Divide and Conquer Approach for Solving Security and Usability Conflict in User Authentication
Journal Title: International Journal of Advanced Computer Science & Applications - Year 2018, Vol 9, Issue 5
Abstract
Knowledge based authentication schemes are divided into textual password schemes and graphical password schemes. Textual password schemes are easy to use but have well known security issues, such as weak against online security attacks. Graphical password schemes are generally weak against shoulder surfing attacks. Usability is another issue with most of the graphical password schemes. For improving security of knowledge-based authentication schemes complex password entry procedures are used, which improve security but weakens useability of the authentication schemes. In order to resolve this security and usability conflict, a user authentication scheme is proposed, which contains one registration and two login screens called easy and secure login screens. Easy login screen provides easy and quick way of authentication while secure login screen is resilient to different online security attacks. A user has to decide based upon the authentication environment, which login screen to be used for authentication. For secure environment, where chances of security attacks are less easy login screen is recommended. For insecure environments where chances of security attacks are high, secure login screen is recommended for authentication. In the proposed scheme, image based passwords can also be set along with alphanumeric passwords. Results suggest that proposed scheme improves security against offline and online attacks.
Authors and Affiliations
Shah Zaman Nizamani, Waqas Ali Sahito, Shafique Awan
Keywords
Related Articles
- EP ID EP319109
- DOI 10.14569/IJACSA.2018.090564
- Views 88
- Downloads 0
Big-Learn: Towards a Tool Based on Big Data to Improve Research in an E-Learning Environment
In the area of data management for information system and especially at the level of e-learning platforms, the Big Data phenomenon makes the data difficult to deal with standard database or information management tools....
REVIEW ON ASPECT ORIENTED PROGRAMMING
Aspect-oriented programming (AOP) has been introduced as a potential programming approach for the specification of nonfunctional component properties, such as fault-tolerance, logging and exception handling. Such propert...
Complexity of Network Design for Private Communication and the P-vs-NP Question
We investigate infeasibility issues arising along network design for information-theoretically secure cryptography. In particular, we consider the problem of communication in perfect privacy and formally relate it to gra...
Outsourcing of Secure k-Nearest Neighbours Interpolation Method
Cloud computing becomes essential in these days for the enterprises. Most of the large companies are moving their services and data to the cloud servers which offer flexibility and efficiency. Data owner (DO) hires a clo...
Confinement for Active Objects
In this paper, we provide a formal framework for the security of distributed active objects. Active objects com-municate asynchronously implementing method calls via futures. We base the formal framework on a security mo...