Web Application Authentication Using Visual Cryptography and Cued Clicked Point Recall-based Graphical Password

Alphanumerical usernames and passwords are the most used computer authentication technique. This approach has been found to have a number of disadvantages. Users, for example, frequently choose passwords that are simple to guess. On the other side, if a password is difficult to guess, it is also difficult to remember. Graphical passwords have been proposed in the literature as a potential alternative to alphanumerical passwords, based on the fact that people remember pictures better than text. Existing graphical passwords, on the other hand, are vulnerable to a shoulder surfing assault. To address this shoulder surfing vulnerability, this study proposes an authentication system for web-applications based on visual cryptography and cued click point recall-based graphical password. The efficiency of the proposed system was validated using unit, system and usability testing measures. The results of the system and unit testing showed that the proposed system accomplished its objectives and requirements. The results of the usability test showed that the proposed system is easy to use, friendly and highly secured.

Download Full-text

Secure ASP.NET Web Application by Discovering Broken Authentication and Session Management Vulnerabilities

Oriental journal of computer science and technology ◽

10.13005/ojcst/10.02.15 ◽

2017 ◽

Vol 10 (2) ◽

pp. 359-363

Author(s):

Rupal Sharma ◽

Ravi Sheth

Keyword(s):

Web Service ◽

Web Application ◽

Web Applications ◽

The Other ◽

Web Application Security ◽

Application Security ◽

Security Vulnerability ◽

Session Management ◽

The Given ◽

The Web

Today, web application security is most significant battlefield between victim, attacker and resource of web service. The owner of web applications can’t see security vulnerability in web application which develops in ASP.NET. This paper explain one algorithm which aim to identify broken authentication and session management vulnerability. The given method of this paper scan the web application files. The created scanner generator relies on studying the source character of the application limited ASP.NET files and the code be beholden files. A program develop for this motive is to bring about a report which describes vulnerabilities types by mentioning the indict name, disclose description and its location. The aim of the paper is to discover the broken authentication and session management vulnerabilities. The indicated algorithm will uphold organization and developer to repair the vulnerabilities and recover from one end to the other security.

Download Full-text

Using Recommendation Systems to Adapt Gameplay

Discoveries in Gaming and Computer-Mediated Simulations ◽

10.4018/978-1-60960-565-0.ch005 ◽

2011 ◽

pp. 64-77 ◽

Cited By ~ 1

Author(s):

Ben Medler

Keyword(s):

Web Application ◽

Web Applications ◽

Recommendation Systems ◽

User Preferences ◽

The Other ◽

User Input ◽

Data Intensive ◽

Other Hand ◽

Research Communities ◽

Game Developers

Recommendation systems are key components in many Web applications (Amazon, Netflix, eHarmony). Each system gathers user input, such as the products they buy, and searches for patterns in order to determine user preferences and tastes. These preferences are then used to recommend other content that a user may enjoy. Games on the other hand are often designed with a one-size-fits-all approach not taking player preferences into account. However there is a growing interest in both the games industry and game research communities to begin incorporating systems that can adapt, or alter how the game functions, to specific players. This paper examines how Web application recommendation systems compare to current games that adapt their gameplay to specific players. The comparison shows that current games do not use recommendation methods that are data intensive or collaborative when adapting to players. Design suggestions are offered within this manuscript for how game developers can benefit from incorporating the lesser used recommendation methods.

Download Full-text

Search for Prioritized Test Cases during Web Application Testing

International Journal of Applied Metaheuristic Computing ◽

10.4018/ijamc.2019040101 ◽

2019 ◽

Vol 10 (2) ◽

pp. 1-26 ◽

Cited By ~ 1

Author(s):

Munish Khanna ◽

Naresh Chauhan ◽

Dilip Kumar Sharma

Keyword(s):

Web Application ◽

Web Applications ◽

Greedy Algorithms ◽

Regression Testing ◽

Test Sequence ◽

Test Case ◽

Test Cases ◽

Average Percentage ◽

Heuristic Approaches ◽

Better Than

Regression testing of evolving software is a critical constituent of the software development process. Due to resources constraints, test case prioritization is one of the strategies followed in regression testing during which a test case that satisfies predefined objectives the most, as the tester perceives, would be executed the earliest. In this study, all the experiments were performed on three web applications consisting of 65 to 100 pages with lines of code ranging from 5000 to 7000. Various state-of-the-art approaches such as, heuristic approaches, Greedy approaches, and meta heuristic approaches were applied so as to identify the prioritized test sequence which maximizes the value of average percentage of fault detection. Performance of these algorithms was compared using different parameters and it was concluded that the Artificial Bee Colony algorithm performs better than all. Two novel greedy algorithms are also proposed in the study, of which the goal is to smartly manage the state of a tie, where a tie exhibits the condition that all the test cases participating in the tie are of equal significance in achieving the objective. It has also been validated that the performance of these novel proposed algorithm(s) is better than that of traditionally followed greedy approach, most of the time.

Download Full-text

Polynomial-Based Google Map Graphical Password System against Shoulder-Surfing Attacks in Cloud Environment

Complexity ◽

10.1155/2019/2875676 ◽

2019 ◽

Vol 2019 ◽

pp. 1-8 ◽

Cited By ~ 4

Author(s):

Zhili Zhou ◽

Ching-Nung Yang ◽

Yimin Yang ◽

Xingming Sun

Keyword(s):

Human Brain ◽

Identity Authentication ◽

Long Term Memory ◽

Cloud Environment ◽

Term Memory ◽

Specific Location ◽

Graphical Password ◽

Graphical Passwords ◽

Shoulder Surfing

Text password systems are commonly used for identity authentication to access different kinds of data resources or services in cloud environment. However, in the text password systems, the main issue is that it is very hard for users to remember long random alphanumeric strings due to the long-term memory limitation of the human brain. To address this issue, graphical passwords are accordingly proposed based on the fact that humans have better memory for images than alphanumeric strings. Recently, a Google map graphical password (GMGP) system is proposed, in which a specific location of Google Map is preset as a password for authentication. Unfortunately, the use of graphical passwords increases the risk of exposing passwords under shoulder-surfing attacks. A snooper can easily look over someone’s shoulder to get the information of a location on map than a text password from a distance, and thus the shoulder-surfing attacks are more serious for graphical passwords than for text passwords. To overcome this issue, we design a polynomial-based Google map graphical password (P-GMGP) system. The proposed P-GMGP system can not only resist the shoulder-surfing attacks effectively, but also need much fewer challenge-response rounds than the GMGP system for authentication. Moreover, the P-GMGP system is extended to allow a user to be authenticated in cloud environment effectively and efficiently.

Download Full-text

Protocols for Time Tradeoff Valuations of Health States Worse than Dead: A Literature Review

Medical Decision Making ◽

10.1177/0272989x09357475 ◽

2010 ◽

Vol 30 (5) ◽

pp. 610-619 ◽

Cited By ~ 45

Author(s):

Carl Tilling ◽

Nancy Devlin ◽

Aki Tsuchiya ◽

Ken Buckingham

Keyword(s):

Lead Time ◽

Preference Elicitation ◽

The Other ◽

Health State Valuation ◽

Health State ◽

Health States ◽

Time Tradeoff ◽

Potential Alternative ◽

Systematic Framework ◽

Better Than

Background. The time tradeoff (TTO) method of preference elicitation allows respondents to value a state as worse than dead, generally either through the Torrance protocol or the Measurement and Valuation of Health (MVH) protocol. Both of these protocols have significant weaknesses: Valuations for states worse than dead (SWD) are elicited through procedures different from those for states better than dead (SBD), and negative values can be extremely negative. Purpose. To provide an account of the different TTO designs for SWD, to identify any alternatives to the MVH and Torrance approaches, and to consider the merits of the approaches identified. Methods. Medline was searched to identify all health state valuation studies employing TTO. The ways in which SWD were handled were recorded. Furthermore, to ensure that there are no unpublished but feasible TTO variants, the authors developed a theoretical framework for identifying all potential variants. Results. The search produced 593 hits, of which 218 were excluded. Of the remaining 375 articles, only 29 included protocols for SWD. Of these, 23 used the MVH protocol and 4 used the Torrance protocol. The other 2 used 1 protocol for SBD and SWD, one making use of lead time and the other using a 2-stage procedure with chaining. The systematic framework did not identify any alternatives to the Torrance and MVH protocols that were superior to the lead time approach. Conclusions. Few studies elicit values for SWD. The lead time approach is a potential alternative to the Torrance and MVH protocols. Key words: QALY; states worse than dead; health state valuation; preference elicitation.

Download Full-text

GRAPHICAL PASSWORD AUTHENTICATION - SURVEY

10.36106/gjra/3011151 ◽

2020 ◽

pp. 1-7

Author(s):

Jasmin P. Bhootwala ◽

Dr. Pravin H. Bhathawala*

Keyword(s):

Data Protection ◽

The Other ◽

Future Research ◽

Password Authentication ◽

Graphical Password ◽

Graphical Passwords ◽

Design And Implementation ◽

The Future ◽

Complete Survey ◽

Important Design

The most common computer authentication approach is to use alphanumerical usernames and passwords. This method has been proven to have vast drawbacks. For example, users tend to choose passwords that can be easily guessed. On the other hand, if a password is difcult to guess, then it is frequently difcult to remember. To address this problem, some researchers have developed authentication strategies that use images as passwords. In this paper, we conduct a complete survey of the current graphical password techniques. We classify these strategies into two categories: recognition-based and recall-based approaches. We discuss the strengths and barriers of each technique and point out the future research instructions in this area. We also try to answer two necessary questions: “Are graphical passwords as secure as text-based passwords?”; “What are the important design and implementation issues for graphical passwords?” This survey will be useful for data protection researchers and practitioners who are involved in nding an choice to text-based authentication methods.

Download Full-text

Analysis of Data Oriented Web Application Systems

Journal of University of Shanghai for Science and Technology ◽

10.51201/jusst/21/05199 ◽

2021 ◽

Vol 23 (05) ◽

pp. 636-649

Author(s):

Anubhav Dinkar ◽

◽

Prakash Biswagar

Keyword(s):

Operating Systems ◽

Web Application ◽

Web Applications ◽

Virtual Machines ◽

Application Systems ◽

The Right ◽

Almost All ◽

Better Than

The purpose of this paper is to study and analyse the various tools that are used in modern day web application systems, which include but are not limited to Flask, Django, PostgreSQL, MongoDB, Docker containers, virtual machines, and so on. The main aim is to allow users of these technologies to be able to choose the right technology based on their needs and the scale of their applications. This is done with the help of sysbench and Docker and Linux based containers, along with basic Flask and Django web applications. Flask could be preferred for simpler web applications over Django. Docker and LXD do perform similarly for the most part, but due to its low storage footprint (only essential libraries are installed in the container, not an entire OS), and its ease of configurability in almost all operating systems, Docker is generally preferred over the others. PostgreSQL seemed to perform 2 times better than MongoDB in terms of the number of queries it handled.

Download Full-text

A Review on Shoulder Surfing Attack in Authentication Technique using Cued Click Point (CCP)

International Journal of Advanced Research in Science, Communication and Technology ◽

10.48175/ijarsct-v2-i3-324 ◽

2021 ◽

pp. 141-144

Author(s):

Jasmin P. Bhootwala ◽

Dr Subhash G. Desai

Keyword(s):

User Authentication ◽

Social Engineering ◽

Image Point ◽

Dictionary Attack ◽

Graphical Password ◽

Graphical Passwords ◽

Security Authentication ◽

Shoulder Surfing ◽

Brute Force Attack ◽

Graphical System

Security important now a days. Users of primary preference to security. Authentication process provide security to the user. Authentication process of identifying the person’s identity or conforming the identity of person. There are various authentication method, but most commonly used method is textual password. Combination of alphabet and number create a secure password. But some drawbacks i.e. it easily guess by also called attacker. If it make complex then it hard to memorize. Also various attacks brute force attack, dictionary attack, social engineering attack, evesdropping, etc. of textual password graphical password system introduced. Graphical system is easy to memorize but it undergo shoulder surfing attack which big problem. any entity or person can observe users password directly or by using any device. So as an alternative Graphical Passwords are introduced to resist the Shoulder surfing attack. the above mentioned attacks the new scheme highlights cued click point (CCP), Using graphical password as input and grid lines for image point verification. This paper survey shoulder surfing attacks in graphical password approach.

Download Full-text

Saxon-JS Meets XSpec Unit Testing

Proceedings of Balisage: The Markup Conference 2020 ◽

10.4242/balisagevol25.galtman01 ◽

2020 ◽

Cited By ~ 1

Author(s):

Amanda Galtman

Keyword(s):

Web Application ◽

Web Applications ◽

Unit Testing ◽

High Quality ◽

Web Browser ◽

Pros And Cons ◽

Specific Project ◽

The Web

Unit testing helps you develop and maintain high quality software, and the XSpec tool provides unit testing capabilities for XSLT transforms. Meanwhile, the Saxon-JS product enables you to create web applications that run XSLT code in a web browser. If you want to implement XSpec tests for a Saxon-JS web application, a key challenge is that XSpec running with Saxon-EE cannot access the web browser, DOM, or JavaScript processor that influences your web application. XSpec does not natively understand the interactive XSLT features of Saxon-JS. This paper describes two approaches for making Saxon-JS and XSpec more compatible with each other: a primary approach that involves substituting for ("mocking") the parts of the Saxon-JS operation that XSpec cannot natively access, and a speculative, alternate approach that involves running XSpec tests directly in the browser using Saxon-JS. We discuss pros and cons of the approaches and why we chose the primary approach for a specific project involving user documentation for a software API.

Download Full-text

Multi-level Scalable Textual-Graphical Password Authentication Scheme for Web based Applications

REV Journal on Electronics and Communications ◽

10.21553/rev-jec.64 ◽

2014 ◽

Vol 3 (3-4) ◽

Cited By ~ 1

Author(s):

Umedha Behl ◽

Divya Bhat ◽

Neha Ubhaykar ◽

Vaibhav Godbole ◽

Saurabh Kulkarni

Keyword(s):

Level Scheme ◽

User Authentication ◽

Authentication Scheme ◽

Password Authentication ◽

Web Based ◽

Graphical Password ◽

Security Authentication ◽

Shoulder Surfing ◽

Multi Level ◽

Better Than

Nowadays, user authentication is one of the important topics in information security. Authentication is necessary in multi-user systems. User name and password are used to authenticate a user. Text-based strong password scheme can provide security to a certain degree. Users tend to pick short passwords or passwords that are easy to remember, which makes the passwords vulnerable for attackers to break. Furthermore, textual password is vulnerable to shoulder-surfing, hidden camera and spy-ware attacks. Graphical authentication has been proposed as a possible alternative solution to text-based authentication, motivated particularly by the fact that humans can remember images better than text. However, they are mostly vulnerable to shoulder surfing. In this paper, we propose a Multi-level Scalable Textual-Graphical Password Authentication Scheme for web based applications. This scheme integrates both graphical and textual password schemes, and provides multi-level authentication scheme as compared to previously proposed single level scheme. In this scheme multi-level authentication is obtained by making use of SMS service, hence provides more secure service. This scheme shows significant potential bridging the gap between conventional textual password and graphical password. Further enhancements of this scheme are proposed and briefly discussed.

Download Full-text