A survey of Password Attacks and Comparative Analysis on Methods for Secure Authentication

Comparative Analysis of Authentication Methods

Download 48,61 Kb.

bet	6/6
Sana	22.05.2023
Hajmi	48,61 Kb.
	#942481

1 2 3 4 5 6

Bog'liq
A Survey of Password Attacks and Compara (1)

Comparative Analysis of Authentication Methods: In Table 1 different password methods are comparatively highlighted in which it is tried to show that which password method or authentication scheme could resist against what type of attacks. The table also highlights method’s additional requirements, cost, processing time, protection level and method’s effect towards person’s metal condition.

Table 1: Analysis of authentication methods
Additional Hardware Mental Protection Processing

Method	Resistance to attacks	Requirement	Cost	attitude effects	level	Time
Conventio-nal password scheme	No		Normal		Low	Fast
Key stroke dynamics	Shoulder surfing, pishing, key loggers	No	Normal	Yes	Medium	Medium
Click patterns	Shoulder surfing, pishing, key loggers	No	Normal	Yes	Medium	Medium
Graphical passwords	Shoulder surfing	Yes	High	Yes	Medium	Slow
Biometrics	Shoulder surfing, pishing, key loggers etc	Yes	High	No	High	Slow
Authentication Panel	Video recording, shouldering	No	Normal	Yes	High	medium
Reformation Based	Brute force, video recording, shoudering	No	Normal	No	Medium	Fast
	and dictionary attacks
Moving Balls Based	Dictionary attacks, shouldering	No	Normal	Yes	High	medium
Expression Based	Brute force, video recording, shoudering	No	Normal	Yes	High	Fast
	and dictionary attacks
Virtual Passwords	Pishing, key loggers and all other	May be	May be high	No	Medium	Fast
	online attacks
Time Signature	Shoulder surfing, dictionary attacks,	No	Normal	Yes	High	Slow
	replay attacks, key loggers etc

CONCLUSION 7. Arvind Narayanan and Vitaly Shmatikov, 0000. Fast dictionary attacks on passwords using
Through this survey several things are concluded as time-space tradeoff, Conference on Computer and before adopting any password or authentication method, Communications Security, Proceedings of the 12^thuser must know the password attack and then user should ACM Conference on Computer and Communications apply appropriate solution. The user should apply the Security, pp: 364-372.
authentication method according to scenario because 8. Kessler, Gary C., 2002. Passwords - Strengths and some of the methods are applicable at stand alone system Weaknesses. Jan 1996. URL: http:// and some are applicable at online environments as over www.garykessler.net/library/password.html.
ATM and several internet services. Although several 9. Huanyu Zhao Xiaolin Li, 2007. A Scalable novel schemes described here provide protection against Shoulder-Surfing Resistant Textual-Graphical dictionary attacks, brute force attacks, video recording Password Authentication Scheme, Advanced attacks, spyware, shoulder surfing, phishing etc but in Information Networking and Applications

order to secure the system. Also different password Workshops, 2007, AINAW '07. 21^stschemes can be merged together to form a single and Conference, 2(s): 467-472.
International

more secured password scheme. Such scheme can be the 10. Syverson, P., et al., 1994. A taxonomy of replay combinations of passwords schemes such as: attacks [cryptographic protocols], Proceedings of
Computer Security Foundations Workshop VII,
Conventional Passwords CSFW, 7(s): 187-191.
Conventional + Keystrokes Dynamics 11. Fahad Ikram, Muhammad Sharif and Mudassar Raza, Conventional + Click Patterns 2008. Protecting Users against Phishing Attacks in 7^th
Biometrics + Conventional + Keystrokes CIIT Workshop on Research in Computing June 23,
Conventional + Memorable 2008 CIIT, Lahore - Pakistan.
12. Baig, M.M. and W. Mahmood, 2007. A Robust
REFERENCES Technique of Anti Key-Logging using Key-Logging Mechanism, Digital EcoSystems and Technologies

Anand Sharma and Vibha Ojha, 2010. Password Conference, 2007. DEST '07. Inaugural IEEE-IES, based authentication: Philosophical Survey. IEEE. Feb 2007, (s): 314-318.
Martinez-Diaz, M. and C. Martin-Diaz, 2010. A 13. Haider, S., A. Abbas and A.K. Zaidi, 2000. A Multi comparative evaluation of finger drawn graphical Technique Approach for User Identification through

password verification methods. 12^thinternational Keystroke Dynamics, 2000 IEEE International
conference on frontiers in handwriting recognition Conference on Systems, Man and Cybernetics, 2010 Spain. 2(s): 1336-1341.

Ilkka Uusitalo and Josep M. Catot, 2009. Phishing 14. Nick Bartlow and Bojan Cukic, 2006. Evaluating the and countermeasures in Spanish online Banking. Reliability of Credential Hardening through

₃rd
International conference on emerging security Keystroke Dynamics, 17^thInternational Symposium

information, System and Technologies. on Software Reliability Engineering, 2006. ISSRE
4 Ali, M. Eljetlawi and Norafia Ithnin, 2008. Graphical apos06 Nov.(s): 117-126.
password: Comprehensive study of the useability 15. Jarmo Ilonen1, 2003. Keystroke Dynamics, Advanced features of the recognition base graphical Topics in Information Processing 1 - Lectures, Wed password methods. 3^rdInternational conference on Dec 10, 2003, http:// www.it.lut.fi/ kurssit/ 0304/ convergence and Hybrid Information Technology. 010970000/lectures.html.

Fujita, K. and Y. Hirakawa, 2008. A study of 16. Enzhe Yu Sungzoon Cho, 2003. GA-SVM password authentication method against observing wrapper approach for feature subset selection in attacks. 6^thInternational Symposium on Intelligent keystroke dynamics identity verification, Systems and Informatics, SISY 2008. Proceedings of the International Joint Conference
Muhammad Sharif and Aman Ullah Khan, 2007. on Neural Networks, 2003. 3(s): 2253- 2257 Vol. 3 Benchmarking of PVM and LAM/MPI Using OSCAR, ISSN: 1098-7576.

Rocks and Knoppix Clustering Tools in ICCISSE 17. Tai-Hoon Cho, 2006. Pattern Classification 2007, XXI. International Conference on Computer, Methods for Keystroke Analysis, SICE-ICASE, Information and Systems Science and Engineering 2006. International Joint Conference Oct. 2006, May 25-27, 2007 Vienna, Austria. (s): 3812-3815.

Attila Mészáros, Zoltán Bankó and László Czúni, 26. Fadhli Wong Mohd Hasan Wong Supian, A.S.M. 2007. Strengthening Passwords by Keystroke Ismail and A.F. Lai Weng Kin Ong Cheng Soon, 2001. Dynamics, IEEE International Workshop on Enhanced User Authentication through Typing Intelligent Data Acquisition and Advanced Biometric with Artificial Neural Networks and K- Computing Systems: Technology and Applications Nearest Neighbour Algorithm, Thirty-Fifth Asilomar 6-8 September 2007, Dortmund, Germany. Conference on Signals, Systems and Computers,
Dalia Abdul Hadi Abdul Ameer and Ahmed 2001. 2(s): 911-915 Vol. 2, ISBN: 0-7803-7147-X. Abdulhakim Al-Absi, 2010. Anywhere On-Keyboard 27. Manabo Hirano and Tomohiro Umeda, 2009. T-PIM: Password Technique. IEEE Student conference on Trusted password Input method against data stealing Research and development 2010 Putrajaya Malaysia. Malware IEEE 6^thInternational Conference on IT.
Muhammad Sharif, Tariq Faiz and Mudassar Raza, 28. Hirotaka Tazawa and Takashi Katoh, 2010. A user 2008. Time Signatures - An Implementation of authentication scheme using Multiple Passphrases Keystroke and Click Patterns for Practical and Secure and its arrangements. ISITA Taiwan. Authentication, The third International Conference 29. Safdar, S., M.F. Hassan, M.A. Qureshi, R. Akbar and on Digital Information Management (IEEE ICDIM R. Aamir, 2010. Authentication model based on 2008), 13-16 November, 2008, University of east reformation mapping method “ International London, London UK. Conference on Information and Emerging
Abdurazzag Ali Abura and Manal I. Al Fallah, 2008. Technologies (ICIET).

Password generator based on mouse clicks signal 30. Shakir, M. and Abdul Ayaz Khan, 2010. S3TFPAS: and screen cursor position. IEEE Proceedings of the Scalable shoulder surfing resistant Textual-Formula International Conference on Computer and base Password Authentication system. IEEE. Communication Engineering. 31. Shahid, M. and M.A. Qadeer, 2009. Novel scheme for

Qurat-Ul-Ain Arshad, Muhammad Sharif, Mudassar securing passwords”. IEEE 3^rdInternational

Raza and Aman Ullah Khan, 2007. Secured and Conference on Digital Ecosystems and Technologies, Handy Graphical Password System, National DEST '09.
Conference of Information and Communication 32. Mohammadi, S. and S.Z. Hosseini, 0000. Virtual Technologies (NCICT-2007), June 09, 2007, at Main password using Runge-kutta method for internet
Campus University of Science and Technology, banking. IEEE 2^ndInternational Conference on
Bannu, NWFP, Pakistan. Communication Software and Networks.

Mohd Ali Bin Mohd Isa and Mohd Nor Hajar Hasrol, 33. Qiang Wang and Zhiguang Qin, 2010. Stronger User

2008. User perception towards the use of colour as authentication for web browser. 3^rdInternational
Authentication method: focus on FTMSK lecturer. conference on advance computer theory and Proceeding of the International Conference on engineering (ICACTE) China.
Computer and Communication Engineering Malaysia. 34. http://www.datadoctor.ws/disk-data-recovery/

Varun Kacholia and Shashank Pandit, 2003. Biometric keylogger.html.

Authentication Using Random Distribution 35. http://newsdesk.si.edu/images_full/images/museums (BioART), Canadian IT Security Symposium (CITSS) /nmah/treasures/morse_telegraph_ key. jpg.

Ahmed, A.A.E. and I. Traore, 2005. Anomaly Intrusion Detection Based on Biometrics, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop, IAW '05.

Download 48,61 Kb.

Do'stlaringiz bilan baham:

1 2 3 4 5 6