International Journal of Science and Research (IJSR)

International Journal of Science and Research (IJSR)
Call for Papers | Fully Refereed | Open Access | Double Blind Peer Reviewed

ISSN: 2319-7064

Downloads: 142 | Views: 186

Research Paper | Computer Science & Engineering | India | Volume 6 Issue 3, March 2017

Web Application based Authentication Schemes to Resist Password Reuse and Password Stealing Attacks

Tanzila Maqsood Mirza | Shrikant R. Tandle

Abstract: Passwords are the most crucial elements to all digital secrets. Passwords remain the most largely used authentication method despite their renowned security flaws. Password is a secret term or a phrase that a person must know before being given consent to enter a place. The topmost source for user authentication was certainly Text passwords which people select while registering accounts on a website. The easier the password is for the owner to recollect usually means it would be easier for an invader to predict. And also the security of system can be reduced by passwords that are problematic to recall. Security is the major concern with usability. Security strategies need to be technologically advanced to protect information from unauthorized access. Passwords as well as the secret programs are used between users and information systems for protected user. Playing an energetic role in security, passwords that are easily guessed are links to vulnerability. They permit the intruder to put system assets knowingly nearer to access them, other versions on neighboring machineries and probably even administrative privileges with changed threats in addition to susceptibilities (e. g. , phishing, key logging and malwares). In order to reduce the damage caused by phishing and other attacks, governments, banks and other industries are using One-Time Password schemes. This project provides a user authentication protocol named oPass which leverages a users cell phone and short message service to thwart password stealing and password reuse attacks [13]. Through oPass, users only need to remember a long-term password for login on all websites [13]. oPass only requires each participating website possesses a unique phone number [13], and involves a telecommunication service specialist in registration and recovery phases. But existing system entirely depends on telecommunication service provision and users contact number. User will obtain the One Time Password (OTP) with the help of prompt messaging service existing in internet. User can access their personal accounts using this OTP. The purpose of this system is to introduce the concept and methodology which helps users and organizations to implement stronger password procedures. oPass is efficient and affordable compared with the conformist web authentication mechanisms. The spasms over the complete systems are controlled through the addition of Secured Shared Key Sharing Mechanism as a contribution. TSP delivers the shared key to both server and user. The shared key can be hacked by the invader which affects the security of the authentication system. More security can be provided by sending the shared key secretly. User and server will generate the public and private key pair using the asymmetric key generation algorithm. Encryption of the Shared key is done by the TSP using the public key of the user when send to the user. Decryption is done by the user with the private key available with it. Hence the attack over the entire system is controlled through the addition of Secured Shared Key Sharing Mechanism. It gives rise to the safety level of the system. Proposed methodology is fewer susceptible to offline spasms, and this will provide robust shield against password stealing. Our system is less cost effective and better security apparatus against attacks.

Keywords: Passwords, User authentication, Security, One time password, Secured shared key sharing mechanism

Edition: Volume 6 Issue 3, March 2017,

Pages: 280 - 285

How to Download this Article?

Type Your Valid Email Address below to Receive the Article PDF Link

Verification Code will appear in 2 Seconds ... Wait