使用零知识协议的基于图像的身份验证

2018 4th International Conference on Computer and Technology Applications (ICCTA) Pub Date : 2018-05-01 DOI:10.1109/CATA.2018.8398683

Zarina Mohamad, Lim Yan Thong, Aznida Hayati Zakaria, W. S. W. Awang

{"title":"使用零知识协议的基于图像的身份验证","authors":"Zarina Mohamad, Lim Yan Thong, Aznida Hayati Zakaria, W. S. W. Awang","doi":"10.1109/CATA.2018.8398683","DOIUrl":null,"url":null,"abstract":"One of the most critical concerns in information security today is user authentication. There is a great security when using the text-based strong password schemes but often remembering those good passwords is very hard and users writing them down on a piece of paper or saving inside the smart phone. There is an alternative solution to the text-based authentication which is the Graphical User Authentication (GUA) or simply image-based Password based on the fact that humans tend to memorize images better. This type of approach allows users to create and remember passwords easily. However, one big issues that is plaguing GUA is shoulder surfing attack that can capture the users mouse clicks and eavesdropping. In this paper, a new algorithm that using zero-knowledge protocol as the solution to solving the eavesdropping and shoulder surfing attack to provide better system security. In zero-knowledge protocol, users prove that they know the graphical password without sending it. In other words, the user does not send the password to the verifier or reveal it to the people nearby. Hackers who try to eavesdrop the password will be failed since the password is not sent over the insecure channel such as Internet nor reveal. Therefore it is a secured approach to prevent interception by unwanted parties or adversary. The result that is going to be yielded in this project is a secured authentication approach which is user-friendly.","PeriodicalId":231024,"journal":{"name":"2018 4th International Conference on Computer and Technology Applications (ICCTA)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Image based authentication using zero-knowledge protocol\",\"authors\":\"Zarina Mohamad, Lim Yan Thong, Aznida Hayati Zakaria, W. S. W. Awang\",\"doi\":\"10.1109/CATA.2018.8398683\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"One of the most critical concerns in information security today is user authentication. There is a great security when using the text-based strong password schemes but often remembering those good passwords is very hard and users writing them down on a piece of paper or saving inside the smart phone. There is an alternative solution to the text-based authentication which is the Graphical User Authentication (GUA) or simply image-based Password based on the fact that humans tend to memorize images better. This type of approach allows users to create and remember passwords easily. However, one big issues that is plaguing GUA is shoulder surfing attack that can capture the users mouse clicks and eavesdropping. In this paper, a new algorithm that using zero-knowledge protocol as the solution to solving the eavesdropping and shoulder surfing attack to provide better system security. In zero-knowledge protocol, users prove that they know the graphical password without sending it. In other words, the user does not send the password to the verifier or reveal it to the people nearby. Hackers who try to eavesdrop the password will be failed since the password is not sent over the insecure channel such as Internet nor reveal. Therefore it is a secured approach to prevent interception by unwanted parties or adversary. The result that is going to be yielded in this project is a secured authentication approach which is user-friendly.\",\"PeriodicalId\":231024,\"journal\":{\"name\":\"2018 4th International Conference on Computer and Technology Applications (ICCTA)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-05-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 4th International Conference on Computer and Technology Applications (ICCTA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CATA.2018.8398683\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 4th International Conference on Computer and Technology Applications (ICCTA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CATA.2018.8398683","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

摘要

当今信息安全中最重要的问题之一是用户身份验证。使用基于文本的强密码方案具有很高的安全性，但通常很难记住这些好的密码，用户将它们写在一张纸上或保存在智能手机内。除了基于文本的身份验证之外，还有一种替代解决方案，即图形用户身份验证(GUA)或基于图像的密码，因为人类倾向于更好地记住图像。这种方法使用户可以轻松地创建和记住密码。然而，困扰GUA的一个大问题是可以捕获用户的鼠标点击和窃听的肩部冲浪攻击。本文提出了一种利用零知识协议作为解决窃听和肩冲浪攻击的新算法，以提供更好的系统安全性。在零知识协议中，用户无需发送图形密码即可证明他们知道图形密码。换句话说，用户不会将密码发送给验证者，也不会将密码透露给附近的人。因为密码不会通过互联网等不安全的渠道发送，也不会泄露，所以想要窃听密码的黑客将会失败。因此，它是一种安全的方法，以防止不受欢迎的方或对手拦截。在这个项目中将要产生的结果是一个安全的身份验证方法，这是用户友好的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Image based authentication using zero-knowledge protocol

One of the most critical concerns in information security today is user authentication. There is a great security when using the text-based strong password schemes but often remembering those good passwords is very hard and users writing them down on a piece of paper or saving inside the smart phone. There is an alternative solution to the text-based authentication which is the Graphical User Authentication (GUA) or simply image-based Password based on the fact that humans tend to memorize images better. This type of approach allows users to create and remember passwords easily. However, one big issues that is plaguing GUA is shoulder surfing attack that can capture the users mouse clicks and eavesdropping. In this paper, a new algorithm that using zero-knowledge protocol as the solution to solving the eavesdropping and shoulder surfing attack to provide better system security. In zero-knowledge protocol, users prove that they know the graphical password without sending it. In other words, the user does not send the password to the verifier or reveal it to the people nearby. Hackers who try to eavesdrop the password will be failed since the password is not sent over the insecure channel such as Internet nor reveal. Therefore it is a secured approach to prevent interception by unwanted parties or adversary. The result that is going to be yielded in this project is a secured authentication approach which is user-friendly.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2018 4th International Conference on Computer and Technology Applications (ICCTA)

自引率

0.00%

发文量