International Journal of Science and Research (IJSR)

International Journal of Science and Research (IJSR)
Call for Papers | Fully Refereed | Open Access | Double Blind Peer Reviewed

ISSN: 2319-7064


Downloads: 142 | Views: 297

Research Paper | Computer Science & Engineering | India | Volume 6 Issue 3, March 2017 | Popularity: 7 / 10


     

Web Application based Authentication Schemes to Resist Password Reuse and Password Stealing Attacks

Tanzila Maqsood Mirza, Shrikant R. Tandle


Abstract: Passwords are the most crucial elements to all digital secrets. Passwords remain the most largely used authentication method despite their renowned security flaws. Password is a secret term or a phrase that a person must know before being given consent to enter a place. The topmost source for user authentication was certainly Text passwords which people select while registering accounts on a website. The easier the password is for the owner to recollect usually means it would be easier for an invader to predict. And also the security of system can be reduced by passwords that are problematic to recall. Security is the major concern with usability. Security strategies need to be technologically advanced to protect information from unauthorized access. Passwords as well as the secret programs are used between users and information systems for protected user. Playing an energetic role in security, passwords that are easily guessed are links to vulnerability. They permit the intruder to put system assets knowingly nearer to access them, other versions on neighboring machineries and probably even administrative privileges with changed threats in addition to susceptibilities (e. g. , phishing, key logging and malwares). In order to reduce the damage caused by phishing and other attacks, governments, banks and other industries are using One-Time Password schemes. This project provides a user authentication protocol named oPass which leverages a users cell phone and short message service to thwart password stealing and password reuse attacks [13]. Through oPass, users only need to remember a long-term password for login on all websites [13]. oPass only requires each participating website possesses a unique phone number [13], and involves a telecommunication service specialist in registration and recovery phases. But existing system entirely depends on telecommunication service provision and users contact number. User will obtain the One Time Password (OTP) with the help of prompt messaging service existing in internet. User can access their personal accounts using this OTP. The purpose of this system is to introduce the concept and methodology which helps users and organizations to implement stronger password procedures. oPass is efficient and affordable compared with the conformist web authentication mechanisms. The spasms over the complete systems are controlled through the addition of Secured Shared Key Sharing Mechanism as a contribution. TSP delivers the shared key to both server and user. The shared key can be hacked by the invader which affects the security of the authentication system. More security can be provided by sending the shared key secretly. User and server will generate the public and private key pair using the asymmetric key generation algorithm. Encryption of the Shared key is done by the TSP using the public key of the user when send to the user. Decryption is done by the user with the private key available with it. Hence the attack over the entire system is controlled through the addition of Secured Shared Key Sharing Mechanism. It gives rise to the safety level of the system. Proposed methodology is fewer susceptible to offline spasms, and this will provide robust shield against password stealing. Our system is less cost effective and better security apparatus against attacks.


Keywords: Passwords, User authentication, Security, One time password, Secured shared key sharing mechanism


Edition: Volume 6 Issue 3, March 2017


Pages: 280 - 285



Make Sure to Disable the Pop-Up Blocker of Web Browser




Text copied to Clipboard!
Tanzila Maqsood Mirza, Shrikant R. Tandle, "Web Application based Authentication Schemes to Resist Password Reuse and Password Stealing Attacks", International Journal of Science and Research (IJSR), Volume 6 Issue 3, March 2017, pp. 280-285, https://www.ijsr.net/getabstract.php?paperid=ART20171456, DOI: https://www.doi.org/10.21275/ART20171456



Similar Articles

Downloads: 105

Research Paper, Computer Science & Engineering, India, Volume 3 Issue 7, July 2014

Pages: 598 - 602

Dynamic Key Generation Algorithm for User Authentication at Mobile Cloud Enviroinment

Deepak G, Dr. Pradeep. B. S, Shreyas Srinath

Share this Article

Downloads: 107

Research Paper, Computer Science & Engineering, India, Volume 5 Issue 1, January 2016

Pages: 1604 - 1610

A Novel Model for S.M.S Security and SPAM Detection

Nikhila Zalpuri

Share this Article

Downloads: 109

Research Paper, Computer Science & Engineering, India, Volume 3 Issue 8, August 2014

Pages: 1167 - 1172

Protection against Multi-Id Generation Autobots/Botnets Using Using Colored Visually Encoded OTPs Generated by the Random Function in the Spherical Space

Taranpreet Kaur, Harmandeep Singh

Share this Article

Downloads: 109

Survey Paper, Computer Science & Engineering, India, Volume 3 Issue 11, November 2014

Pages: 852 - 855

An Efficient User Authentication using Captcha and Graphical Passwords-A Survey

S. Karthika, Dr. P. Devaki

Share this Article

Downloads: 109

Survey Paper, Computer Science & Engineering, India, Volume 3 Issue 12, December 2014

Pages: 2469 - 2472

A Survey of Advance Multi-Factor Authentication and Multi-Keyword Ranked Search for Encrypted Cloud Data

Snehal Rahul Patil, Shiwani Sthapak

Share this Article
Top