Analysis of information security service for internet application
-
2018-10-04 https://doi.org/10.14419/ijet.v7i4.12.20993 -
Authentication, Authorization, fingerprint, Information security, OTP, Two-factor. -
Abstract
Background/Objectives: With the proliferation of online platforms, information is generated every second, and there is an urgent need to firstly store the huge amount of data and secondly to secure that data. The level of sophistication is increasing day by day, so alongside the demand for excessive computational power and resources also hikes up. With the advancements in technology and with the concepts like globalization coming into picture, people find the need of sharing information important. Methods/Statistical Analysis: Information security aspects are analyzed based on confidentiality, integrity, availability, authentication, authorization and non-Repudiation. Findings: Different web application needs different security parameter and out of these authentication and access control are among the top security issues which can be resolved by using two factor and three factor authentication and are more effective with respect to mobility. Application/Improvement: Most handheld devices have built-in sensors which can be used for self authentication and authorization. Device ID, fingerprint, iris, SMS based OTPs add extra security to information security.
Â
Â
-
References
Das A, Bonneau J, Caesar M, Borisov N, Wang X. The Tangled Web of Password Reuse. In NDSS 2014 Feb 27 (Vol. 14, pp. 23-26).
[2] De Carnavalet XD, Mannan M. From Very Weak to Very Strong: Analyzing Password-Strength Meters. In NDSS 2014 Feb (Vol. 14, pp. 23-26).
[3] Grosse E, Upadhyay M. Authentication at scale. IEEE Security & Privacy. 2013 Jan;11(1):15-22.
[4] Zissis D, Lekkas D. Addressing cloud computing security issues. Future Generation computer systems. 2012 Mar 1;28(3):583-92.
[5] Birman KP, van Renesse R, editors. Reliable distributed computing with the Isis toolkit. Los Alamitos: IEEE Computer society press; 1994 Mar.
[6] Carlin S, Curran K. Cloud computing security. In Pervasive and Ubiquitous Technology Innovations for Ambient Intelligence Environments 2013 (pp. 12-17). IGI Global.
[7] Perlman R, Kaufman C, Speciner M. Network security: private communication in a public world. Pearson Education India; 2016.
[8] https://www.google.com/landing/2step/index.html
[9] Aloul F, Zahidi S, El-Hajj W. Two factor authentication using mobile phones. In Computer Systems and Applications, 2009. AICCSA 2009. IEEE/ACS International Conference on 2009 May 10 (pp. 641-644). IEEE.
[10] Sun H, Sun K, Wang Y, Jing J. Trustotp: Transforming smartphones into secure one-time password tokens. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security 2015 Oct 12 (pp. 976-988). ACM.
[11] Hsieh WB, Leu JS. Design of a time and location based One-Time Password authentication scheme. In Wireless Communications and Mobile Computing Conference
(IWCMC), 2011 7th International 2011 Jul 4 (pp. 201-206). IEEE.
[12] Abdurrahman UA, Kaiiali M, Muhammad J. A new mobile-based multi-factor authentication scheme using pre-shared number, GPS location and time stamp. In Electronics, Computer and Computation (ICECCO), 2013 International Conference on 2013 Nov 7 (pp. 293-296). IEEE.
[13] Sae-Bae N, Ahmed K, Isbister K, Memon N. Biometric-rich gestures: a novel approach to authentication on multi-touch devices. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems 2012 May 5 (pp. 977-986). ACM.
[14] Biddle R, Chiasson S, Van Oorschot PC. Graphical passwords: Learning from the first twelve years. ACM Computing Surveys (CSUR). 2012 Aug 1;44(4):19.
[15] Alsmadi I, Burdwell R, Aleroud A, Wahbeh A, Al-Qudah MA, Al-Omari A. Introduction to Information Security. In Practical Information Security 2018 (pp. 1-16). Springer, Cham.
[16] Chen D, Zhao H. Data security and privacy protection issues in cloud computing. In Computer Science and Electronics Engineering (ICCSEE), 2012 International Conference on 2012 Mar 23 (Vol. 1, pp. 647-651). IEEE.
[17] Zhao X, Chen G, Xing H, inventors; Trend Micro Inc, assignee. Portable secured computing environment for performing online confidential transactions in untrusted computers. United States patent US 8,024,790. 2011 Sep 20.
[18] Daswani N, Garcia-Molina H, Yang B. Open problems in data-sharing peer-to-peer systems. In International conference on database theory 2003 Jan 8 (pp. 1-15). Springer, Berlin, Heidelberg.
[19] Senie D, Ferguson P. Network ingress filtering: Defeating denial of service attacks which employ IP source address spoofing. Network. 1998 Jan.
[20] Black GR, inventor; Pen One Inc, assignee. Security authentication method and system. United States patent US 7,363,505. 2008 Apr 22.
[21] Miller SP, Neuman BC, Schiller JI, Saltzer JH. Kerberos authentication and authorization system. InIn Project Athena Technical Plan 1987.
[22] Bhiogade MS. Secure socket layer. In Computer Science and Information Technology Education Conference 2002 Jun (pp. 85-90).
[23] Jaganathan K, Zhu L, Brezak J. SPNEGO-based kerberos and NTLM HTTP authentication in microsoft windows. 2006.
[24] Lloyd, Brian, and William Simpson. "PPP authentication protocols." (1992).
[25] Lantto J, Ensuque G, inventors; Alice Systems AB, assignee. Method and arrangement to secure access to a communications network. United States patent US 7,152,160. 2006 Dec 19.
[26] Simpson, William Allen. "PPP challenge handshake authentication protocol (CHAP)." (1996).
[27] Blunk, Larry J. "PPP extensible authentication protocol (EAP)." (1998).
[28] Rigney C, Willens S, Rubens A, Simpson W. Remote authentication dial in user service (RADIUS). 2000.
[29] Mohammadi M, Larijani B, Razavi SH, Fotouhi A, Ghaderi A, Madani SJ, Shafiee MN. Do patients know that physicians should be confidential? A study on patients’ awareness of privacy and confidentiality. Journal of Medical Ethics and History of Medicine. 2018;11.
-
Downloads
-
How to Cite
Shanker, R., Sahil Verma, D., & Kavita, D. (2018). Analysis of information security service for internet application. International Journal of Engineering & Technology, 7(4.12), 58-62. https://doi.org/10.14419/ijet.v7i4.12.20993Received date: 2018-10-04
Accepted date: 2018-10-04
Published date: 2018-10-04