Design and implementation of Negative Authentication System

Modern society is mostly dependent on online activities like official or social communications, fund transfers and so on. Unauthorized system access is one of the utmost concerns than ever before in cyber systems. For any cyber system, robust authentication is an absolute necessity for ensuring security and reliable access to all type of transactions. However, more than 80% of the current authentication systems are password based, and surprisingly, they are prone to direct and indirect cracking via guessing or side channel attacks. The inspiration of Negative Authentication System (NAS) is based on the negative selection algorithm. In NAS, the password-based authentication data for valid users are termed as password profile or self-region (positive profile); any element other than the self-region is defined as non-self-region in the same representative space. The anti-password detectors are generated which covers most of the non-self-region. There are also some uncovered regions left in the non-self-region for inducing uncertainty to the attackers. In this work, we describe the design and implementation of three approaches of NAS and its efficacy over the other authentication methods. These three approaches represent three different ways to achieve obfuscation of password points with non-password space. The experiments are conducted with both real and simulated password profiles to justify the efficiency of different implementations of NAS.

[1]  Stuart E. Schechter,et al.  Popularity Is Everything: A New Approach to Protecting Passwords from Statistical-Guessing Attacks , 2010, HotSec.

[2]  Thomas Ristenpart,et al.  The Pythia PRF Service , 2015, USENIX Security Symposium.

[3]  Ana L. N. Fred,et al.  A behavioral biometric system based on human-computer interaction , 2004, SPIE Defense + Commercial Sensing.

[4]  Ronald L. Rivest,et al.  Honeywords: making password-cracking detectable , 2013, CCS.

[5]  Dipankar Dasgupta,et al.  Password Security through Negative Filtering , 2010, 2010 International Conference on Emerging Security Technologies.

[6]  Li Gong,et al.  Collisionful Keyed Hash Functions with Selectable Collisions , 1995, Inf. Process. Lett..

[7]  George Khalil Password Security-- Thirty-Five Years Later , 2015 .

[8]  Pentti Kanerva,et al.  Sparse Distributed Memory , 1988 .

[9]  Jonathan Timmis,et al.  Artificial Immune Systems: A New Computational Intelligence Approach , 2003 .

[10]  Zhou Ji,et al.  Negative selection algorithms: from the thymus to v-detector , 2006 .

[11]  Jan Camenisch,et al.  Optimal Distributed Password Verification , 2015, CCS.

[12]  Mike Bond Comments on Gridsure Authentication , 2008 .

[13]  Zhou Ji,et al.  V-detector: An efficient negative selection algorithm with "probably adequate" detector coverage , 2009, Inf. Sci..

[14]  Paul Helman,et al.  Protecting data privacy through hard-to-reverse negative databases , 2007, International Journal of Information Security.

[15]  Dan Boneh,et al.  Kamouflage: Loss-Resistant Password Management , 2010, ESORICS.

[16]  Richard E. Smith,et al.  Authentication: From Passwords to Public Keys , 2001 .

[17]  Stephanie Forrest,et al.  Architecture for an Artificial Immune System , 2000, Evolutionary Computation.

[18]  Hideki Imai,et al.  Structural Properties of One-way Hash Functions , 1990, CRYPTO.

[19]  John R. Williams,et al.  G-NAS: A grid-based approach for negative authentication , 2014, 2014 IEEE Symposium on Computational Intelligence in Cyber Security (CICS).

[20]  Dipankar Dasgupta,et al.  An Investigation of Negative Authentication Systems 1 , 2008 .

[21]  A. Rollett,et al.  The Monte Carlo Method , 2004 .

[22]  Zhou Ji,et al.  Artificial immune system (AIS) research in the last five years , 2003, The 2003 Congress on Evolutionary Computation, 2003. CEC '03..

[23]  Rasmus Pagh,et al.  Cuckoo Hashing , 2001, Encyclopedia of Algorithms.

[24]  Haoyu Song,et al.  Fast hash table lookup using extended bloom filter: an aid to network processing , 2005, SIGCOMM '05.

[25]  David C. Feldmeier,et al.  UNIX Password Security - Ten Years Later , 1989, CRYPTO.

[26]  Dipankar Dasgupta,et al.  An Anomaly Entection Algorithm Inspired by the Immune Syste , 1999 .

[27]  Joseph Bonneau,et al.  Guessing human-chosen secrets , 2012 .

[28]  Alan S. Perelson,et al.  Self-nonself discrimination in a computer , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.