Mechanism for the prevention of password reuse through Anonymized Hashes

Mapping Intimacies ◽

10.7287/peerj.preprints.3322v1 ◽

2017 ◽

Cited By ~ 1

Author(s):

Junade Ali

Keyword(s):

User Authentication ◽

Third Party ◽

The Internet ◽

Password Authentication ◽

Security Issues ◽

The Us ◽

Authentication System ◽

Gain Access

Password authentication is an essential and widespread form of user authentication on the Internet with no other authentication system matching its dominance. When a password on one website is breached, if reused, the stolen password can be used to gain access to multiple other authenticated websites. Even amongst technically educated users, the security issues surrounding password reuse are not well understood and restrictive password composition rules have been unsuccessful in reducing password reuse. In response, the US NIST have published standards outlining that, when setting passwords, authentication systems should validate that user passwords have not already been compromised or breached. We propose a mechanism to allows for clients to anonymously validate whether or not a password has been identified in a compromised database, without needing to download the entire database or send their password to a third-party service. A mechanism is proposed whereby password hash data is generalized such that it holds the k-anonymity property. An implementation is constructed to identify to what extent the data should be generalized for it to hold k-anonymity and additionally to group password hashes by their generalized anonymous value. The implementation is run on a database of over 320 million leaked passwords and the results of the anonymization process are considered.

Download Full-text

Mechanism for the prevention of password reuse through Anonymized Hashes

10.7287/peerj.preprints.3322 ◽

2017 ◽

Author(s):

Junade Ali

Keyword(s):

User Authentication ◽

Third Party ◽

The Internet ◽

Password Authentication ◽

Security Issues ◽

The Us ◽

Authentication System ◽

Gain Access

Download Full-text

A Study on User Authentication Methodology Using Numeric Password and Fingerprint Biometric Information

BioMed Research International ◽

10.1155/2013/427542 ◽

2013 ◽

Vol 2013 ◽

pp. 1-7 ◽

Cited By ~ 4

Author(s):

Seung-hwan Ju ◽

Hee-suk Seo ◽

Sung-hyu Han ◽

Jae-cheol Ryou ◽

Jin Kwak

Keyword(s):

Information Security ◽

User Authentication ◽

The Internet ◽

Password Authentication ◽

System Use ◽

Authentication System ◽

Access Information ◽

Authentication Security ◽

Biometric Information

The prevalence of computers and the development of the Internet made us able to easily access information. As people are concerned about user information security, the interest of the user authentication method is growing. The most common computer authentication method is the use of alphanumerical usernames and passwords. The password authentication systems currently used are easy, but only if you know the password, as the user authentication is vulnerable. User authentication using fingerprints, only the user with the information that is specific to the authentication security is strong. But there are disadvantage such as the user cannot change the authentication key. In this study, we proposed authentication methodology that combines numeric-based password and biometric-based fingerprint authentication system. Use the information in the user's fingerprint, authentication keys to obtain security. Also, using numeric-based password can to easily change the password; the authentication keys were designed to provide flexibility.

Download Full-text

Review Reports on User Authentication Methods in Cyber Security

WSEAS TRANSACTIONS ON COMMUNICATIONS ◽

10.37394/23204.2020.19.17 ◽

2020 ◽

Vol 19 ◽

Keyword(s):

Radio Frequency Identification ◽

Cyber Security ◽

User Authentication ◽

The Internet ◽

Security Issues ◽

Business Applications ◽

Online Business ◽

Frequency Identification ◽

Review Reports ◽

Verification Techniques

The Internet has merged itself as an extremely ground- breaking stage that has changed the correspondence and business exchanges. Presently, the quantity of clients exploring the Internet is more than 2.4 billion. This enormous group of spectators requests online business, learning sharing, informal organizations and so on, which became exponentially in the course of recent years. Accordingly, it prompts the requirement for security and improved protection. As of late, misrepresentation over the Internet comprises one of the fundamental disadvantages for the across the board of the utilization of business applications. Along these lines, the three imperative security issues occur each day in our universe of straightforward design, even more decisively: recognizable proof, confirmation and approval. Distinguishing proof is a procedure that empowers acknowledgment of a substance, which might be either, a human, a machine, or another advantage, for example, a product program. In security frameworks, validation and approval are two reciprocal systems for figuring out who can get to the data assets over a system. Numerous arrangements have been proposed in the writing, from a straightforward secret phrase to late advancements dependent on RFID (Radio Frequency Identification) or biometrics. This paper gives an outline on existing verification techniques, and its upsides and downsides when planning online assistance.

Download Full-text

Comparing User Authentication Techniques for Fog Computing

Advances in Computer and Electrical Engineering - Advancing Consumer-Centric Fog Computing Architectures ◽

10.4018/978-1-5225-7149-0.ch006 ◽

2019 ◽

pp. 111-125 ◽

Cited By ~ 1

Author(s):

Kashif Munir ◽

Lawan A. Mohammed

Keyword(s):

Internet Of Things ◽

User Authentication ◽

Fog Computing ◽

Security And Privacy ◽

Password Authentication ◽

Industrial Internet ◽

Massive Scale ◽

Computing Environments ◽

Password Based Authentication ◽

Gain Access

In the IoT scenario, things at the edge can create significantly large amounts of data. Fog computing has recently emerged as the paradigm to address the needs of edge computing in internet of things (IoT) and industrial internet of things (IIoT) applications. Authentication is an important issue for the security of fog computing since services are offered to massive-scale end users by front fog nodes. Fog computing faces new security and privacy challenges besides those inherited from cloud computing. Authentication helps to ensure and confirms a user's identity. The existing traditional password authentication does not provide enough security for the data, and there have been instances when the password-based authentication has been manipulated to gain access to the data. Since the conventional methods such as passwords do not serve the purpose of data security, this chapter focuses on biometric user authentication in fog computing environments. In this chapter, the authors present biometric smartcard authentication to protect the fog computing environment.

Download Full-text

Two factor authentication framework based on ethereum blockchain with dApp as token generation system instead of third-party on web application

10.26594/register.v6i2.1932 ◽

2020 ◽

Vol 6 (2) ◽

pp. 74

Author(s):

Marsha Chikita Intania Putri ◽

Parman Sukarno ◽

Aulia Arif Wardana

Keyword(s):

Web Application ◽

User Authentication ◽

Third Parties ◽

Third Party ◽

Generation System ◽

Additional Information ◽

Authentication System ◽

Mitm Attack

Authentication is a method for securing an account by verifying the user identity by inputting email with a password. Two factor authentications is an authentication system that combines the first-factor authentication with the second factor. General two factor authentication by entering an email or username with a password are similar. However, two factor authentication requires additional information that must be inputted by the user. Additional information can be in the form of tokens or one-time passwords (OTP). Two factor authentications generally still uses third-party services to generate token or OTP still have vulnerable because can attacked from tokens steal through MITM and found that the generated tokens with the same value. Therefore, we propose a two-factor authentication framework based on ethereum blockchain with dApp as token generation system. Firstly, outcome from the analysis of the system, next succeeded in creating a two-factor authentication system without using third-parties. Second, token system generate up to 3164 different tokens in one second and has been collisions tested. Third, security method to protect token from MITM attack. The attacker unable to get access caused all the checking are done by dApp user authentication.

Download Full-text

E-commerce: Buying and Selling through Internet in Kosovo

ILIRIA International Review ◽

10.21113/iir.v2i2.154 ◽

2012 ◽

Vol 2 (2) ◽

pp. 264

Author(s):

Dr.Sc. Jusuf Qarkaxhija

Keyword(s):

Third Party ◽

The Internet ◽

Doing Business ◽

Us Military ◽

The Us ◽

The World ◽

Enormous Amount ◽

Virtual Store ◽

Web Designers ◽

E Mail

Before internet was invented, there were invented numerous networks that helped American businesses in multiple savings. First of, they didn’t spend money on buying printers or scanners for the computers they possessed, meaning that the money spent before on buying hundreds of them, now was saved and used to buy a few of printers and scanners. How was this done? This worked by binding the entire computers of a floor to a single network. Second, the factor mostly taken into account is the energy saving and various abuses. Imagine the enormous amount of electricity that hundreds of printers and scanners would spend and how much energy tens of them would spend, moreover just think about how much these devices would be used in offices, where nobody is looking, for personal interests.American business, as the most creative one and the strongest was bothered by only one thing . This was the misuse of secret corporation information. These abuses occurred when the data had to be printed and transferred to corporate subsidiaries around the world. During the transfer the data could also be lost or damaged (intentionally or unintentionally) and then the corporation would suffer losses (the data were transferred via floppy discs, or they were printed in hard copies). The solution for these problems came from the US military that had invented the internet earlier and after having consumed it for its own needs, decided to put it up for American businesses.The internet has developed its own services such as : www, ftp, e-mail, and buying and selling though internet (e-commerce). Nowadays, information exchanges with corporate branches are not made roughly, but electronically in real time. Additionally, this made it possible for a new category of web designers to be created and they created a powerful web-site through which some businesses created virtual shops and they started earning more money than they used to, in their physical stores.This American development started penetrating in other countries as well. In Kosovo and Albania the situation has not changed in terms of doing business through internet. An important reason might be that Kosovo is not admitted to third party service for payments paypal.com, as well as in the world’s largest virtual store Amazon.Inc. But the first steps have already been taken.

Download Full-text

Password Authentication System using Coordinates & Location

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.a4384.119119 ◽

2019 ◽

Vol 9 (1) ◽

pp. 1531-1535

Keyword(s):

Graphical User Interface ◽

User Authentication ◽

Geographical Location ◽

Brute Force ◽

Dictionary Attack ◽

Password Authentication ◽

Cryptographic Keys ◽

Frame Work ◽

Authentication System ◽

Location Point

Password authentication system is a very important factor for every system which needs to be secure. Every password is easy to crack and people are looking for a strong password to their systems. Here we use a password authentication system that is designed for high security and could be easily put into old system. In our frame work we are using cryptographic representation for converting location point into coordinates. Our primary aim is to prevent hacking through all kinds of brute force algorithms. It is concerned with including client’s geographical location as an important authentication factor to enhance security. Techniques to integrate location as an authentication factor as well as techniques to generate location based cryptographic keys are reviewed and discussed .Most importantly our system combine graphical user authentication and location coordinates .Existing system was vulnerable to dictionary attack algorithm and salt data algorithm ,so efforts are been taken to generate non repeatable graphical user interface system using coordinates .

Download Full-text

Cloud Computing Issues, Challenges, and Needs: A Survey

JOIV International Journal on Informatics Visualization ◽

10.30630/joiv.5.3.671 ◽

2021 ◽

Vol 5 (3) ◽

pp. 298

Author(s):

Mohammad Aljanabi ◽

Shams N. Abd-Alwahab ◽

RD Rohmat Saedudin ◽

Hind Raad Ebraheem ◽

- Defni ◽

...

Keyword(s):

Cloud Computing ◽

Cloud Security ◽

Software As A Service ◽

The Internet ◽

Security Requirement ◽

Infrastructure As A Service ◽

Security Issues ◽

Secondary Usage ◽

Personal Devices ◽

Gain Access

Cloud computing represents a kind of computing that is based on the sharing of computing resources instead of possessing personal devices or local servers for handling several applications and tasks. This kind of computing includes three distinguished kinds of services provided remotely for clients that can be accessed by using the Internet. Typically, clients work on paying annual or monthly service fees for suppliers, in order to gain access to systems that work on delivering infrastructure as a service, platforms as a service, and software as a service for any subscriber. In this paper, the usefulness and the abuse of the cloud computing are briefly discussed and presented by highlighting the influences of cloud computing in different areas. Moreover, this paper also presents the kinds and services of cloud. In addition, the security issues that cover the cloud security solution requirements, and the cloud security issues, which is one of the biggest issues in recent years in cloud computing were presented in this paper. The security requirement that needs by the cloud computing covers privacy, lack of user control, unauthorized secondary usage, and finally data proliferation and data flow. Meanwhile, the security issues cover including ownership of device, the trust issue and legel aspects. To overcome the security issues, this paper also presents the solution at the end of this paper.

Download Full-text

Personal Jurisdiction Based on the Location of a Server: Chinese Territorialism in the Internet Era?

10.31235/osf.io/emhkn ◽

2021 ◽

Author(s):

Jie Huang

Keyword(s):

International Law ◽

Legal Theory ◽

Geographic Location ◽

Third Party ◽

The Internet ◽

Private International Law ◽

The Us ◽

Intellectual Property Infringement ◽

Personal Jurisdiction ◽

Jurisdiction Rule

Whether a court can exercise personal jurisdiction based on the location of a server in internet tort cases is a controversial issue. Its significance comes from the paradox that the internet is de-localized because it is ubiquitous, but servers are indispensable to the internet and every server has a geographic location. Since 2001, Chinese law has allowed courts to exercise personal jurisdiction solely based on the location of a server or other computing equipment in intellectual property infringement cases. Recently, it has extended this jurisdiction rule to all internet torts. This paper asks whether the location of a server should be considered as the place where the tort occurs and whether this territorial-based jurisdiction rule can suffice its public-law legislative goal. It may enrich current research about technology-mediated legal challenges to private international law in two aspects. Firstly, it conducts a broad international survey by looking into laws in China, the US, Australia and the EU. It also analyzes where the tort occurs when servers are owned by an infringer, a third party or an infringee in domain name registration, service outsourcing, platform, cloud computing, commercial spams, etc. It concludes that in legal theory, the location of the server is not the place where an internet tort occurs. Secondly, by analyzing China’s experience, it argues that, in the internet era, states have to look for private-international-law tools to advance their public policy claims. However, the practice shows that the territorial-based jurisdiction rule is limited in fulfilling its pubic-law legislative goal.

Download Full-text

Blacklisted Password Authentication System

International Journal of Computer Sciences and Engineering ◽

10.26438/ijcse/v7i6.633635 ◽

2019 ◽

Vol 7 (6) ◽

pp. 633-635

Author(s):

Payal . ◽

Suman Sangwan ◽

Arun Malik

Keyword(s):

Password Authentication ◽

Authentication System

Download Full-text