An Enhanced Password-Username Authentication System Using Cryptographic Hashing and Recognition Based Graphical Password
Journal Title: IOSR Journals (IOSR Journal of Computer Engineering) - Year 2016, Vol 18, Issue 4
Abstract
Abstract: Password-username authentication is a critical component of today’s web application technology that is commonly used to control access to restricted resources. However, poor design, coding flaws and weakuser login credentials exposes this functionality to Sequel Query Language Injection (SQLI) and online password guessing attacks. Current techniques advanced by researchers to address authentication attacks only focus on either one of them, thus failing to envisage a scenario where the login form can be used to launch both SQLI and online password guessing attacks. To address this challenge, this paper presents an authentication solution that addresses the issue of SQLI and online password guessing attacks on login form as implemented in generic web applications. The solution combines the use of plain text credentials that are cryptographically hashed at runtime with recognition based graphical login credentials. The goal is to always guarantee access to a user account even when such account is under attack while at the same time ensuring convenient and secure login experience by legitimate users. This is achieved by blocking the Internet Protocol (IP) addresses fromwhich there are unsuccessful login attempts. Security test shows that the solution is not vulnerable to SQLI and online password guessing attacks.
Authors and Affiliations
Tivkaa, M. L , Choji, D. N , Agaji, I , Atsa‟am, D.
Keywords
Related Articles
- EP ID EP96185
- DOI -
- Views 128
- Downloads 0
An Analysis of VANET Topology Based Routing Approach on Various Parameters
Abstract: Vehicular ad hoc network (VANET) is a peculiar subclass of mobile ad-hoc network (MANET) that has the potential in improving road safety and in providing travellers comfort. Currently it has gained an imp...
Handwritten Kannada Document Image Processing using Optical Character Recognition
Abstract: The objective of Optical Character Recognition (OCR) is automatic reading of optically sensed document text materials to translate human-readable characters to machine- readable codes. In Optical Character Reco...
Enhancement in Elimination of Security Threads using Trusted Proactive Routing
Ad hoc networks have been used in many applications which mandate a dynamic setup in the absence of fixed infrastructure. The design of ad hoc network has been mainly focuses on proper operation. It is possible t...
MSESEP- Mobile Sink Based ESEP using Reliable Cluster Head and Sorting Technique
Abstract: The Wireless Sensor Network (WSN) is composed of sensors. These sensor nodes sense the physical parameters like temperature, pressure, humidity etc. In real time environment these sensors have different energie...
Comparative study of two methods for Handwritten Devanagari Numeral Recognition
In this paper two different methods for Numeral Recognition are proposed and their results are compared. The objective of this paper is to provide an efficient and reliable method for recognition of handwritten...