Stronger authentication for password using virtual password and secret little functions

International Conference on Information Communication and Embedded Systems (ICICES2014) Pub Date : 2014-02-01 DOI:10.1109/ICICES.2014.7033936

P. Umadevi, V. Saranya

{"title":"Stronger authentication for password using virtual password and secret little functions","authors":"P. Umadevi, V. Saranya","doi":"10.1109/ICICES.2014.7033936","DOIUrl":null,"url":null,"abstract":"People enjoy the convenience of on-line services, Automated Teller Machines (ATMs), and pervasive computing, but online environments, ATMs, and pervasive computing may bring many risks by adversaries. To prevent users passwords from adversaries by implementing a differentiated virtual password concept in which a user has the freedom to choose a virtual password scheme ranging from weak security to strong security, where a virtual password requires a small amount of human computing to secure users passwords. A user-specified function/program is used to implement the virtual password concept with a tradeoff of security for complexity requiring a small amount of human computing. Further we propose several functions to serve as system recommended functions and provide a security analysis. For user-specified functions, we adopt a secret little functions in which security is enhanced by hiding secret functions/algorithms. Analyze how the proposed scheme defends against phishing, key logger, and shoulder-surfing attacks. The virtual password mechanism is the first one which is able to defend against all three attacks together.","PeriodicalId":13713,"journal":{"name":"International Conference on Information Communication and Embedded Systems (ICICES2014)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2014-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Conference on Information Communication and Embedded Systems (ICICES2014)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICICES.2014.7033936","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

Abstract

People enjoy the convenience of on-line services, Automated Teller Machines (ATMs), and pervasive computing, but online environments, ATMs, and pervasive computing may bring many risks by adversaries. To prevent users passwords from adversaries by implementing a differentiated virtual password concept in which a user has the freedom to choose a virtual password scheme ranging from weak security to strong security, where a virtual password requires a small amount of human computing to secure users passwords. A user-specified function/program is used to implement the virtual password concept with a tradeoff of security for complexity requiring a small amount of human computing. Further we propose several functions to serve as system recommended functions and provide a security analysis. For user-specified functions, we adopt a secret little functions in which security is enhanced by hiding secret functions/algorithms. Analyze how the proposed scheme defends against phishing, key logger, and shoulder-surfing attacks. The virtual password mechanism is the first one which is able to defend against all three attacks together.

查看原文本刊更多论文

使用虚拟密码和秘密小函数对密码进行更强的认证

人们享受在线服务、自动柜员机(atm)和普适计算带来的便利，但在线环境、自动柜员机和普适计算可能会带来许多风险。通过实现差异化的虚拟密码概念，使用户可以自由选择从弱安全性到强安全性的虚拟密码方案，而虚拟密码只需要少量的人工计算就可以确保用户密码的安全。用户指定的函数/程序用于实现虚拟密码概念，并在安全性与需要少量人工计算的复杂性之间进行权衡。进一步提出了几个功能作为系统推荐功能，并进行了安全性分析。对于用户指定的函数，我们采用秘密小函数，通过隐藏秘密函数/算法来增强安全性。分析所提出的方案如何防御网络钓鱼、密钥记录和肩部冲浪攻击。虚拟密码机制是第一个能够同时防御这三种攻击的机制。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International Conference on Information Communication and Embedded Systems (ICICES2014)

自引率

0.00%

发文量