Modelling of Multi Factor Authentication System

  • Authors

    • P L.P.Ramyasri
    • D Malathi
    https://doi.org/10.14419/ijet.v7i3.34.19705
  • Multi-factor authentication, Single factor authentication, Authentication modalities, Graphical password, OTP, CAPTCHA
  • Authentication is a fundamental safeguard to access any information. A different type of authentication methods like single factor authentication method, two factor authentication method has been developed to improve user’s security. Because of recent security attacks these methods are not reliable to provide better security. In this paper a multi-factor authentication framework is proposed that includes non-biometric authentication modalities like OTP, CAPTCHA, Graphical password, Textual Login. In this proposed framework users can randomly choose these authentication modalities. During login user interface time, failure verification count for each and every authentication modality is captured. A Feedback is collected from  20 user’s and based on this time constraints, comparison of performance is done with respect to number of authentication modalities versus users interest. This proposed multi-factor authentication framework can be deployed in different levels of internet computing like email or social applications where user can randomly select authentication modalities based on time constraints.

     

     

  • References

    1. [1] A. Adams and M. A. Sasse, "Users are not the enemy: why users compromise computer security mechanisms and how to take remedial measures," Communications of the ACM, vol. 42, pp. 41-46, 1999.

      [2] A. Bianchi, I. Oakley, and D. S. Kwon, “The secure haptic keypad: A tactile password system,†in Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, New York, NY, USA: ACM, 2010.

      [3] Abramson, Myriam, and David W. Aha (2013). "User Authentication from Web Browsing Behaviour." FLAIRS conference.

      [4] Antonella, Angeli et al. "Usability and user authentication: Pictorial passwords vs. PIN." Contemporary ergonomics (2003): 253-258.

      [5] Bianchi, Andrea, et al. "The phone lock: audio and haptic shoulder-surfing resistant PIN entry methods for mobile devices." Proceedings of the fifth international conference on Tangible, embedded, and embodied interaction. ACM, 2011.

      [6] Bours, Patrick, and Hafez Barghouthi. "Continuous authentication using biometric keystroke dynamics." The Norwegian Information Security Conference (NISK).Vol. 2009. 2009.

      [7] Chen, Ye, and DivakaranLiginlal (2007). "Bayesian networks for knowledge-based authentication." IEEE Transactions on Knowledge and Data Engineering 19.5 (2007): 695-710.

      [8] D. Tan, P. Keyani, and M. Czerwinski, “Spy-resistant keyboard: Towards more secure password entry on publicly observable touch screens,†in Proceedings of OZCHI-Computer-Human Interaction Special Interest Group (CHISIG) of Australia. Canberra, Australia: ACM Press, 2005

      [9] Darabseh, Alaa, and Akbar SiamiNamin (2015). "On Accuracy of Keystroke Authentications Based on Commonly Used English Words." Biometrics Special Interest Group (BIOSIG), 2015 International Conference of the. IEEE.

      [10] Dasgupta, Dipankar, Arunava Roy, and Abhijit Nag. (2016) "Toward the design of adaptive selection strategies for multi-factor authentication." computers & security 63 (2016): 85-116.

      [11] Deutschmann, Ingo, and Johan Lindholm (2013). "Behavioural biometrics for DARPA's active authentication program." Biometrics Special Interest Group (BIOSIG), 2013 International Conference of the. IEEE.

      [12] E. von Zezschwitz, A. De Luca, and H. Hussmann, “Honey,i shrunk the keys: Influences of mobile devices on password composition and authentication performance,†in Proceedings of the 8th Conference on Human-Computer Interaction: Fun, Fast, Foundational, New York, NY, USA: ACM, 2014.

      [13] Fridman, Lex, et al (2015). "Multi-modal decision fusion for continuous authentication." Computers & Electrical Engineering 41 (2015): 142-156.

      [14] I. Oakley and A. Bianchi, “Multi-touch passwords for mobile device access,†in Proceedings of the ACM Conference on Ubiquitous Computing, New York, NY, USA: ACM, 2012.

      [15] Janakiraman, Raj Kumar, et al. "Using continuous face verification to improve desktop security." Application of Computer Vision, 2005.WACV/MOTIONS'05 Volume 1.Seventh IEEE Workshops on.Vol. 1. IEEE, 2005.

      [16] K. Gilhooly, "Biometrics: Getting Back to Business," in Computerworld, May 09, 2005.

      [17] Khamis, Mohamed, et al. "GTmoPass: two-factor authentication on public displays using gaze-touch passwords and personal mobile devices:" Proceedings of the 6th ACM

      [18] L. Wang, X. Chang, Z. Ren, H. Gao, X. Liu, and U. Aickelin, “Against spyware using captcha in graphical password scheme,†in 24th International Conference on Advanced Information Networking and Applications, IEEE,2010.

      [19] Liu, Jie, et al. "Optimal combined intrusion detection and biometric-based continuous authentication in high security mobile ad hoc networks." IEEE transactions on wireless communications 8.2 (2009): 806-815.

      [20] Locklear, Hilbert (2014) "Continuous authentication with cognition-centric text production and revision features." Biometrics (IJCB), 2014 IEEE International Joint Conference.

      [21] M. Martinez-Diaz, J. Fierrez, and J. Galbally, “The doodb graphical password database: Data analysis and benchmark results,†Access, IEEE, 2013.

      [22] Maghsoudi, Javid, and Charles C. Tappert (2011). "A Behavioural Biometrics User Authentication Study Using Motion Data from Android Smartphones. “Intelligence and Security Informatics Conference (EISIC), 2016 European. IEEE.

      [23] Ms GrinalTuscano “Graphical password authentication using Pass faces†Int. Journal of Engineering Research and Applications March 2015.

      [24] Niinuma, Koichiro, and Anil K. Jain (2010) "Continuous user authentication using temporal information." Biometric Technology for Human Identification VII.Vol. 7667. International Society for Optics and Photonics.

      [25] Primo, Abena, et al. (2014) "Context-aware active authentication using smartphone accelerometer measurements." Computer Vision and Pattern Recognition Workshops (CVPRW), 2014 IEEE Conference on. IEEE.

      [26] R. N. Shepard, "Recognition memory for words, sentences, and pictures," Journal of Verbal Learning, February 1967.

      [27] Rosanne, and Ron Poet. “Measuring the revised guess ability of graphical passwords" 5th International Conference on. Network and System Security (NSS), IEEE, 2011.

      [28] S. Gurav, L. Gawade, P. Rane, and N. Khochare, Graphical password authentication: Cloud securing scheme,†International Conference on, in Electronic Systems, Signal Processing and Computing Technologies (ICESC),IEEE Jan 2014.

      [29] S. Wiedenbeck, J. Waters, J. Birget, A. Brodskiy, and N. Memon, “Passpoints: Design and longitudinal evaluation of a graphical password system,†International Journal of Human-Computer Studies, 2005

      [30] Saini, Baljit Singh, NavdeepKaur, and Kamaljit Singh Bhatia (2017). Keystrokedynamics based user authentication using numeric keypad." Cloud Computing, Data Science & Engineering-Confluence, 2017 7th International Conference on. IEEE.

      [31] Stewart, John C., et al. (2011)"An investigation of keystroke and stylometry traits forauthenticating online test takers." Biometrics (IJCB), 2011 International Joint Conference on. IEEE.

      [32] [32] Sun, Hung-Min, "A shoulder surfing resistant graphical authentication system." IEEE Transactions on Dependable and Secure Computing (2016).

      [33] T. Takada, “fake pointer: An authentication scheme for improving security against peeping attacks using video cameras,†in Mobile Ubiquitous Computing, Systems, and Technologies, Second International Conference on IEEE 2008.

      [34] V. Roth, K. Richter, and R. Freidinger, “A pin-entry method resilient against shoulder surfing,†in Proceedings of the 11th ACM conference on Computer and communications security, ACM, 2004.

      [35] Zheng, Ziran, "A stroke-based textual password authentication scheme." Education Technology and Computer Science, 2009.ETCS'09.First International Workshop on.Vol. 3. IEEE, 2009.

      [36] K. Vijayakumar, C. Arun, Analysis and selection of risk assessment frameworks for cloud based enterprise applicationsâ€, Biomedical Research, ISSN: 0976-1683 (Electronic), January 2017.

      [37] K. Vijayakumar C. Arun, Continuous security assessment of cloud based applications using distributed hashing algorithm in SDLC, Cluster Computing DOI 10.1007/s10586-017-1176-x, Sept 2017.

  • Downloads

  • How to Cite

    L.P.Ramyasri, P., & Malathi, D. (2018). Modelling of Multi Factor Authentication System. International Journal of Engineering & Technology, 7(3.34), 944-949. https://doi.org/10.14419/ijet.v7i3.34.19705