SlideShare a Scribd company logo

An Enhanced Security System for Web Authentication

IJMER, profile picture
IJMER

The document presents an enhanced security system for web authentication that combines textual passwords, one-time passwords (OTP), and a 3D password approach to improve user authentication. This multilevel system addresses vulnerabilities associated with traditional password methods by implementing a unique session-based OTP and a 3D virtual environment for user interaction to create a complex password. Overall, this method significantly enhances the security of online accounts and sensitive data access.

EngineeringTechnology
1 of 8
Download to read offline
1
2
3
4
5
6
7
8
International OPEN ACCESS Journal Of Modern Engineering Research (IJMER) | IJMER | ISSN: 2249–6645 | www.ijmer.com | Vol. 4 | Iss. 4 | April. 2014 | 13 | An Enhanced Security System for Web Authentication Rajnish Kumar1 , Akash Rana2 , Aditya Mukundwar3 1,2,3, (Department of Computer Engineering, Sir Visvesvaraya Institute of Technology, Nashik, India) I. INTRODUCTION Due to fast technology and evaluation in internet, all type of organization such as business, educational, medical and engineering and even all are having a website. User registers on that website and create an account. They Use textual passwords to login but this textual passwords can be easily hacked by many ways such as using 3rd party software’s, by guessing so for Authentication purpose, An OTP password should be required for only one session and this OTP password should come on User’s registered Mobile Number or Email Id. This type of security system can enhance the Web Authentication. In this paper, we present and evaluate our contribution, i.e., the OTPS and 3-D password.A proposed system combines the 3 different password authentication systems.First is Normal and old textual password system, after successfully login to textualpassword system, server will send Password in decrypted form through SMS to valid User. Once the user enter correct password which he had received from server user willsuccessfully pass through OTPS (i.e. One Time Password System) phase, and user will enter to 3D authentication phase. One-time password systems provide a mechanism for logging on to a networkor service using a unique password which can only be used once, as the name suggests this prevents some forms of identity theft by making sure that a captured username/password pair cannot be used a second time. Typically the user’s login name stays the same, and the one-time password changes with each login. One-time passwords area form of so- called strong authentication, providing much better protection to on-linebank accounts, corporate networks and other systems containing sensitive data. The3-D password is a multifactor authentication scheme. To be authenticated, we presenta 3-D virtual environment where the user navigates and interacts with various objects. The sequence of actions and interactions toward the objects inside the 3-D environmentconstructs the user’s 3-D password. The design of the 3-D virtual environment and thetype of objects selected determine the 3-D password key space.The proposed system is multilevel authentication system for Web which is a combinationof three authentication systems and in turn provides more powerful authenticationthan existing authentication system. II. LITERATURE SURVEY For any project, Literature Survey is considered as the backbone. Hence it is neededto be well aware of the current technology and systems in market which is similar withthe system to be developed. The dramatic increase of computer usage has given rise to many security concerns.One major security concern is authentication, which is the process of validating who you are to whom you claimed to be. In general, human Abstract:Web authentication has low security in these days. Todays, For Authentication purpose, Textual passwords are commonly used; however, users do not follow their requirements. Users tend to choose meaningful words from dictionaries, which make textual passwords easy tobreak and vulnerable to dictionary or brute force attacks. Also, Textual passwords can be identified by 3rd party software’s. Many available graphicalpasswords have a password space that is less than or equal to the textual passwordspace. Smart cards or tokens can be stolen.There are so many biometric authentications have been proposed; however, users tend to resistusing biometrics because of their intrusiveness and the effect on their privacy. Moreover,biometrics cannot be evoked.In this paper, we present and evaluate our contribution,i.e., the OTP and 3-D password. A one-time password (OTP) is a password that isvalid for only one login session or transaction. OTPs avoid a number of shortcomingsthat are associated with traditional (static) passwords. The most important shortcoming that is addressed by OTPs is that, in contrast to static passwords, they are not vulnerable to replay attacks. It means that a potential intruder who manages to record an OTPthat was already used to log into a service or to conduct a transaction will not be able toabuse it, since it will be no longer valid. The 3-D password is a multifactor authenticationscheme. To be authenticated, we present a 3-D virtual environment where the usernavigates and interacts with various objects. The sequence of actions and interactionstoward the objects inside the 3-D environment constructs the user’s 3-D password. Keywords:OTP, FTP, AES, 3D Virtual Environment.
An Enhanced Security System for Web Authentication | IJMER | ISSN: 2249–6645 | www.ijmer.com | Vol. 4 | Iss. 4 | April. 2014 | 14 | authentication techniques canbe classified as knowledge based (what you know), token based (what you have), andbiometrics (what you are). Knowledge-based authentication can be further divided intotwo categories as follows: 1) recall based and 2) recognition based. Recall-based techniquesrequire the user to repeat or reproduce a secret that the user created before.Recognition based techniques require the user to identify and recognize the secret, orpart of it, that the user selected before. Existing System These are the following Existing System: 1. Textual Password System 2. Token Based System 3. Graphical Based Password System 4. Biometric System 1. Textual Password System Textual passwords are commonly used. One major drawback of the textualpassword is its two conflicting requirements: the selection of passwords that areeasy to remember and, at the same time, are hard to guess. Even though the fulltextual password space for eight-character passwords consisting of letters andNumbers is almost 2 * 1014 possible passwords; it is easy to crack 25 percentof the passwords by using only a small subset of the full password space. Many authentication systems, particularly in banking, require not only what the userknows but also what the user possesses (token-based systems). However, manyreports have shown that tokens are vulnerable to fraud, loss, or Theft by usingsimple techniques. 2. Token Based System A token is a physical device that an authorized user of computer services is given to ease authentication. The term may also refer to software tokens. Securitytokens are used to prove one’s identity electronically (as in the case of a customertrying to access their bank account). The token is used in addition to or in placeof a password to prove that the customer is who they claim to be. The token actslike an electronic key to access something. 3. Graphical Based Password System Graphical passwords can be divided into two categories as follows:  Recognition based  Recall based. Various graphical password schemes have been proposed .Graphical passwords are based on the idea that users can recall and recognize pictures betterthan words. However, some of the graphical password schemes require a longtime to be performed. Moreover, most of the graphical passwords can be easilyobserved or recorded while the legitimate user is performing the graphical password;thus, it is vulnerable to shoulder surfing attacks. Currently, most graphicalpasswords are still in their research phase and require more enhancements andusability studies to deploy them in the market. 4. Biometric System Many biometric schemes have been proposed; fingerprints, palm prints, handgeometry, face recognition, voice recognition, iris recognition, and retina recognition are all different biometric schemes. Each biometric recognition scheme hasits advantages and disadvantages based on several factors such as consistency,uniqueness, and acceptability. One of the main drawbacks of applying biometricsis its intrusiveness upon a user’s personal characteristic. Moreover, retinabiometric recognition schemes require the user to willingly subject their eyes toa low-intensity infrared light. In addition, most biometric systems require a specialscanning device to authenticate users, which is not applicable for remote andInternet users. Proposed System A proposed system is multilevel authentication system in which we combine the 3 different password authentication systems that are textual, OTPS and 3D password authentication system. Following are the proposed system: 1. OTPS (One Time Password System) 2. 3D Password System
An Enhanced Security System for Web Authentication | IJMER | ISSN: 2249–6645 | www.ijmer.com | Vol. 4 | Iss. 4 | April. 2014 | 15 | 1. OTPS (One Time Password System) One-time password systems provide a mechanism for logging on to a networkor service using a unique password which can only be used once, as the namesuggests. There are two entities in the operation of the OTP one-time passwordsystem. The generator must produce the appropriate one-time password from theuser’s secret pass-phrase and from information provided in the challenge fromthe server. The server must send a challenge that includes the appropriate generationparameters to the generator, must verify the one-time password received,must store the last valid one-time password it received, and must store the correspondingone-time password sequence number. The server must also facilitatethe changing of the user’s secret pass-phrase in a secure manner. The OTP system generator passes the user’s secret pass-phrase, along with aseed received from the server as part of the challenge, through multiple iterationsof a secure hash function to produce a one-time password. After each successfulauthentication, the number of secure hash function iterations is reduced by one.Thus, a unique sequence of passwords is generated. The server verifies the onetimepassword received from the generator by computing the secure hash functiononce and comparing the result with the previously accepted one-time password.This technique was first suggested by Leslie Lamport. 2.3D Password System It is the user’s choice to select which type of authentication techniques will be part of their 3D password. This is achieved through interacting only withthe objects that acquire information that the user is comfortable in providing andignoring the objects that request information that the user prefers not to provide. For example, if an item requests an iris scan and the user is not comfortable inproviding such information, the user simply avoids interacting with that item.Moreover, giving the user the freedom of choice as to what type of authenticationschemes will be part of their 3-D password and given the large number ofobjects and items in the environment, the number of possible 3-D passwords willincrease. Thus, it becomes much more difficult for the attacker to guess the user’s3-D password. It is easier to answer multiple-choice questions than essay questions becausethe correct answer may be recognized. To be authenticated in 3D password authenticationstage, we present a 3-D virtual environment where the user navigatesand interacts with various objects. The sequence of actions and interactions towardthe objects inside the 3-D environment constructs the user’s 3-D password. The design of the 3-D virtual environment and the type of objects selected determinethe 3-D password key space. III. SYSTEM ARCHITECTURE Figure 3.1: System Architecture There are two modules in the System Architecture: 1. Client Module When user wants to interact with system or user wants to use the services ofthe system first time, he has to register himself. During registration phase, userneeds to provide his or her basic information including personal mobile numberand at the time of login user needs to provide his valid username which is stringof alphanumeric characters and special symbols in order to get access to the resources. During login phase user needs to pass successfully through Textual, OTPand 3D password phases. On which user can receive OTP passwords on his/hermobile. Also he has to select one unique username. And at the same time userhas to create 3D password, which user will use at the time of login.
An Enhanced Security System for Web Authentication | IJMER | ISSN: 2249–6645 | www.ijmer.com | Vol. 4 | Iss. 4 | April. 2014 | 16 | 2. Server Module At the time of login when user login successfully to the textual passwordphase, user will enter into second stage i.e. OTP. In this phase server will generateOTP password which will be stored in encrypted form in database using AESalgorithm and at the same time it will be displayed on user’s mobile in decryptedform. And at the time of verification password entered by user will be encryptedfirst and then will be matched with the password stored in database, if it matchesthen server will remove the OTP password from database as it is valid only forone session. Now the last stage is 3D password. In this phase at the time ofregistration 3D chess board virtual environment will be provided to user fromwhich user will select his 3D password which will be stored in encrypted formin database and at the time of login user needs to recall his previously recordedpassword which is encrypted and matched with the stored encrypted passwordand if it matches with the stored password then the user will get access to thesystem. And after that user can perform transaction and can use the serviceswhich particular bank will provide. IV. MODULES & ALGORITHM Modules Proposed system contains different modules such as: 1. Registration module 2. Textual Login module 3. OTP Login module 4. 3D Login module 5. FTP Access module 6. Setting modules 7. Service module 1. Registration Module: When user wants to access the system first time, then registration moduleis used for registering himself. And it also stores the details of user like name,address, mobile no., email id etc. in database. 2. Textual Login Module: This module is used for accepting the username from end user and sends it toserver module for validating purpose. 3. OTP Login Module: This module is used for accepting the OTP password which he/she had receivedon his/her mobile from the system after providing valid username to textuallogin module. And that password is send to server side for matching withpassword stored in the database. 4. 3D Login Module: After providing valid information in textual as well as OTP login module, in3D login module the 3D chessboard environment will be provided to the end user.In this, user will perform different actions and interactions towards 3D objects which will creates user’s 3D password that will be stored in database in encryptedform. 5. FTP Access Module: Thismodule will be available to the user if and only if user successfully passesthrough login phases. In thismodule FTP services will be provided to the end userwhere user can upload or download to or from server. 6. Setting Module: Setting module allows user to update contact details, reset 3D password aswell as notification settings according to end users choice. 7. Service Module: This module is implemented at server side which is used for providing theservices to user. And also maintains the log of requested users. This module willlisten the request from the client side and will provide response accordingly. Algorithms 1. Proposed System Algorithm This System contains the combinationof textual, OTP and 3D Password Authentication Techniques. User can use thissystem if and only if he has registered himself. If not then user has to registerhimself before using system first time.
An Enhanced Security System for Web Authentication | IJMER | ISSN: 2249–6645 | www.ijmer.com | Vol. 4 | Iss. 4 | April. 2014 | 17 | Steps: 1. Registration Process: In this step, user needs to provide following four types of information. (a) Users Personal Information: In this, user will provide his/her personal info like Full Name, Address,State, and City. (b) Users Contact Details: In this, user will provide his/her contact no.,mobile no. and emailid. (c) Credential Details: At this section, user will provide his/her username and also create3D password from the 3D virtual environment which is provided in theGUI. (d) Notification Details: In this final section, user will select notification options such as login notification,update notification, and reset notification according to user’schoice. 2. Login Process: When user is already registered then for login into system he/she has topass successfully from several stages. (a) Textual Login: In this, user will providehis/her valid username, after that server system will verify that username.And if it is valid then system will allow user to enter into nextstage. (b) OTP Login: After successfully passed through textual login stage user will getOTP password on his/her mobile and if user enter valid OTP passwordthen he/she will enter into last stage. (c) 3D Password Login: Here user has to interact with the 3D chessboard environment andneeds to repeat same movements which he/she had done at the time ofregistration. After doing valid movements user will login successfully. 3. FTP Services: User login successfully into the system then he/she can access the FTPservices where user can upload or download files. Figure 4.1: System Flow 4. AES Algorithm In cryptography, the Advanced Encryption Standard (AES) is an encryptionstandard adopted by the U.S. government. The standard comprises three blockciphers, AES-128, AES-192 and AES-256, adopted from a larger collection originallypublished as Rijndael. The Rijndael cipher was developed by two Belgiancryptographers, Joan Daemen and Vincent Rijmen, and submitted by them to theAES selection process. Each AES cipher has a 128-bit block size, with key sizesof 128, 192 and 256 bits, respectively. The AES ciphers have been analysed extensivelyand are now used worldwide, as was the case with its predecessor, theData Encryption Standard (DES).
An Enhanced Security System for Web Authentication | IJMER | ISSN: 2249–6645 | www.ijmer.com | Vol. 4 | Iss. 4 | April. 2014 | 18 | Steps of AES Algorithm: 1. Key Expansion: Round keys are derived from the cipher key using Rijndael’s key schedule(to expand a short key into a number of separate round keys). 2. Initial Round - AddRoundKey: Each byte of the state is combined with the round key using bitwiseXOR. 3. Rounds (a) SubBytes: SubBytes is used at the encryption site. To substitute a byte, weinterpret the byte as two hexadecimal digits.The SubBytes operationinvolves 16 independent byte-to-byte transformations using lookup table. (b) ShiftRows: The ShiftRows step operates on the rows of the state; it cyclicallyshifts the bytes in each row by a certain offset. For AES, the first rowis left unchanged. Each byte of the second row is shifted one to theleft. Similarly, the third and fourth rows are shifted by offsets of twoand three respectively. For blocks of sizes 128 bits and 192 bits, theshifting pattern is the same. Row n is shifted left circular by n-1 bytes. (c) MixColumns: In the MixColumns step, the four bytes of each column of the stateare combined using an invertible linear transformation. TheMixColumnsfunction takes four bytes as input and outputs four bytes, where eachinput byte affects all four output bytes. Together with ShiftRows, Mix-Columns provides diffusion in the cipher. (d) AddRoundKey: In the AddRoundKey step, the subkey is combined with the state.For each round, a subkey is derived from the main key using Rijndael’skey schedule. The subkey is added by combining each byte of the statewith the corresponding byte of the subkey using bitwise XOR. 4. Final Round (no MixColumns): (a) SubBytes (b) ShiftRows (c) AddRoundKey V. SCREEN SHOTS 5.1 Server Side Home page Figure 5.1: Server Side Home Page 5.2 Client Side Main Form
An Enhanced Security System for Web Authentication | IJMER | ISSN: 2249–6645 | www.ijmer.com | Vol. 4 | Iss. 4 | April. 2014 | 19 | Figure 5.2: Client Side Main Form 5.3 Textual Login Window Figure 5.3: Textual Login Window 5.4 OTP Login Form Figure 5.4: OTP Login Form 5.5 3D Login Form Figure 5.5: 3D Login Form VI. TECHNICAL SPECIFICATION Hardware Requirement 1. Processor: Intel Dual Core. 2. Hard Disk: 40 GB. (Client System), 60 GB. (Server System). 3. RAM: 512 MB. (Client System), 2 GB. (Server System). Software Requirement 1. Database: Oracle 10g 2. Coding language: Java Advantages 1. Not easy to write down on paper 2. Difficult to crack and Avoid Attacks 3. Large password space
An Enhanced Security System for Web Authentication | IJMER | ISSN: 2249–6645 | www.ijmer.com | Vol. 4 | Iss. 4 | April. 2014 | 20 | Disadvantages 1. Not feasible for blind people 2. Shoulder surfing attack is possible Applications 1. Critical server 2. Nuclear and military facilities 3. Air-planes and jetfighters 4. E-Banking& ATMs VII. CONCLUSION In Market, there are so many authentication schemes available.Some techniques are based on user’s physical characteristics as well as behavioral properties, and some other techniques are based on user’s knowledge such as textual and graphical passwords. However, as mentioned before, both authentication schemes are vulnerable to certain attacks. This system is multilevel authentication system for Web because it combines three different authentication system i.e. textual password, one time password and 3D password. So it is difficult to break the system and also provides large password space over alphanumeric password. The proposed system avoids different types of attacks like brute force attack, dictionary attack and well-studied attack. One-time password systems provide a mechanism for logging on to a network or service using a unique password which can only be used once, as the name suggests. VIII. FUTURE SCOPE These are the possible future scopes: 1. Enhancing and Improving the User Experience for the 3-D Password 2. Gathering Attackers from different backgrounds to break the system REFERENCES [1] Prof. Sonkar S. K., Dr. Ghungrad S. B., “Minimum Space and HugeSecurity in 3D Password Scheme”, International Journal of Computer Applications (0975-8887), vol. 29-No. 4,Sept. 2011. [2] Young Sil Lee, “A study on efficient OTP generation using stream cipher with randomdigit”, Advanced Communication Technology(ICACT), 2010The 12th International Conference, vol. 2, pp 1670-1675. Feb. 2010. [3] Renaud, K. (2009).“On user involvement in production of images used invisual authentication”. J.Vis. Lang. Comput. 20(1):1-15. [4] Haichang, G. L. Xiyang, et al.(2009). “Design And Analysis of Graphical Passwordcheme”, Innovative Computing, Information and Control (ICICIC),2009 fourth, International Conference On Graphical Password. [5] Fawaz A. Alsulaiman and Abdulmotaleb El Saddik, “Three-Dimensional Password for More Secure Authentication,”IEEE,http://ieeexplore.ieee.org., Last Updated 6 Feb 2008. [6] Soon Dong Park, JoongChae Na, Young-Hwan Kim, dong KyueKim, “EfficientOTP(One Time Password) Generation using AES based MAC,” Journal of Korea MultimediaSociety, vol. 11, No. 6,pp. 845-851, June. 2008. [7] S.Wiedenbeck, J. Waters, J.-C. Birget, A. Brodskiy, and N. Memon,“Pass Points: Designandlongitudinal evaluation of a graphical password system,” Int. J. Human-Comput. Stud. (Special Issue onHCI Research in Privacy andSecurity), vol. 63, no. 1/2, pp. 102127, Jul.005. [8] S.Wiedenbeck, J. Waters, J.-C. Birget, A. Brodskiy, and N. Memon,“Authentication usinggraphical passwords: Basic results,”in Proc.Human-Comput. Interaction Int. Las Vegas, NV, Jul. 2527, 2005.

More Related Content

PDF
Effectiveness of various user authentication techniques
IAEME Publication
 
PDF
C0210014017
researchinventy
 
PDF
E0962833
IOSR Journals
 
PDF
M-Pass: Web Authentication Protocol
IJERD Editor
 
PDF
Enhancing a Dynamic user Authentication scheme over Brute Force and Dictionar...
IOSR Journals
 
PDF
AN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORD
IJNSA Journal
 
PDF
GENERATION OF SECURE ONE-TIME PASSWORD BASED ON IMAGE AUTHENTICATION
cscpconf
 
PDF
SECURITY ANALYSIS ON PASSWORD AUTHENTICATION SYSTEM OF WEB PORTAL
cscpconf
 
Effectiveness of various user authentication techniques
IAEME Publication
 
C0210014017
researchinventy
 
E0962833
IOSR Journals
 
M-Pass: Web Authentication Protocol
IJERD Editor
 
Enhancing a Dynamic user Authentication scheme over Brute Force and Dictionar...
IOSR Journals
 
AN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORD
IJNSA Journal
 
GENERATION OF SECURE ONE-TIME PASSWORD BASED ON IMAGE AUTHENTICATION
cscpconf
 
SECURITY ANALYSIS ON PASSWORD AUTHENTICATION SYSTEM OF WEB PORTAL
cscpconf
 

What's hot (20)

PDF
Online applications using strong authentication with OTP grid cards
Bayalagmaa Davaanyam
 
PDF
otp crid cards
Bayalagmaa Davaanyam
 
PDF
A secure communication in smart phones using two factor authentications
eSAT Publishing House
 
PDF
Cw4201656660
IJERA Editor
 
PDF
1208 wp-two-factor-and-swivel-whitepaper
Hai Nguyen
 
PDF
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...
IRJET Journal
 
PDF
Sms based otp
Hai Nguyen
 
PDF
Securing corporate assets_with_2_fa
Hai Nguyen
 
PDF
Iaetsd fpga implementation of rf technology and biometric authentication
Iaetsd Iaetsd
 
PDF
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...
IRJET Journal
 
PDF
Count based hybrid graphical password to prevent brute force attack and shoul...
eSAT Publishing House
 
PDF
Multilevel Security and Authentication System
paperpublications3
 
PDF
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD Editor
 
PDF
Graphical Password Authentication using Images Sequence
IRJET Journal
 
PDF
Information Leakage Prevention Using Public Key Encryption System and Fingerp...
CSCJournals
 
PDF
Two Factor Authentication Using Smartphone Generated One Time Password
IOSR Journals
 
PDF
ipas implicit password authentication system ieee 2011
prasanna9
 
PDF
120 i143
Hai Nguyen
 
PDF
Session 7 e_raja_kailar
Hai Nguyen
 
PDF
Sp 29 two_factor_auth_guide
Hai Nguyen
 
Online applications using strong authentication with OTP grid cards
Bayalagmaa Davaanyam
 
otp crid cards
Bayalagmaa Davaanyam
 
A secure communication in smart phones using two factor authentications
eSAT Publishing House
 
Cw4201656660
IJERA Editor
 
1208 wp-two-factor-and-swivel-whitepaper
Hai Nguyen
 
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...
IRJET Journal
 
Sms based otp
Hai Nguyen
 
Securing corporate assets_with_2_fa
Hai Nguyen
 
Iaetsd fpga implementation of rf technology and biometric authentication
Iaetsd Iaetsd
 
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...
IRJET Journal
 
Count based hybrid graphical password to prevent brute force attack and shoul...
eSAT Publishing House
 
Multilevel Security and Authentication System
paperpublications3
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD Editor
 
Graphical Password Authentication using Images Sequence
IRJET Journal
 
Information Leakage Prevention Using Public Key Encryption System and Fingerp...
CSCJournals
 
Two Factor Authentication Using Smartphone Generated One Time Password
IOSR Journals
 
ipas implicit password authentication system ieee 2011
prasanna9
 
120 i143
Hai Nguyen
 
Session 7 e_raja_kailar
Hai Nguyen
 
Sp 29 two_factor_auth_guide
Hai Nguyen
 
Ad

Viewers also liked (20)

PDF
Cn3210001005
IJMER
 
PDF
Compensation for Inverter Nonlinearity Using Trapezoidal Voltage
IJMER
 
PDF
A043010106
IJMER
 
PDF
Ca32920923
IJMER
 
PDF
Job Shop Layout Design Using Group Technology
IJMER
 
PDF
Ea3212451252
IJMER
 
PDF
High speed customized serial protocol for IP integration on FPGA based SOC ap...
IJMER
 
PDF
Optimized FIR filter design using Truncated Multiplier Technique
IJMER
 
PDF
Be31178182
IJMER
 
PDF
A Review Paper on Fingerprint Image Enhancement with Different Methods
IJMER
 
PDF
Effect of SC5D Additive on the Performance and Emission Characteristics of CI...
IJMER
 
PDF
Novel Algorithms for Ranking and Suggesting True Popular Items
IJMER
 
PDF
Colour Rendering For True Colour Led Display System
IJMER
 
PDF
Contact Pressure Validation of Steam Turbine Casing for Static Loading Condition
IJMER
 
PDF
Dr3211721175
IJMER
 
PDF
Performance and Emissions Analysis Using Diesel and Tsome Blends
IJMER
 
PDF
Ap32692697
IJMER
 
PDF
Alternatives for Cellulase Production in Submerged Fermentation with Agroindu...
IJMER
 
PDF
Performance Analysis of the Constructed Updraft Biomass Gasifier for Three Di...
IJMER
 
PDF
Dm3211501156
IJMER
 
Cn3210001005
IJMER
 
Compensation for Inverter Nonlinearity Using Trapezoidal Voltage
IJMER
 
A043010106
IJMER
 
Ca32920923
IJMER
 
Job Shop Layout Design Using Group Technology
IJMER
 
Ea3212451252
IJMER
 
High speed customized serial protocol for IP integration on FPGA based SOC ap...
IJMER
 
Optimized FIR filter design using Truncated Multiplier Technique
IJMER
 
Be31178182
IJMER
 
A Review Paper on Fingerprint Image Enhancement with Different Methods
IJMER
 
Effect of SC5D Additive on the Performance and Emission Characteristics of CI...
IJMER
 
Novel Algorithms for Ranking and Suggesting True Popular Items
IJMER
 
Colour Rendering For True Colour Led Display System
IJMER
 
Contact Pressure Validation of Steam Turbine Casing for Static Loading Condition
IJMER
 
Dr3211721175
IJMER
 
Performance and Emissions Analysis Using Diesel and Tsome Blends
IJMER
 
Ap32692697
IJMER
 
Alternatives for Cellulase Production in Submerged Fermentation with Agroindu...
IJMER
 
Performance Analysis of the Constructed Updraft Biomass Gasifier for Three Di...
IJMER
 
Dm3211501156
IJMER
 
Ad

Similar to An Enhanced Security System for Web Authentication (20)

PPTX
3D PASSWORD
Rajashree Swain
 
PPTX
3 d
geethanjali a
 
PPTX
Examining the Authentication of a user using 3D Password.pptx
drsmithaas
 
PPTX
3D Password
Shubham Rungta
 
PPTX
3D-Password
Devyani Vaidya
 
PDF
Three Step Multifactor Authentication Systems for Modern Security
ijtsrd
 
PPT
Electronic authentication more than just a password
Nicholas Davis
 
PPT
Electronic Authentication More Than Just A Password
Nicholas Davis
 
PDF
Database Security Two Way Authentication Using Graphical Password
IJERA Editor
 
PDF
Kx3518741881
IJERA Editor
 
PPTX
3D Password PRESENTATION - Copy.pptx
abhaydevamore1
 
PPTX
3d authentication
sudheerpothu
 
PPTX
3D Password M Sc BHU Sem 1
Swagato Dey
 
PPTX
3D Passwrd
Rakshita Paliwal
 
PPTX
3D Password and its importance
shubhangi singh
 
PPTX
GADISA GEMECHUGOOD POWERPOINT .pptx @here
gadisagemechu1
 
PPTX
3D PASSWORD
ramyasaikondapi
 
PPT
Electronic Authentication, More Than Just a Password
Nicholas Davis
 
PPT
3D password
Muniba Bukhari
 
PPTX
3D Password for Secure Authentication
Talion2
 
3D PASSWORD
Rajashree Swain
 
3 d
geethanjali a
 
Examining the Authentication of a user using 3D Password.pptx
drsmithaas
 
3D Password
Shubham Rungta
 
3D-Password
Devyani Vaidya
 
Three Step Multifactor Authentication Systems for Modern Security
ijtsrd
 
Electronic authentication more than just a password
Nicholas Davis
 
Electronic Authentication More Than Just A Password
Nicholas Davis
 
Database Security Two Way Authentication Using Graphical Password
IJERA Editor
 
Kx3518741881
IJERA Editor
 
3D Password PRESENTATION - Copy.pptx
abhaydevamore1
 
3d authentication
sudheerpothu
 
3D Password M Sc BHU Sem 1
Swagato Dey
 
3D Passwrd
Rakshita Paliwal
 
3D Password and its importance
shubhangi singh
 
GADISA GEMECHUGOOD POWERPOINT .pptx @here
gadisagemechu1
 
3D PASSWORD
ramyasaikondapi
 
Electronic Authentication, More Than Just a Password
Nicholas Davis
 
3D password
Muniba Bukhari
 
3D Password for Secure Authentication
Talion2
 

More from IJMER (20)

PDF
A Study on Translucent Concrete Product and Its Properties by Using Optical F...
IJMER
 
PDF
Developing Cost Effective Automation for Cotton Seed Delinting
IJMER
 
PDF
Study & Testing Of Bio-Composite Material Based On Munja Fibre
IJMER
 
PDF
Hybrid Engine (Stirling Engine + IC Engine + Electric Motor)
IJMER
 
PDF
Fabrication & Characterization of Bio Composite Materials Based On Sunnhemp F...
IJMER
 
PDF
Geochemistry and Genesis of Kammatturu Iron Ores of Devagiri Formation, Sandu...
IJMER
 
PDF
Experimental Investigation on Characteristic Study of the Carbon Steel C45 in...
IJMER
 
PDF
Non linear analysis of Robot Gun Support Structure using Equivalent Dynamic A...
IJMER
 
PDF
Static Analysis of Go-Kart Chassis by Analytical and Solid Works Simulation
IJMER
 
PDF
High Speed Effortless Bicycle
IJMER
 
PDF
Integration of Struts & Spring & Hibernate for Enterprise Applications
IJMER
 
PDF
Microcontroller Based Automatic Sprinkler Irrigation System
IJMER
 
PDF
On some locally closed sets and spaces in Ideal Topological Spaces
IJMER
 
PDF
Intrusion Detection and Forensics based on decision tree and Association rule...
IJMER
 
PDF
Natural Language Ambiguity and its Effect on Machine Learning
IJMER
 
PDF
Evolvea Frameworkfor SelectingPrime Software DevelopmentProcess
IJMER
 
PDF
Material Parameter and Effect of Thermal Load on Functionally Graded Cylinders
IJMER
 
PDF
Studies On Energy Conservation And Audit
IJMER
 
PDF
An Implementation of I2C Slave Interface using Verilog HDL
IJMER
 
PDF
Discrete Model of Two Predators competing for One Prey
IJMER
 
A Study on Translucent Concrete Product and Its Properties by Using Optical F...
IJMER
 
Developing Cost Effective Automation for Cotton Seed Delinting
IJMER
 
Study & Testing Of Bio-Composite Material Based On Munja Fibre
IJMER
 
Hybrid Engine (Stirling Engine + IC Engine + Electric Motor)
IJMER
 
Fabrication & Characterization of Bio Composite Materials Based On Sunnhemp F...
IJMER
 
Geochemistry and Genesis of Kammatturu Iron Ores of Devagiri Formation, Sandu...
IJMER
 
Experimental Investigation on Characteristic Study of the Carbon Steel C45 in...
IJMER
 
Non linear analysis of Robot Gun Support Structure using Equivalent Dynamic A...
IJMER
 
Static Analysis of Go-Kart Chassis by Analytical and Solid Works Simulation
IJMER
 
High Speed Effortless Bicycle
IJMER
 
Integration of Struts & Spring & Hibernate for Enterprise Applications
IJMER
 
Microcontroller Based Automatic Sprinkler Irrigation System
IJMER
 
On some locally closed sets and spaces in Ideal Topological Spaces
IJMER
 
Intrusion Detection and Forensics based on decision tree and Association rule...
IJMER
 
Natural Language Ambiguity and its Effect on Machine Learning
IJMER
 
Evolvea Frameworkfor SelectingPrime Software DevelopmentProcess
IJMER
 
Material Parameter and Effect of Thermal Load on Functionally Graded Cylinders
IJMER
 
Studies On Energy Conservation And Audit
IJMER
 
An Implementation of I2C Slave Interface using Verilog HDL
IJMER
 
Discrete Model of Two Predators competing for One Prey
IJMER
 

Recently uploaded (20)

PDF
Zero Carbon Building Performance standard
BassemOsman1
 
PPTX
Information Retrieval and Extraction - Module 7
premSankar19
 
PDF
The Effect of Artifact Removal from EEG Signals on the Detection of Epileptic...
Partho Prosad
 
PDF
EVS+PRESENTATIONS EVS+PRESENTATIONS like
saiyedaqib429
 
PPTX
Module2 Data Base Design- ER and NF.pptx
gomathisankariv2
 
PPTX
FUNDAMENTALS OF ELECTRIC VEHICLES UNIT-1
MikkiliSuresh
 
PPTX
business incubation centre aaaaaaaaaaaaaa
hodeeesite4
 
PDF
flutter Launcher Icons, Splash Screens & Fonts
Ahmed Mohamed
 
PDF
Traditional Exams vs Continuous Assessment in Boarding Schools.pdf
The Asian School
 
PDF
Natural_Language_processing_Unit_I_notes.pdf
sanguleumeshit
 
PDF
LEAP-1B presedntation xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
hatem173148
 
PPTX
MSME 4.0 Template idea hackathon pdf to understand
alaudeenaarish
 
PPTX
Civil Engineering Practices_BY Sh.JP Mishra 23.09.pptx
bineetmishra1990
 
PDF
dse_final_merit_2025_26 gtgfffffcjjjuuyy
rushabhjain127
 
PDF
FLEX-LNG-Company-Presentation-Nov-2017.pdf
jbloggzs
 
PDF
Unit I Part II.pdf : Security Fundamentals
Dr. Madhuri Jawale
 
PPTX
Chapter_Seven_Construction_Reliability_Elective_III_Msc CM
SubashKumarBhattarai
 
PPTX
MT Chapter 1.pptx- Magnetic particle testing
ABCAnyBodyCanRelax
 
PDF
top-5-use-cases-for-splunk-security-analytics.pdf
yaghutialireza
 
PDF
settlement FOR FOUNDATION ENGINEERS.pdf
Endalkazene
 
Zero Carbon Building Performance standard
BassemOsman1
 
Information Retrieval and Extraction - Module 7
premSankar19
 
The Effect of Artifact Removal from EEG Signals on the Detection of Epileptic...
Partho Prosad
 
EVS+PRESENTATIONS EVS+PRESENTATIONS like
saiyedaqib429
 
Module2 Data Base Design- ER and NF.pptx
gomathisankariv2
 
FUNDAMENTALS OF ELECTRIC VEHICLES UNIT-1
MikkiliSuresh
 
business incubation centre aaaaaaaaaaaaaa
hodeeesite4
 
flutter Launcher Icons, Splash Screens & Fonts
Ahmed Mohamed
 
Traditional Exams vs Continuous Assessment in Boarding Schools.pdf
The Asian School
 
Natural_Language_processing_Unit_I_notes.pdf
sanguleumeshit
 
LEAP-1B presedntation xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
hatem173148
 
MSME 4.0 Template idea hackathon pdf to understand
alaudeenaarish
 
Civil Engineering Practices_BY Sh.JP Mishra 23.09.pptx
bineetmishra1990
 
dse_final_merit_2025_26 gtgfffffcjjjuuyy
rushabhjain127
 
FLEX-LNG-Company-Presentation-Nov-2017.pdf
jbloggzs
 
Unit I Part II.pdf : Security Fundamentals
Dr. Madhuri Jawale
 
Chapter_Seven_Construction_Reliability_Elective_III_Msc CM
SubashKumarBhattarai
 
MT Chapter 1.pptx- Magnetic particle testing
ABCAnyBodyCanRelax
 
top-5-use-cases-for-splunk-security-analytics.pdf
yaghutialireza
 
settlement FOR FOUNDATION ENGINEERS.pdf
Endalkazene
 

An Enhanced Security System for Web Authentication

  • 1. International OPEN ACCESS Journal Of Modern Engineering Research (IJMER) | IJMER | ISSN: 2249–6645 | www.ijmer.com | Vol. 4 | Iss. 4 | April. 2014 | 13 | An Enhanced Security System for Web Authentication Rajnish Kumar1 , Akash Rana2 , Aditya Mukundwar3 1,2,3, (Department of Computer Engineering, Sir Visvesvaraya Institute of Technology, Nashik, India) I. INTRODUCTION Due to fast technology and evaluation in internet, all type of organization such as business, educational, medical and engineering and even all are having a website. User registers on that website and create an account. They Use textual passwords to login but this textual passwords can be easily hacked by many ways such as using 3rd party software’s, by guessing so for Authentication purpose, An OTP password should be required for only one session and this OTP password should come on User’s registered Mobile Number or Email Id. This type of security system can enhance the Web Authentication. In this paper, we present and evaluate our contribution, i.e., the OTPS and 3-D password.A proposed system combines the 3 different password authentication systems.First is Normal and old textual password system, after successfully login to textualpassword system, server will send Password in decrypted form through SMS to valid User. Once the user enter correct password which he had received from server user willsuccessfully pass through OTPS (i.e. One Time Password System) phase, and user will enter to 3D authentication phase. One-time password systems provide a mechanism for logging on to a networkor service using a unique password which can only be used once, as the name suggests this prevents some forms of identity theft by making sure that a captured username/password pair cannot be used a second time. Typically the user’s login name stays the same, and the one-time password changes with each login. One-time passwords area form of so- called strong authentication, providing much better protection to on-linebank accounts, corporate networks and other systems containing sensitive data. The3-D password is a multifactor authentication scheme. To be authenticated, we presenta 3-D virtual environment where the user navigates and interacts with various objects. The sequence of actions and interactions toward the objects inside the 3-D environmentconstructs the user’s 3-D password. The design of the 3-D virtual environment and thetype of objects selected determine the 3-D password key space.The proposed system is multilevel authentication system for Web which is a combinationof three authentication systems and in turn provides more powerful authenticationthan existing authentication system. II. LITERATURE SURVEY For any project, Literature Survey is considered as the backbone. Hence it is neededto be well aware of the current technology and systems in market which is similar withthe system to be developed. The dramatic increase of computer usage has given rise to many security concerns.One major security concern is authentication, which is the process of validating who you are to whom you claimed to be. In general, human Abstract:Web authentication has low security in these days. Todays, For Authentication purpose, Textual passwords are commonly used; however, users do not follow their requirements. Users tend to choose meaningful words from dictionaries, which make textual passwords easy tobreak and vulnerable to dictionary or brute force attacks. Also, Textual passwords can be identified by 3rd party software’s. Many available graphicalpasswords have a password space that is less than or equal to the textual passwordspace. Smart cards or tokens can be stolen.There are so many biometric authentications have been proposed; however, users tend to resistusing biometrics because of their intrusiveness and the effect on their privacy. Moreover,biometrics cannot be evoked.In this paper, we present and evaluate our contribution,i.e., the OTP and 3-D password. A one-time password (OTP) is a password that isvalid for only one login session or transaction. OTPs avoid a number of shortcomingsthat are associated with traditional (static) passwords. The most important shortcoming that is addressed by OTPs is that, in contrast to static passwords, they are not vulnerable to replay attacks. It means that a potential intruder who manages to record an OTPthat was already used to log into a service or to conduct a transaction will not be able toabuse it, since it will be no longer valid. The 3-D password is a multifactor authenticationscheme. To be authenticated, we present a 3-D virtual environment where the usernavigates and interacts with various objects. The sequence of actions and interactionstoward the objects inside the 3-D environment constructs the user’s 3-D password. Keywords:OTP, FTP, AES, 3D Virtual Environment.
  • 2. An Enhanced Security System for Web Authentication | IJMER | ISSN: 2249–6645 | www.ijmer.com | Vol. 4 | Iss. 4 | April. 2014 | 14 | authentication techniques canbe classified as knowledge based (what you know), token based (what you have), andbiometrics (what you are). Knowledge-based authentication can be further divided intotwo categories as follows: 1) recall based and 2) recognition based. Recall-based techniquesrequire the user to repeat or reproduce a secret that the user created before.Recognition based techniques require the user to identify and recognize the secret, orpart of it, that the user selected before. Existing System These are the following Existing System: 1. Textual Password System 2. Token Based System 3. Graphical Based Password System 4. Biometric System 1. Textual Password System Textual passwords are commonly used. One major drawback of the textualpassword is its two conflicting requirements: the selection of passwords that areeasy to remember and, at the same time, are hard to guess. Even though the fulltextual password space for eight-character passwords consisting of letters andNumbers is almost 2 * 1014 possible passwords; it is easy to crack 25 percentof the passwords by using only a small subset of the full password space. Many authentication systems, particularly in banking, require not only what the userknows but also what the user possesses (token-based systems). However, manyreports have shown that tokens are vulnerable to fraud, loss, or Theft by usingsimple techniques. 2. Token Based System A token is a physical device that an authorized user of computer services is given to ease authentication. The term may also refer to software tokens. Securitytokens are used to prove one’s identity electronically (as in the case of a customertrying to access their bank account). The token is used in addition to or in placeof a password to prove that the customer is who they claim to be. The token actslike an electronic key to access something. 3. Graphical Based Password System Graphical passwords can be divided into two categories as follows:  Recognition based  Recall based. Various graphical password schemes have been proposed .Graphical passwords are based on the idea that users can recall and recognize pictures betterthan words. However, some of the graphical password schemes require a longtime to be performed. Moreover, most of the graphical passwords can be easilyobserved or recorded while the legitimate user is performing the graphical password;thus, it is vulnerable to shoulder surfing attacks. Currently, most graphicalpasswords are still in their research phase and require more enhancements andusability studies to deploy them in the market. 4. Biometric System Many biometric schemes have been proposed; fingerprints, palm prints, handgeometry, face recognition, voice recognition, iris recognition, and retina recognition are all different biometric schemes. Each biometric recognition scheme hasits advantages and disadvantages based on several factors such as consistency,uniqueness, and acceptability. One of the main drawbacks of applying biometricsis its intrusiveness upon a user’s personal characteristic. Moreover, retinabiometric recognition schemes require the user to willingly subject their eyes toa low-intensity infrared light. In addition, most biometric systems require a specialscanning device to authenticate users, which is not applicable for remote andInternet users. Proposed System A proposed system is multilevel authentication system in which we combine the 3 different password authentication systems that are textual, OTPS and 3D password authentication system. Following are the proposed system: 1. OTPS (One Time Password System) 2. 3D Password System
  • 3. An Enhanced Security System for Web Authentication | IJMER | ISSN: 2249–6645 | www.ijmer.com | Vol. 4 | Iss. 4 | April. 2014 | 15 | 1. OTPS (One Time Password System) One-time password systems provide a mechanism for logging on to a networkor service using a unique password which can only be used once, as the namesuggests. There are two entities in the operation of the OTP one-time passwordsystem. The generator must produce the appropriate one-time password from theuser’s secret pass-phrase and from information provided in the challenge fromthe server. The server must send a challenge that includes the appropriate generationparameters to the generator, must verify the one-time password received,must store the last valid one-time password it received, and must store the correspondingone-time password sequence number. The server must also facilitatethe changing of the user’s secret pass-phrase in a secure manner. The OTP system generator passes the user’s secret pass-phrase, along with aseed received from the server as part of the challenge, through multiple iterationsof a secure hash function to produce a one-time password. After each successfulauthentication, the number of secure hash function iterations is reduced by one.Thus, a unique sequence of passwords is generated. The server verifies the onetimepassword received from the generator by computing the secure hash functiononce and comparing the result with the previously accepted one-time password.This technique was first suggested by Leslie Lamport. 2.3D Password System It is the user’s choice to select which type of authentication techniques will be part of their 3D password. This is achieved through interacting only withthe objects that acquire information that the user is comfortable in providing andignoring the objects that request information that the user prefers not to provide. For example, if an item requests an iris scan and the user is not comfortable inproviding such information, the user simply avoids interacting with that item.Moreover, giving the user the freedom of choice as to what type of authenticationschemes will be part of their 3-D password and given the large number ofobjects and items in the environment, the number of possible 3-D passwords willincrease. Thus, it becomes much more difficult for the attacker to guess the user’s3-D password. It is easier to answer multiple-choice questions than essay questions becausethe correct answer may be recognized. To be authenticated in 3D password authenticationstage, we present a 3-D virtual environment where the user navigatesand interacts with various objects. The sequence of actions and interactions towardthe objects inside the 3-D environment constructs the user’s 3-D password. The design of the 3-D virtual environment and the type of objects selected determinethe 3-D password key space. III. SYSTEM ARCHITECTURE Figure 3.1: System Architecture There are two modules in the System Architecture: 1. Client Module When user wants to interact with system or user wants to use the services ofthe system first time, he has to register himself. During registration phase, userneeds to provide his or her basic information including personal mobile numberand at the time of login user needs to provide his valid username which is stringof alphanumeric characters and special symbols in order to get access to the resources. During login phase user needs to pass successfully through Textual, OTPand 3D password phases. On which user can receive OTP passwords on his/hermobile. Also he has to select one unique username. And at the same time userhas to create 3D password, which user will use at the time of login.
  • 4. An Enhanced Security System for Web Authentication | IJMER | ISSN: 2249–6645 | www.ijmer.com | Vol. 4 | Iss. 4 | April. 2014 | 16 | 2. Server Module At the time of login when user login successfully to the textual passwordphase, user will enter into second stage i.e. OTP. In this phase server will generateOTP password which will be stored in encrypted form in database using AESalgorithm and at the same time it will be displayed on user’s mobile in decryptedform. And at the time of verification password entered by user will be encryptedfirst and then will be matched with the password stored in database, if it matchesthen server will remove the OTP password from database as it is valid only forone session. Now the last stage is 3D password. In this phase at the time ofregistration 3D chess board virtual environment will be provided to user fromwhich user will select his 3D password which will be stored in encrypted formin database and at the time of login user needs to recall his previously recordedpassword which is encrypted and matched with the stored encrypted passwordand if it matches with the stored password then the user will get access to thesystem. And after that user can perform transaction and can use the serviceswhich particular bank will provide. IV. MODULES & ALGORITHM Modules Proposed system contains different modules such as: 1. Registration module 2. Textual Login module 3. OTP Login module 4. 3D Login module 5. FTP Access module 6. Setting modules 7. Service module 1. Registration Module: When user wants to access the system first time, then registration moduleis used for registering himself. And it also stores the details of user like name,address, mobile no., email id etc. in database. 2. Textual Login Module: This module is used for accepting the username from end user and sends it toserver module for validating purpose. 3. OTP Login Module: This module is used for accepting the OTP password which he/she had receivedon his/her mobile from the system after providing valid username to textuallogin module. And that password is send to server side for matching withpassword stored in the database. 4. 3D Login Module: After providing valid information in textual as well as OTP login module, in3D login module the 3D chessboard environment will be provided to the end user.In this, user will perform different actions and interactions towards 3D objects which will creates user’s 3D password that will be stored in database in encryptedform. 5. FTP Access Module: Thismodule will be available to the user if and only if user successfully passesthrough login phases. In thismodule FTP services will be provided to the end userwhere user can upload or download to or from server. 6. Setting Module: Setting module allows user to update contact details, reset 3D password aswell as notification settings according to end users choice. 7. Service Module: This module is implemented at server side which is used for providing theservices to user. And also maintains the log of requested users. This module willlisten the request from the client side and will provide response accordingly. Algorithms 1. Proposed System Algorithm This System contains the combinationof textual, OTP and 3D Password Authentication Techniques. User can use thissystem if and only if he has registered himself. If not then user has to registerhimself before using system first time.
  • 5. An Enhanced Security System for Web Authentication | IJMER | ISSN: 2249–6645 | www.ijmer.com | Vol. 4 | Iss. 4 | April. 2014 | 17 | Steps: 1. Registration Process: In this step, user needs to provide following four types of information. (a) Users Personal Information: In this, user will provide his/her personal info like Full Name, Address,State, and City. (b) Users Contact Details: In this, user will provide his/her contact no.,mobile no. and emailid. (c) Credential Details: At this section, user will provide his/her username and also create3D password from the 3D virtual environment which is provided in theGUI. (d) Notification Details: In this final section, user will select notification options such as login notification,update notification, and reset notification according to user’schoice. 2. Login Process: When user is already registered then for login into system he/she has topass successfully from several stages. (a) Textual Login: In this, user will providehis/her valid username, after that server system will verify that username.And if it is valid then system will allow user to enter into nextstage. (b) OTP Login: After successfully passed through textual login stage user will getOTP password on his/her mobile and if user enter valid OTP passwordthen he/she will enter into last stage. (c) 3D Password Login: Here user has to interact with the 3D chessboard environment andneeds to repeat same movements which he/she had done at the time ofregistration. After doing valid movements user will login successfully. 3. FTP Services: User login successfully into the system then he/she can access the FTPservices where user can upload or download files. Figure 4.1: System Flow 4. AES Algorithm In cryptography, the Advanced Encryption Standard (AES) is an encryptionstandard adopted by the U.S. government. The standard comprises three blockciphers, AES-128, AES-192 and AES-256, adopted from a larger collection originallypublished as Rijndael. The Rijndael cipher was developed by two Belgiancryptographers, Joan Daemen and Vincent Rijmen, and submitted by them to theAES selection process. Each AES cipher has a 128-bit block size, with key sizesof 128, 192 and 256 bits, respectively. The AES ciphers have been analysed extensivelyand are now used worldwide, as was the case with its predecessor, theData Encryption Standard (DES).
  • 6. An Enhanced Security System for Web Authentication | IJMER | ISSN: 2249–6645 | www.ijmer.com | Vol. 4 | Iss. 4 | April. 2014 | 18 | Steps of AES Algorithm: 1. Key Expansion: Round keys are derived from the cipher key using Rijndael’s key schedule(to expand a short key into a number of separate round keys). 2. Initial Round - AddRoundKey: Each byte of the state is combined with the round key using bitwiseXOR. 3. Rounds (a) SubBytes: SubBytes is used at the encryption site. To substitute a byte, weinterpret the byte as two hexadecimal digits.The SubBytes operationinvolves 16 independent byte-to-byte transformations using lookup table. (b) ShiftRows: The ShiftRows step operates on the rows of the state; it cyclicallyshifts the bytes in each row by a certain offset. For AES, the first rowis left unchanged. Each byte of the second row is shifted one to theleft. Similarly, the third and fourth rows are shifted by offsets of twoand three respectively. For blocks of sizes 128 bits and 192 bits, theshifting pattern is the same. Row n is shifted left circular by n-1 bytes. (c) MixColumns: In the MixColumns step, the four bytes of each column of the stateare combined using an invertible linear transformation. TheMixColumnsfunction takes four bytes as input and outputs four bytes, where eachinput byte affects all four output bytes. Together with ShiftRows, Mix-Columns provides diffusion in the cipher. (d) AddRoundKey: In the AddRoundKey step, the subkey is combined with the state.For each round, a subkey is derived from the main key using Rijndael’skey schedule. The subkey is added by combining each byte of the statewith the corresponding byte of the subkey using bitwise XOR. 4. Final Round (no MixColumns): (a) SubBytes (b) ShiftRows (c) AddRoundKey V. SCREEN SHOTS 5.1 Server Side Home page Figure 5.1: Server Side Home Page 5.2 Client Side Main Form
  • 7. An Enhanced Security System for Web Authentication | IJMER | ISSN: 2249–6645 | www.ijmer.com | Vol. 4 | Iss. 4 | April. 2014 | 19 | Figure 5.2: Client Side Main Form 5.3 Textual Login Window Figure 5.3: Textual Login Window 5.4 OTP Login Form Figure 5.4: OTP Login Form 5.5 3D Login Form Figure 5.5: 3D Login Form VI. TECHNICAL SPECIFICATION Hardware Requirement 1. Processor: Intel Dual Core. 2. Hard Disk: 40 GB. (Client System), 60 GB. (Server System). 3. RAM: 512 MB. (Client System), 2 GB. (Server System). Software Requirement 1. Database: Oracle 10g 2. Coding language: Java Advantages 1. Not easy to write down on paper 2. Difficult to crack and Avoid Attacks 3. Large password space
  • 8. An Enhanced Security System for Web Authentication | IJMER | ISSN: 2249–6645 | www.ijmer.com | Vol. 4 | Iss. 4 | April. 2014 | 20 | Disadvantages 1. Not feasible for blind people 2. Shoulder surfing attack is possible Applications 1. Critical server 2. Nuclear and military facilities 3. Air-planes and jetfighters 4. E-Banking& ATMs VII. CONCLUSION In Market, there are so many authentication schemes available.Some techniques are based on user’s physical characteristics as well as behavioral properties, and some other techniques are based on user’s knowledge such as textual and graphical passwords. However, as mentioned before, both authentication schemes are vulnerable to certain attacks. This system is multilevel authentication system for Web because it combines three different authentication system i.e. textual password, one time password and 3D password. So it is difficult to break the system and also provides large password space over alphanumeric password. The proposed system avoids different types of attacks like brute force attack, dictionary attack and well-studied attack. One-time password systems provide a mechanism for logging on to a network or service using a unique password which can only be used once, as the name suggests. VIII. FUTURE SCOPE These are the possible future scopes: 1. Enhancing and Improving the User Experience for the 3-D Password 2. Gathering Attackers from different backgrounds to break the system REFERENCES [1] Prof. Sonkar S. K., Dr. Ghungrad S. B., “Minimum Space and HugeSecurity in 3D Password Scheme”, International Journal of Computer Applications (0975-8887), vol. 29-No. 4,Sept. 2011. [2] Young Sil Lee, “A study on efficient OTP generation using stream cipher with randomdigit”, Advanced Communication Technology(ICACT), 2010The 12th International Conference, vol. 2, pp 1670-1675. Feb. 2010. [3] Renaud, K. (2009).“On user involvement in production of images used invisual authentication”. J.Vis. Lang. Comput. 20(1):1-15. [4] Haichang, G. L. Xiyang, et al.(2009). “Design And Analysis of Graphical Passwordcheme”, Innovative Computing, Information and Control (ICICIC),2009 fourth, International Conference On Graphical Password. [5] Fawaz A. Alsulaiman and Abdulmotaleb El Saddik, “Three-Dimensional Password for More Secure Authentication,”IEEE,http://ieeexplore.ieee.org., Last Updated 6 Feb 2008. [6] Soon Dong Park, JoongChae Na, Young-Hwan Kim, dong KyueKim, “EfficientOTP(One Time Password) Generation using AES based MAC,” Journal of Korea MultimediaSociety, vol. 11, No. 6,pp. 845-851, June. 2008. [7] S.Wiedenbeck, J. Waters, J.-C. Birget, A. Brodskiy, and N. Memon,“Pass Points: Designandlongitudinal evaluation of a graphical password system,” Int. J. Human-Comput. Stud. (Special Issue onHCI Research in Privacy andSecurity), vol. 63, no. 1/2, pp. 102127, Jul.005. [8] S.Wiedenbeck, J. Waters, J.-C. Birget, A. Brodskiy, and N. Memon,“Authentication usinggraphical passwords: Basic results,”in Proc.Human-Comput. Interaction Int. Las Vegas, NV, Jul. 2527, 2005.