An Efficient User Authentication Measures for Secure Data Access M.Anusha

advertisement

International Journal of Engineering Trends and Technology (IJETT) – Volume 18 Number 4 – Dec 2014

An Efficient User Authentication Measures for

I. INTRODUCTION

Secure Data Access

M.Anusha

1

, S.Ram Prasad Reddy

2

1

Final MtechStudent ,

2

Associate Professor

1,2 Dept of CSE , Vignan’s Institute of engineering for women, Andhra Pradesh.

Abstract:In this paper we are proposing a simple and efficient secure mechanism to authenticate the user and secure navigation to authenticated user through multi login detection, to prevent the user if any other user logins with same credentials and forwards a message to authorized user through Mail and mobile SMS.Virtual keyboard to prevent from the key loggers. Page Session expiry implementation, if users idle for some specific amount of time on page and to improve authentication levels we are implementing capcha code after authenticated login. drawback with signature based approach is, it cannot identify emerged and unknown identity or signature while matching with signatures in the database and one more drawback with maintenance of signatures of known nodes, itobviously gives the opportunity to the intruder to change is way of breaking attacks .

To overcome the drawbacks of the previous approach, researchers concentrated on the traffic classification approaches over the statistical parameters. In this approach we forward the testing sample feature set to the known training dataset to analyze the testing sample behavior .So many approaches proposed for these classification, every mechanism has their own pros and cons.

The digital world is changing at a tremendous speed. New communicationtechnologies open up new possibilities, but by using them you can also exposeyourself, and others, to risks. Many people have trouble assessing these risksespecially with regard to the subject of safe digital communication. This isparticularly true for people working in regimes with high levels of censorship.However, also in countries considered to be relatively free and uncensored,your data can be used or misused by others - governments, companies, orother persons (sometimes even unintended)[1].

Various traditional approaches proposed by authors from years of research in various mechanisms.

Cryptographic algorithms provide data confidentiality while transmission of data likes DES, Triple DES, AES etc...Authentication mechanisms to authorize the users with user credentials and hash implementation like MD5,HMAC etc. Un authorized users can be identified by various intrusion detection and prevention techniques [2].

Apart from the traditional threats or vulnerabilities from the attackers, online security is more vulnerable to threats due to open nature, various characteristics we need to consider like secure Passwords, cryptographic algorithms, authentication mechanism, secure firewall classification mechanism. In this paper we are proposing some additional security features like Multi login detection, virtual keyboard,capcha implementation and instant messaging through smtp implementation.

II. RELATED WORK

Traditional approaches involves authentication, reliability, data confidentiality, secure protocols and many other features, the following describes some sort information on traditional approaches as follows

Identifying the unauthorized access, malicious activities or unauthorized user over network is known as intrusion detection, analyzing the malicious behavior is still an important research issue because we cannot blame anyone/node as intruder without accurate results.

Authentication can maintained either with the Static key or with TLS, it uses the libraries of SSL/TLS or digital certificates for Authentication and key exchange mechanism. Digital certificates signed by the certificate authority

Various researchers proposed Network Intrusion detection and prevention system to identify and prevent the malicious behavior of the connected node. Most of the traditional approaches of intrusion detection system works based on the signature based mechanisms [3][4].

Static Key: In this approach four independent keys can be generated and shared between two peers in openVPN with

HMAC send,HMACreceive, encrypt and decrypt, by default both peers use same HMAC key and encryption or decryption key.

In signature based intrusion detection mechanism, signature of the node can be compared and monitor with known signatures or identities in the database for the intruder, it works like an Anti Virus software. The main

SSL/TLS provides bi directional authentication support from both peers in network and each connection require its own certificate to authenticate. Once peers authenticated

ISSN: 2231-5381 http://www.ijettjournal.org

Page 201

International Journal of Engineering Trends and Technology (IJETT) – Volume 18 Number 4 – Dec 2014 forwards to encryption process with HMAC key over reliable transport layer of UDP

Data cannot be altered and integrity can be maintained efficiently with various has functions like SHA and MD5 in cryptographic libraries.

Confidentiality can be maintained the Symmetric and

Asymmetric encryption mechanisms. Symmetric approach uses the same key for encryption and decryption and asymmetric approach uses two key(public key and private key) for encryption and decryption and uses cryptographic algorithms (DES,TrpleDES,AES,Blowfish,etc...) to encrypt and decrypt the data which is passing through the tunnels by the key generated from key exchange protocols

Local security can be maintained by privileges and root security

Be aware, from where/when he/she is logging in?

Allow only required and eligible privileges to normal users

Remove the long time inactive accounts

Be as root user for a short time or completion of the specific tasks

Never use r-utilities as root user, it leads to dangerous attacks

Password Security:

No password is unbreakable in the world because every password is a combination of [(a-z) or(A-

Z)],[0-9] and special symbols .

Maintain strong password either as normal user or root user because most of the password cracking software like john the ripper breaks password but time factor varies based on the complexity of the password

Generally a strong password includes at least 8 characters and combination of alpha numeric with different case sensitivity

III. PROPOSED WORK

We are proposing an integrated security protocol for the users who are working over online websites which data confidentiality and Authentication are prime concern. We proposed works involves multi login detection, Session expiry after some idle time, SMTP implementation for mobile SMS and emails , virtual keyboard to prevent from key loggers and capcha code for additional authentication.

Multi login detection:

In this module, registered user can login whenever required but he/she cannot login from multiple systems at a time. If a user logged in successfully, user status can be active at database then server does not allow the other user with same credentials and forwards a mobile SMS and email to authorized user with the subject of “someone is trying to use your credential fromip address “.

User 1

1. Credentials

3. Activate

User 2

4. Credentials

Database

5. User 2 IP details to mobile

SMS & Email

2. Set Active

ISSN: 2231-5381 http://www.ijettjournal.org

Page 202

International Journal of Engineering Trends and Technology (IJETT) – Volume 18 Number 4 – Dec 2014

Session Expiry:

Session is a duration of time between login and logout time .Session value can be navigated from page to page to access specific user details, so if a user idle for some amount of time page will be expired and navigated to log if it is refreshed .To set the configuration details globally because it should be applicable all web pages in our site.

Virtual Keyboard:

Key logger is one type of malicious program which captures user key strokes, if we enter from physical keyboard. A virtual keyboard provides flexibility to enter our credentials through a virtual screen instead of a physical keyboard and it can be operated through mouse clicks, it cannot be captured by the key logger.

Captcha Implementation:

Capcha (Completely automated public turing test) is an authentication mechanism to differentiate the human and machine over online, here text can be embed into an distorted image, use should identify the text from distorted image and should enter for authentication. Captcha prevents from some automated programs and bots which are collecting our confidential information or services unauthorized. Modern capcha improves the efficiency than traditional capcha.

IV. CONCLUSION

We are concluding our research work with additional security features like with multiuser detection, Captcha implementation, and Virtual key board and SMTP implementation. Our experimental results shows instant and accurate results than the traditional approaches

REFERENCES

[1] M. Bellare, R. Canetti, and H. Krawczyk. Keying hash functions formessage authentication. In Crypto , pages 1–

15, 1996.

[2] A. Ben-David, N. Nisan, and B. Pinkas.FairplayMP - A system forsecure multi-party computation. In CCS , pages

257–266, 2008.

[3] J.C. Benaloh. Secret sharing homomorphisms: Keeping shares of a secretsecret. In Crypto , pages 251–260, 1986.

[4] J. Brickell and V. Shmatikov.Privacy-preserving graph algorithms inthe semi-honest model. In ASIACRYPT , pages

236–252, 2005.

[5] T. ElGamal. A public key cryptosystem and a signature scheme based ondiscrete logarithms.

IEEE Transactions on

Information Theory , 31:469–

472, 1985.

[6] J.S. Park, M.S. Chen, and P.S. Yu. An effective hash based algorithmfor mining association rules. In SIGMOD

Conference , pages 175–186,1995.

[7] S.C. Pohlig and M.E. Hellman. An improved algorithm for computinglogarithms over gf ( p ) and its cryptographic significance. IEEE Transactions on Information Theory , 24:106–110, 1978.

[8] R.L. Rivest, A. Shamir, and L.M. Adleman. A method for obtainingdigital signatures and public-key cryptosystems.

Commun. ACM ,21(2):120–126, 1978.

[9] S. Zhong, Z. Yang, and R.N. Wright.Privacy-enhancing k -anonymization of customer data. In PODS , pages 139–

147, 2005.

ISSN: 2231-5381 http://www.ijettjournal.org

Page 203

Download