-mouse logger attacks canreveal passwords. This scheme has many usability issues suchas high error rate and authentication time. This scheme alsorequires large amount of information to memorize.III.P ROPOSED AUTHENTICATION S CHEMEIn this research a user authentication scheme is proposedwhich reduces the security weaknesses of textual passwordscheme. The proposed scheme has two common authenticationphases which are registration and login. Registration phase issame as ordinary textual password scheme but passwords aresaved with different methodology. In the login phase changesare made in password entry screen and password verificationprocess. Both phases are explained here.A. Registration PhaseIn this phase authentication information of a new user isregistered. In the proposed scheme registration information istaken in same way as in ordinary textual password scheme.Therefore registration process is required to be executed ina secure machine and environment, where no one shouldbe able to monitor the process. A secure channel shouldbe used during registration time such as SSL/TLS [18] [19]for collecting password from a user. Generally registrationphase is consist of three layers, which are password collection,password encryption and password storage into the database.In order to improve the password security from offline guessingattacks, transformation layer is added into the registrationphase. The transformation layer is described here.Majority of the users create password from less than 13alphanumeric characters [20], therefore effective passwordspace can be described with equation 2.12X94Xi 194i(1)(2)i 1In order to decrypt a password, attackers need to check allthe passwords belong to effective password space or in specialcase theoretical password space. Password transformation layerhelps in increasing the size of theoretical and effective password space by adding symbols along with 94 alphanumericcharacters.Password transformation can be static or dynamic. In statictransformation, same password of different users generatesame transformed string. While in dynamic transformation,different transformed strings are generated from same password of different users. Password transformation can be carriedout with many techniques, for example one strategy for statictransformation is described using the following steps.(i) Create a list of alphanumeric characters as shown in TableI. The table contains all 94 alphanumeric characters.(ii) Create a combined alphanumeric characters and symbolslist as shown in Table II. The list may be consist of morethan two hundred elements.(iii) Find out the index number in Table I, which belongs tofirst character of a password.(iv) Get an element from Table II, which has same indexnumber generated from previous step. The element wouldbe transformed character or symbol.(v) Fetch index number of next character of the passwordfrom Table I.(vi) Sum previous index and current index of the elements,generated from Table I.(vii) Fetch an element from Table II, which has the indexnumber generated after summation in step vi.(viii) Step v to vii will continue until all password charactersare transformed.TABLE I.L IST OF ALPHANUMERIC CHARACTERSindex1234567.94B. Password TransformationIn this layer alphanumeric characters of a password areconverted into different alphanumeric character or symbols.Password transformation helps in resisting from brute forceand dictionary attacks. For resisting brute force attack, theoretical password space and effective password space needto be high. Theoretical password space is the total numberof passwords available in an authentication scheme, whileeffective password space is the total number of passwordsbeing used by the users inside a scheme. Theoretical Passwordspace and effective password space are increased by addingpassword transformation layer into the proposed scheme. Standard keyboard contains 94 alphanumeric characters excludingspace key, therefore theoretical password space of textualpassword can be described with equation 1.94icharacterabcdefg.9With the above transformation method the password “bdg”will be transformed to “βYσ” through the following steps, ifthe alphanumeric characters are stored in the form of Table Iand symbols are is stored in the form of Table II.(i) System picks the index of first password character ‘b’from Table I. The index of ‘b’ is ‘2’.(ii) System gets an element from Table II which has index‘2’ . In this case the element is ’β’.(iii) System fetches index of second password character ‘d’from Table I. The index of ‘d’ is ‘4’.www.ijacsa.thesai.org515 P a g e
(IJACSA) International Journal of Advanced Computer Science and Applications,Vol. 8, No. 7, 2017TABLE II.L IST OF SYMBOLS AND ALPHANUMERIC �χgσ.Through algorithm 1, every alphanumeric character isassigned a random decimal number within the range of 0 to 9.All alphanumeric characters and their corresponding decimalnumbers are saved into session variable for password matching.Algorithm 1 Numbers to characters mapping1: alphaNum List of alphanumeric characters2: counter 0(iv) System generates new index ‘6’ by adding current index‘4’ with previous index ‘2’.(v) System fetches an element from Table II which has theindex ‘6’. In this case the element is ‘Y’.(vi) System picks the index of last password character ‘g’from Table I. Here the index of ‘g’ is ‘7’.(vii) System generates index “11” by adding current index ‘7’with previous index ‘4’.(viii) System fetches an element which has index “11” in TableII. In this case the element is ‘σ’.Dynamic password transformation is also achieved by different methods, one of the method is password concatenation.In this method before applying password transformation steps,some characters are added into the password of a user. Forexample first three characters of user’s email address canbe concatenated with the password. Every user has differentemail address, therefore same password of two users will havedifferent transformed string.C. Login PhaseAuthentication process of the proposed scheme is differentfrom ordinary textual password scheme. In the password fieldusers need to enter decimal numbers which represent thealphanumeric character of their password. For authentication,decimal numbers entered by a user are mapped into alphanumeric characters and then the characters are matched againststored password. Login phase is further divided into threeparts, which are login screen generation, password entry andpassword matching.1) Login Screen Generation: Login screen is a mediumthrough which authentication information is collected and sentto a server. Login screen of the proposed scheme contains allalphanumeric characters along with some numbers as shownin Figure 1.The alphanumeric characters are represented by decimalnumbers from 0 to 9 (total 10 numbers). Each decimal numberis assigned to 9 or 10 alphanumeric characters, because 94alphanumeric characters are shown in the login screen andthey are represented by 10 decimal numbers.Each time a user opens the login page, the decimal numbersare randomly assigned to the alphanumeric characters. Forexample characters (g m x F G P X ) ) are representedby decimal number ‘4’ in the login screen as shown in Figure1. While in another session the alphanumeric characters (f h ry O X [ ]) are assigned to the same decimal number ‘4’ asshown in Figure 2.3:4:5:6:7:8:9:10:comment: Each decimal number is stored 10 timesfor i 0 to 9 dofor j 0
User authentication works on the basis of something user knows (Knowledge-based), something user has (token-based) or something user are (Biometric). Focus of this research is to design an efficient user authentication scheme under the category of knowledge-based authentication. Therefore literature review targ
Menschen Pagina 20 Schritte international Neu Pagina 22 Motive Pagina 24 Akademie Deutsch Pagina 25 Starten wir! Pagina 26 Themen aktuell Pagina 28 em neu Pagina 29 Sicher! Pagina 30 Vol A1 1 Vol A1 Vol 1 Vol 1 2 Vol unico Vol 1 Volume 1 Volume 1 Vol 1 Vol 1 1 Vol A1 2 Vol 2 Vol 1 2 Vol A2 1 Vol A2 Vol 3 Vol
Akenson, Donald Harman Vol 8: 10 Alan, Radous, at Agincourt Vol 12: 1 Albert, King Vol 7: 45, 47 Albert, Prince Vol 12: 17; Vol 14: 1 Alden, John Vol 5: 34; Vol 9: 18 Alexander III Vol 13: 24 Aleyn, John, at Agincourt Vol 12: 1 Allen, Pat Vol 10: 44 Alling Vol 4: 26 Amore, Shirley Vol 12: 3 Anderson, Robert Vol 10: 46 Anderson, Virginia DeJohn .
Class- VI-CBSE-Mathematics Knowing Our Numbers Practice more on Knowing Our Numbers Page - 4 www.embibe.com Total tickets sold ̅ ̅ ̅̅̅7̅̅,707̅̅̅̅̅ ̅ Therefore, 7,707 tickets were sold on all the four days. 2. Shekhar is a famous cricket player. He has so far scored 6980 runs in test matches.
Accreditation Programme for Nursing and Midwifery . Date of submission of report to Bangladesh Nursing and Midwifery Council_ 2) The Review Team During the site visit, the review team members validate the self-assessment for each of the criteria. . as per DGNM guideline. Yes ⃝No
Grade (9-1) _ 58 (Total for question 1 is 4 marks) 2. Write ̇8̇ as a fraction in its simplest form. . 90. 15 blank Find the fraction, in its
Canadian Journal of Mathematics, Vol.2 (1950) to Vcl.19 Canadian J. (1967) (Canada) Makh. Comptes Rendus, Des Seances de l'Acaddmie des Sciences. Comptes Paris, Vol.230 (1950) to Vol.265 (1967) (France) Rendus Crod Science, Vol.1 (1961) to Vol.7 (1967) (U.S.) Crop Sci. Current Science, Vol.19 (1950) to Vol.36 (1967) (India) Current Scd. Der .
Vino Nobile Di Montepulciano Riserva Primitivo Di Manduria I.G.T Nero D’Avola I.G.T., Sicilia Salice Salentino Riserva Peppoli Antinori 2013, Chianti classico 13,5 % Vol 14 % Vol 13,5 % Vol 13,5 % V 13,5 % Vol 14 % Vol 13 % Vol Tignanello 201313 % Vol 29 34 38 26,5 29 39 39 235 24. 28. 30
Jan. 10 – Feb. 28, 2017 Weeks 1 to 8, Ordinary Time Vol. III March 1 – June 4, 2017 Lent, Triduum, Easter Vol. II June 5 – August 5, 2017 Weeks 9 to 17, Ordinary Time Vol. III August 6 – December 2, 2017 Weeks 18 to 34, Ordinary Time Vol. IV Dec. 3,
