Having been a core feature of IT systems for several decades, passwords continue to represent both one of the most familiar and most maligned aspects of security technology. While their potential weaknesses have been well recognized mainly over the past decade, no permanent solution has come up yet as in terms of all-round usage and applicability. Shoulder surfing, simple guessing, external eavesdropping, side channel attacks etc are the common methods which lead to password leakages. The situation gets worse when a user puts a very obvious password which can be easily guessed by anyone knowing the person even vaguely.
Most systems propose to improve both identification and verification of user but this method of mindmetrics can augment the current password based systems by strengthening the identification process. Mind-metrics utilizes personal secret data instead of a login id to identify a user uniquely. The proposed system also creates a scenario where two servers cooperate to authenticate a client and if one server is compromised, the attacker still cannot pretend to be the client with the information from the compromised server. The proposed system presents a symmetric solution for two-server key encryption, where the client can establish different cryptographic keys with the two servers, respectively.
Table of Contents
I. Introduction
Goals and Objectives
II. Proposed System
1. Concept of Mind metrics
2. Algorithms used
a. Diffie–Hellman Algorithm
b. ElGamal Encryption Algorithm
3. Working
III. Advantages
1. Safety
2. Security
3. Scalability
4. Usability
5. Cost effective
IV. Applications
1. Banking applications
2. E-commerce
3. Mobile applications
V. Conclusion
VI. Future Scope
VII. References
Research Objectives and Core Themes
The primary research objective is to enhance the security of IT authentication systems by augmenting the traditional password-based verification process with a specialized identification layer known as Mindmetrics. This approach seeks to eliminate reliance on publicly known login IDs and instead utilizes private, secret data to uniquely identify users, thereby fortifying the overall authentication mechanism against unauthorized access and exploitation.
- Development of a Mindmetrics-based authentication system to overcome biometric vulnerabilities.
- Implementation of a multi-server cooperative authentication architecture.
- Application of the PAKE (Password-Authenticated Key Exchange) protocol for secure channel establishment.
- Utilization of cryptographic algorithms including Diffie-Hellman and ElGamal for secure key exchange and encryption.
- Creation of a hardware-independent, cost-effective security solution for diverse digital applications.
Excerpt from the Book
II. Proposed System
Mindmetrics uses some secret data instead of human characteristics as a token to identify the user. It utilizes personal secret data instead of a login ID to identify a user uniquely, hence mindmetrics. There are two parts in the Mindmetrics-based authentication process:-
i. Mindmetrics token is requested in the login page. A user specifies the token with which a computing system can identify a user account. Then the identification server looks up the registered access tokens to find a matching token and login ID.
ii. The server presents multiple login IDs to the user, with one of the login IDs being the correct login ID for the user account and some more real or fake IDs. To prevent the attackers from recognizing the login IDs, the login IDs are partially obscured. Among these partial login IDs, a legitimate user can still recognize the correct login ID and choose it.
Above two steps are carried out in the identification phase. Once the server is identified then the conventional password verification method is used for granting the access. Mindmetrics-based system allows only the legitimate users to pass the identification stage. Here the password verification server is kept hidden, and users cannot access it unless they pass the identification server.
Summary of Chapters
I. Introduction: This chapter establishes the reliance on traditional password and login ID systems and introduces the Mindmetrics scheme as a method to strengthen user identification.
II. Proposed System: This section details the conceptual framework of Mindmetrics and the technical algorithms (Diffie-Hellman and ElGamal) used to secure the identification and verification phases.
III. Advantages: This chapter outlines the benefits of the proposed system, emphasizing its scalability, security, cost-effectiveness, and hardware independence.
IV. Applications: This section discusses potential use cases for the technology, specifically in the domains of banking, e-commerce, and mobile applications.
V. Conclusion: The conclusion summarizes the introduction of the Mindmetrics scheme and the provided proof of security.
VI. Future Scope: This chapter identifies the limitations of the current system, specifically regarding internet connectivity and server availability.
VII. References: A bibliography of academic sources and protocols utilized for the research.
Keywords
Mindmetrics, PAKE protocol, Diffie-Hellman algorithm, ElGamal encryption algorithm, key generation, identification phase, verification phase, authentication, security, cryptography, password-authenticated key exchange, cyber security, user identity, encryption, network security
Frequently Asked Questions
What is the core purpose of this research?
The research focuses on improving IT system authentication by introducing a Mindmetrics-based identification process to complement existing password verification methods.
What are the primary themes discussed in the paper?
The central themes include improving user identification, eliminating the vulnerabilities associated with publicly known login IDs, and creating a hardware-independent, secure authentication infrastructure.
What is the main goal or research question?
The primary goal is to make false login attempts significantly more difficult by using private secret information instead of standard usernames, thereby protecting systems even if password files are stolen.
Which scientific methods are applied?
The study employs the PAKE protocol for secure channels, and the Diffie-Hellman and ElGamal algorithms for asymmetric key generation and encryption.
What topics are covered in the main section of the paper?
The main section describes the Mindmetrics conceptual framework, the architectural division of identification and verification servers, and the specific cryptographic algorithms used to secure the process.
Which keywords best characterize this work?
Key terms include Mindmetrics, PAKE, Diffie-Hellman, ElGamal, authentication, cryptography, and secure identification.
How does the system protect against attackers if a server is compromised?
The system uses a two-server architecture where information is split; an attacker possessing data from one compromised server still lacks the complete information required to impersonate the client.
Why is this method considered 'hardware-independent'?
The system relies on software-based logic and cryptographic protocols for authentication rather than proprietary biometric hardware or specialized input devices.
What is the 'Protection in Abstraction' principle mentioned in the paper?
It is a design principle used by the Mindmetrics system that makes targeted attacks on a specific user account nearly impossible by obscuring identifying information.
- Arbeit zitieren
- Ankita Pawar (Autor:in), Snehal Anandkar (Autor:in), Ankita Bartakke (Autor:in), Pranjali Ganvir (Autor:in), 2016, Two Level Security using Mindmetrics and ID2S Password Authentication Technique, München, GRIN Verlag, https://www.hausarbeiten.de/document/347195
