Hybrid Authentication Schemes.



Chapter 1Introduction Security system plays an important role in the control of people in or out of protected areas, such as physical buildings, information systems, and our national borders. In order to that computer systems and the information associated to them should also be protected. Computer security systems should consider the human factors such as ease of a use and accessibility, in this context. Current secure systems suffer because they mostly ignore the importance of human factors in security [1]. An ideal security system considers all four items such as security, reliability, usability, and human factors. Passwords are simply secrets that are provided by the user upon request by a recipient. They are often stored on a server in an encrypted form so that a penetration of the file system does not reveal password lists. Passwords are the most common means of authentication which do not require any special hardware. Typically passwords are string of letters and digits (alphanumeric). Such passwords have the disadvantage of being hard to remember. Weak passwords are vulnerable to dictionary attacks and brute force attacks where as strong passwords are harder to remember. The most common method used for authentication is textual password. The vulnerabilities of this method like eves dropping, dictionary attack, social engineering and shoulder surfing are well known. Random and lengthy passwords can make the system secure. But the main problem is the difficulty of remembering those passwords. Studies have shown that users tend to pick short passwords or passwords that are easy to remember. Unfortunately, these passwords can be easily guessed or cracked. The alternative techniques are graphical passwords and biometrics. But these two techniques have their own disadvantages. Biometrics, such as finger prints, iris scan or facial recognition have been introduced but not yet widely adopted. The major drawback of this approach is that such systems can be expensive and the identification process can be slow. To overcome the problems associated with password based authentication systems, the researchers have proposed the concept of graphical passwords and developed the alternative authentication mechanisms. Graphical passwords (GP) systems are the most promising alternative to conventional password based authentication systems. GP use pictures instead of textual passwords and are partially motivated by the fact that humans can remember pictures more easily than a string of characters [2]. The idea of GP was originally described by Greg Blonder in 1996[3]. An important advantage of GP is that they are easier to remember than textual passwords. As human beings have the ability to remember faces of people, places they visit and things they have seen for a longer duration. In this way graphical passwords provide a means for making more user-friendly passwords while increasing the level of security. Besides these advantages, the most common problem with GP is the shoulder surfing problem: an onlooker can steal user’s graphical password by watching in the user’s vicinity. Many researchers have attempted to solve this problem by providing different techniques. Due to this problem, most GP schemes recommend small hand held devices like Personal Digital Assistants (PDA) as the ideal application environment. Another common problem with graphical passwords is that it takes longer to input graphical passwords than textual passwords. The login process is slow and it may frustrate the impatient users. But what makes graphical passwords more secure is that graphical passwords may be hard to guess or broken by brute force search. If the number of possible pictures is sufficiently large, the possible password space of a graphical password scheme may exceed that of text-based schemes and thus presumably offer better resistance to dictionary attacks. Because of these advantages, there is a growing interest in graphical password. In addition to workstation and web log-in applications, graphical passwords have also been applied to ATM machines and mobile devices.E-transactions have become an important tool to carry out financial transactions besides the orthodox banking transactions [4]. They are increasingly being used to make payments, access bank accounts and facilitate other commercial transactions. In view of their increased importance there is a compelling need to establish ways to authenticate user during E-transactions. Personal Digital Assistants are being used by the people to store their personal and confidential information like passwords and PIN numbers. Authentication should be provided for the usage of these devices [5].1.1 Classification of Authentication MethodsAuthentication is a process by which a system verifies the identity of a user .It is a process of determining whether a particular individual or a device should be allowed to access a system or an application or merely an object running in a device. The authentication methods can be divided into three major parts:Token based, Biometric based,Knowledge based authentication [6].Token Based It is based on “Something You Possess”. For example Smart Cards, a driver’s license, credit card, a university ID card etc. It allows users to enter their username and password in order to obtain a token which allow them to fetch a specific resource - without using their username and password [6]. After obtaining the token, the user can offer the token - which in turn offers access to a specific resource for a time period – to the remote site, while some use knowledge based techniques to enhance security. Two types of token based authentication methods are passwords and Pin number.1.1.2 Biometric BasedBiometrics is the study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits [6, 7]. It uses physiological or behavioral characteristics like fingerprint or facial scans and voice recognition or iris to identify users. A biometric scanning device takes a user's biometric data, such as fingerprint scan, and converts it into digital information a computer can interpret and verify. Biometric identification depends on computer algorithms to make a yes/no decision. The different types of biometric authentication methods are hand/finger geometry, facial, voice recognition and iris scan.1.1.3 Knowledge BasedKnowledge based techniques are the most extensively used authentication techniques and include both text based and picture based passwords. Knowledge-based authentication (KBA) is based on “Something You Know” to identify you, such as Personal Identification Number (PIN), password or pass phrase [6]. It is an authentication scheme in which the user is asked to answer at least one "secret" question. KBA is often used as a component in multifactor authentication (MFA) and for self-service password retrieval and offers several advantages to traditional forms of e-authentication like passwords, PKI and biometrics. It can be divided into three sub types as follows:Recognition based systemsRecall based systemsCued recall based systems1.1.3.1 Recognition based systemsIn recognition based techniques, users are given a set of pictures and they pick and memorize some of them. During authentication, the users need to recognize and identify the pictures they have picked earlier. One of the techniques which use this is passface algorithm.Passface algorithmThis method was developed by the idea to choose a face of humans as a password. During the registration phase the user chooses whether their image password should be a male or female picture, then chooses four faces from decoy images as the future password. During the login phase, a grid which contains nine pictures, as in Figure 1.1, is shown to the user [1]. Only one of the user’s passwords among four is shown to user in this grid, and the other eight pictures are decoys which are selected from the bank of pictures. Because the password of user contains four faces so the grid repeats continually for four times and each repetition contains one of the password pictures. If one of the passwords has been shown in one grid, it will not be shown in the next grid. On the other hand the password faces are randomly placed in grids which help to create a more secure environment for the user against shoulder-surfing and packet sniffing attack.Weaknesses: This algorithm like the others suffers from some weaknesses. Firstly, when the password is selected by the mouse, it is simple for the attacker to observe the password. The other drawback of this algorithm is the long login time and long process through registration phase which causes this algorithm to be slower than textual password authentication. The graphical passwords created using passface technique found obvious patterns among these passwords. For example, most users tend to choose faces of people from the same race. In their study, female faces were preferred by both male and female users. Better looking faces were more likely to be chosen. All of these make the passface password quite predictable. This problem may be alleviated by arbitrarily assigning faces to users, but doing so would make it hard for people to remember the password.Figure 1.1: A sample of passface algorithm 1.1.3.2 Recall based techniques A user is asked to draw a simple picture on a 2D grid. The coordinates of the grids occupied by the picture are stored in the order of the drawing. During authentication, the user is asked to re-draw the picture. If the drawing touches the same grids in the same sequence, then the user is authenticated. One of the technique which uses recall based technique is draw a secret algorithm.Draw a Secret (DAS) AlgorithmThis method consisted of an interface that had a rectangular grid of size G * G, which allowed the user to draw a simple picture on a 2D grid as in Figure 1.2. Each cell in this grid is earmarked by discrete rectangular coordinates (x,y). As clearly evidenced in the Figure, the coordinate sequence made by the drawing is: (2,2), (3,2), (3,3), (2,3), (2,2), (2,1), (5, 5). In this method the stroke is considered to be a sequence of cells on the grid which does not contain a pen up event. Thus the password is defined as a sequence of strokes, separated by pen up events. In order to be authenticated, the user is supposed to re-draw the picture by creating the stroke in the exact sequence that was used in the registration phase. In the event that the drawing touches the same grids as well as in the same sequence, then the user is successfully authenticated [1].Weaknesses: Goldberg in his 2002 survey concluded that the majority of users could not remember their stroke order. Conversely, the user can recall text passwords faster than they would with DAS passwords. Yet another weakness is that users tend to select extremely weak Graphical Authentications which are susceptible to graphical dictionary attack.Figure 1.2: Draw a Secret (DAS) Algorithm on a 4*4 Grid.1.1.3.3 Cued recall-Based TechniquesIn this group of authentication algorithms, a password is created by having the user click on several locations on an image. During authentication, the user must click on the approximate areas of those locations. The image can assist users to recall their passwords and therefore this method is considered more convenient than unassisted recall. Blonder algorithm is one of the schemes that uses cued recall based technique.Blonder AlgorithmGreg E. Blonder, in 1966 created a method wherein a pre-determined image is presented to the user on a visual display so that the user should be able point to one or more predetermined positions on the image (tap regions) in a predetermined order as a way of pointing out his or her authorization to access the resource. Blonder maintained that the method was secure according to the millions of different regions [1, 3]. Figure 1.3 shows the sample of the Blonder algorithm. Figure 1.3 sample of the Blonder passwordWeaknesses: The number of predefined click regions was relatively small in this algorithm as such the password had to be long for it to be secure. Furthermore, the use of the Blonder algorithm necessitates that some special shape similar to a cartoon or artificial image is used in contrast to real pictures.As a word of conclusion, this chapter introduces graphical passwords, classification of various authentication methods, different recognition based systems and their disadvantages. Further in this report, three new authentication schemes are considered, two schemes for PDAs and other for secure e-transaction. The first scheme authenticates the user by session password; the second scheme is new hybrid graphical password based system. Third is the hybrid password authentication scheme based on shape and text. These hybrid authentication schemes provide high scalability and flexibility to enhance the authentication process security.CHAPTER 2 Hybrid Authentication Schemes Hybrid authentication scheme is a combination of one or more authentication schemes like a combination of recognition based and recall based techniques which is designed to be used in e-transactions or the hybrid authentication scheme may be a combination of text, color and images. This scheme overcomes the disadvantages of shoulder surfing, phishing attack, dictionary attack and brute force attack and to provides secure authentication.2.1 Pair-based Authentication scheme:During registration user submits his password. Minimum length of the password is 8 and it can be called as secret pass. The secret pass should contain even number of characters. Session passwords are generated based on this secret pass. During the login phase, when the user enters his username an interface consisting of a grid is displayed. The grid is of size 6 x 6 and it consists of alphabets and numbers. These are randomly placed on the grid and the interface changes every time. Figure 2.1 shows the login interface. 1AJRH7OK9IQG3BOCP6ZL4ST2MYWD5F8XNVEUFigure 2.1: Login interfaceUser has to enter the password depending upon the secret pass. User has to consider his secret pass in terms of pairs. The session password consists of alphabets and digits. The first letter in the pair is used to select the row and the second letter is used to select the column. The intersection letter is part of the session password. This is repeated for all pairs of secret pass [5, 8]. Figure 2.2 shows that V is the intersection for the pair “NI”. The password entered by the user is verified by the server to authenticate the user. If the password is correct, the user is allowed to enter in to the system. The grid size can be increased to include special characters in the password.1AJRH7OK9IQG3BOCP6ZL4ST2MYWD5F8XNVEU Figure 2.2: Intersection letter for the pair NI2.2 Hybrid Textual Authentication SchemeDuring registration, user should rate colors as shown in figure 4. The User should rate colors from 1 to 8 and can remember it as “YRGBOIMP”. During the login phase, when the user enters his username an interface is displayed based on the colors selected by the user. The login interface consists of grid of size 8×8. This grid contains digits 1-8 placed randomly in grid cells. The interface also contains strips of colors as shown in figure 2.3. The color grid consists of 4 pairs of colors. Each pair of color represents the row and the column of the grid. Figure 2.4 shows the login interface having the color grid and number grid of 8 x 8 having numbers 1 to 8 randomly placed in the grid [5, 8]. Depending on the ratings given to colors, the session password is obtained. The first color of every pair in color grid represents row and second represents column of the number grid. The number in the intersection of the row and column of the grid is part of the session password. Consider the figure 2.3 ratings and figure 2.4 login interfaces for demonstration. The first pair has red and yellow colors. The yellow color rating is 1 and red color rating is 2. So the first letter of session password is 3rd row and 4th column intersecting element that is, 4. The same method is followed for other pairs. For figure 2.4 the password is “4524”. Instead of digits, alphabets can be used. For every login, both the number grid and the color grid get randomizes so the session password changes for every session.12345678 Figure 2.3: Rating of colors by the user3468527112345678157831426286423157335647812423568741572154683614782365741276538868315274LOGIN: Figure 2.4 Login interface2.3 Hybrid Authentication Scheme for Secure E-Transaction.It is a three step process to authenticate the user, take time more than any other process but for banking transactions, accounts, financial data, high profile system and confidential data it is acceptable. It will be provided on choice of user to use this particular authentication system for access the system and allow doing transactions in banking. This authentication process is resistant to phishing attack. Setting up a phishing website to obtain graphical passwords would be more time consuming. To get proper environment of particular authentication system and bluff the user is a difficult task in such a secure banking environment. Significantly neither trespasser can use the confidential data nor do the transaction in banking. It is suggested that in banking transactions this authentication system used before the transaction request. So it will secure the amount from any accidental transaction or trespasser [4].The system comprises of 2 phases, first phase is registration phase and second phase is the authentication phase.2.3.1 Registration Phase During the first phase called Registration phase, the user has to first select his username and a textual password. Then objects are shown to the user to select from them as his graphical password. After selecting the user has to draw those selected objects on a screen using device. Then in the last step select the pictures for recognition based system as shown in figure 2.5. Algorithm: Registration1. Enter Username (Ur) (If exists Enter New Username){Ur: It is a set of characters.}2. Now user selects the desired text password (Tr).{Tr: It is a set alphabets, characters and etc.}3. Draw a Secret (DASr) for producing recall based password.{DASr: It is combination of Dot Pattern produce by user.}4. User selects the images (Ir) from the various categories of images for recognition based password. {Ir: It is a set of images selected for authentication by user in a definite order}5. Registration complete.Recall based passwordPassword confirmSelect different usernameUsername exists Enter usernamePassword confirmSelect textual passwordRecognition based passwordPassword confirmRegistration completeTrueFalse False TrueTrueFalse TrueTrueFalse TrueTrue Figure 2.5 registration phase2.3.2 Authentication PhaseDuring the second phase called authentication phase, the user has to give his username and textual password, then give his graphical password by drawing it in the same way as done during the registration phase and then recognized and identify the images selected during the registration phase. If they are drawn correctly the user is authenticated and only then he/she can access his/her account as shown in figure 2.6___________________________________________________________________________Algorithm: Authentication____________________________________________________________________________1. Enter Username (Ua) (If not valid enter valid username.){Ua: It is the username given during registration.}2. Now user enters the text password (Ta). (If not verified enter valid text password){Ta: Text password selected during registration.}3. Draw the DASa.{DASa: It is combination of Dot Pattern produced by the user during registration.}4. Selects the images (Ia) from the various categories of images for recognition based password.{Ia: It is a set of images selected during registration by user in a definite order.}5. If successful than.6. Authentication CompleteComparing to the existing system, this system is designed for E-transaction authentication. Dot pattern is used in recall based technique and different categories of images in recognition based. This system has very good technique for restoring password. In three steps, while users’ text password part can still be stolen by phishing, obtaining their graphical password parts is more difficult: without knowledge of users’ image profiles, the phisher does not know what images to present in order to extract a graphical password. As the authentication is knowledge based the reliability of the system is very high. The system has not depended on any element like human parts, cards and token etc. So the reliability of the system is very high. Accuracy of the system is also a concerned. In this system tolerance factor is negligible due to its design. It does not need tolerance during input of password. So due to negligible tolerance it is less vulnerable to attack. This also increases the reliability of the system.Username validInvalid username Enter usernameFalse.TruePassword validEnter textual passwordFalseTrueDraw recall based passwordPassword validFalseTrueimages confirmIdentify recognition based imagesauthentication completeFalseTrue Figure 2.6 authentication phase2.4 A Hybrid Password Authentication Scheme Based on Shape and TextThe basic idea of this scheme is to make a map from shape to text with strokes of the shape and a grid with text. The map could be constructed quite simple and straight-forward. This mapping not only guides the user to master this scheme with ease, but makes the whole system easy to implement. Figure 2.7 shows the idea of this work. Users should just think some personal shapes and its strokes as their origin password and enter character in the authentication as the login password. The whole process includes two main steps: the password creation step, and the login step [9]. The following notations are defined to help the presentation and analysis of the scheme.U: The set of elements appeared in the grid in the interface.V: Input passwords vector, which consists of elements in U.|V|: Size of the V. It also represents the length of the input passwords, or the strokes’ size.g: the size of the grid.S: Shape of the password. |S|: Number of strokes of the password.Strokes and gridShapeTextFigure 2.7 Mapping from shape to text through strokes and grid In the first step, the user is asked to select a group of elements on the grid shown in the interface as the original password. In this example, g = 5×5 gird is used to show the process. The password-set interface is shown in figure 2.8 Firstly, a user is proposed to pick a shape S such as a number shape, a geometric shape, a character shape or even a random shape as his(or her) own original password. The criterion of choosing the shape is as easy to remember as possible for the users themselves. After the password shape is selected in their mind, the user should click on the grid in the interface following the shapes’ stroke sequence. The system will store the shape and the order with the grid as the user’s mapped text passwordFigure 2.8 Password set interfaceIf the user chooses one of characters “N” as the shape of the password, when the shape and the order setting are finished, the user could design the stroke on the grid as he likes (this is a mechanism to level up the security level. Even if the shape is known by the hacker in some way, the hacker would not be sure the shape’s shape on the grid specifically). After that, the user clicks on the grid to form “N” as the original password. The set procedure can be seen more clearly in the Figure 2.9.Figure 2.9 Password set procedureFigure 2.9 not only shows the procedure of the setting password, but also provides the idea of mapping from a simple shape into a grid. The shape is finally represented by a number of blocks on the grid. In the login step, the interface is presented with a different style. The grid is filled with some similar symbols such as some numbers or characters. The feature of the approach here is to use quite a few numbers of the symbols, which consists of U. Here the number “0” and”1” is used to show the example, which means U = {0, 1}. Note that the system will choose the symbol randomly from U to fill every grid. The login interface is shown in Figure 2.10Figure 2.10. Original stroke on the interfaceDuring the authentication stage, the user is asked to enter the password. He will use the keyboard with only “0”and”1” keys to input the password. The order and content of the password is entering the number in the grid following the original password shape’s strokes which he has chosen in the password-set step. Figure 2.10 shows the image appeared in the users’ mind, which is not the action or the image in the authentication scheme. It just helps to understand what the users would recall and think in the login step. While looking at the number filled in the grid of the original shape, user should enter numbers in the right order. Thus, the password is as follows: 1100110110011, where V=[1,1,0,0,1,1,0,1,1,0,0,1,1]. The system will check if the input vector matches the numbers appeared in user’s original sequence of the grid upon the interface created by the system. Because the texts with which the user enters are only using two keys, the login process is quite convenient. It is very useful to shorten the login process. More importantly, the act of inputting with only two keys can effectively resistant to the shoulder surfing. If the password entered is not correct, then the system will generate another login interface grid for the user with characters randomly selected again. The symbols from U appeared in the grid varies at each login step, which means that the shape and the sequence of shape will not vary but the mapped text will not be the same at different interfaces. It also means the text passwords the user will input are not the same one at different login times. If hackers record the text the user input exclusively, they would get nothing about the information of any user’s original password. Thus the text-based brute force attack with the “1”s and”0”s are useless. The main idea of the scheme is making the stroke shape as the password using the textual input.Different Input StyleBecause of the high resistant to the shoulder surfing of the keyboard, the input device could be hidden. The input style of the system can be expanded by adding the soft keyboard onto the interface. The mechanism can be used in mobile devices or other screen-based input environment. Although the input process can be easily recorded, the scheme has strong resistance to this kind of attack. Figure 2.11 shows the example.Figure 2.11 Login interfaceThis chapter described 3 hybrid authentication schemes which provide more secure, reliable and trustworthy authentication mechanism. These authentication schemes are generally used in PDAs and in places where the information is of high value to the user like e-transactions.Chapter 3Security AnalysisSecurity is the major consideration of any authentication scheme. This chapter describes how secure the hybrid authentication scheme is with respect to various common attacks. As the hybrid authentication scheme is used in various applications in PDA’s and for E-Transactions, the scheme must be resistant to various following attacks.Brute Force Attack:This type of attack uses an algorithm that produces every possible combination of words to break the password. Text-based password contains 94^N number of space where 94 is the number of printable characters (including space) and N is the length. This type of attack has always proven successful against text-based password because of its ability to check all possibility within the length of the password. However, hybrid authentication scheme proves to be more resistant to brute force attacks because of its large password space [4, 5, 9]. Dictionary Attack: These are attacks directed towards textual passwords. A dictionary attack is a method of breaking into a password-protected computer or server by systematically entering every word in a dictionary as a password. A dictionary attack can also be used in an attempt to find the key necessary to decrypt an encrypted message or document. Dictionary attacks work because many computer users and businesses insist on using ordinary words as passwords. Here in this attack, hacker uses the set of dictionary words and authenticate by trying one word after one. The Dictionary attacks fail towards hybrid authentication systems because session passwords are used for every login [5].Guessing attack:Since many users try to select their password based on their personal information like the name of their pets, passport number, family name and so on, it is easy to guess the possible passwords. Password guessing attacks can be broadly categorized into online password guessing attacks and offline dictionary attacks. In an online password guessing attack, an attacker tries a guessed password by manipulating the inputs. In an offline dictionary attack, an attacker exhaustively searches for the password by manipulating the inputs of one or more oracles.Guessing can’t be a threat to the pair based because it is hard to guess secret pass and in the hybrid textual scheme is dependent on user selection of the colors and the ratings. If the general order is followed for the colors by the user, then there is a possibility of breaking the system [5]. Where as in the hybrid password authentication scheme based on shape and text it is next to impossible to guess the password [9].Shoulder surfing attack:As the name implies, passwords can be identified by looking over a person’s shoulder. This kind of attack is more common in crowded areas where it is not uncommon for people to stand behind another queuing at ATM machines. Like text based passwords, most of the graphical passwords are vulnerable to shoulder surfing. In the hybrid authentication schemes, the shoulder surfing attack fails because the session passwords change for every login. There is no use if the session password is known by the attacker [5]. In the hybrid password authentication scheme based on shape and text, instead of drawing the password graphically, the password is entered as text which appears in the grid pattern selected by the user at the time of registration. As the text in the grid changes for every login, the shoulder surfing attack is of no use [9]. Social engineering:Comparing to text based password, it is less convenient for a user to give away graphical passwords to another person. For example, it is very difficult to give away graphical passwords over the phone. Setting up a phishing web site to obtain graphical passwords would be more time consuming [4].This chapter describes about various attacks possible on the authentication system and how the hybrid authentication scheme is resistant to the attacks. Overall, it is more difficult to break hybrid passwords using the traditional attack methods like brute force search, dictionary attack, shoulder surfing, and spyware.Chapter 4Conclusion and Future ScopeAuthentication is a process by which a system verifies the identity of a user .It is a process of determining whether a particular individual or a device should be allowed to access a system or an application or merely an object running in a device. Currently many schemes and techniques are available for authentication. There is a growing interest in using pictures as passwords rather than text passwords. The major advantage of the hybrid authentication scheme is that, it is a secure authentication system for E-transaction, and for PDAs. In fact, this particular system needs not to be depended on any elements (like cards or human parts etc.) for authenticating the user it increases the reliability and accuracy of the system by using the elements of daily life (image categories like fruits, flower and monuments) in the scheme increases the memorability of the system. The scheme has salient features as a secure system for authentication immune to shoulder-surfing, hidden camera and brute force attacks. It also has variants to strengthen the security level through changing the login interface of the system. The hybrid graphical authentication is highly secured under the various attacks of the graphical passwords. Password space and combination is very large which makes it secure against various attacks Possible extension to this work is to use encryption techniques in passwords to increase security. Efficient elements are needed to increase the memorability of graphical passwords.References[1] Xiaoyuan Suo, Ying Zhu and G. Scott. Owen, “Graphical Passwords: A Survey”, Proceedings of the 21st Annual Computer Security Applications. IEEE. 463-472; 2005[2] A. Adams and M. A. Sasse, "Users are not the enemy: why users compromise computer security mechanisms and how to take remedial measures," Communications of the ACM, vol. 42, pp. 41-46, 1999.[3] G. E. Blonder, "Graphical passwords," in Lucent Technologies, Inc., Murray Hill, NJ, U. S. Patent, Ed. United States, 1996.[4] Dr. Manish Manoria, Ankur Jain, “Graphical User Authentication for E-Transaction” International Journal of Computer Science and Network (IJCSN), ISSN 2277-5420, Volume 1, Issue 5, October 2012. [5] N. S. Joshi: “Session Passwords Using Grids and Colors for Web Applications and PDA” , ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 3, Issue 5, May 2013.[6] L. O?Gorman, “Comparing Passwords, Tokens, and Biometrics for User Authentication,” Proc. IEEE, vol. 91, no. 12, pp. 2019-2020, Dec. 2003.[7] A. Jain, A. Ross, and S. Pankanti, “Biometrics: A Tool for Information Security,” IEEE Trans. Information Forensics and Security (TIFS), vol. 1, no. 2, pp. 125-143, June 2006.[8] Rupesh Tapkir, Shubhangi Khalate, Priyanka Sarade, Shital Bukan, Shwetal Patil:” Two Level Authentication Schema”, ISSN: 2278-0181, IJERT, Vol. 2 Issue 3, March – 2013.[9] Ziran Zheng, Xiyu Liu, Lizi Yin, “A Hybrid Password Authentication Scheme Based on Shape and Text”, JOURNAL OF COMPUTERS, VOL. 5, NO. 5, MAY 2010 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download