AN INTEGRATED ATTACK CONTROL MECHANISM FOR INTERNET/INTRANET SERVICES

Mail, messaging, data sharing and computational services are shared under the Intranet and Internet environment. User access on the services is allowed with reference to the user account information. User ID and passwords are applied in the user verification process. Graphical passwords are used to verify the users. Captcha techniques are employed to identify the request is received from the machine or human. Captcha as Graphical Passwords (CaRP) technique integrates the Captcha and Graphical passwords methods. Recognition based method and recognition and recall based methods are adapted in the CaRP scheme. Text and image captchas are used in the CaRP scheme. Click points are selected by the user and verified by the authentication server environment. Guessing attacks, rely attacks and transmission attacks are raised against the CaRP scheme. An integrated attack controlling scheme is adapted to handle the attacks under the Internet and Intranet services. Pixel location and color based pattern analysis methods are employed to control guessing attacks. Cryptography and data integrity verification methods are used to handle directory attacks and transmission attacks. Shoulder surfing attacks are also handled with image dimming and dynamic mouse cursor movements. Hash codes are used to maintain the password information. Password strength estimation mechanism improves the password construction process. The system protects the user authentication process with security ad attack control mechanism.

[1]  David A. Wagner,et al.  Cryptanalysis of a Cognitive Authentication Scheme , 2006, IACR Cryptol. ePrint Arch..

[2]  David A. Wagner,et al.  Cryptanalysis of a Cognitive Authentication Scheme (Extended Abstract) , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[3]  Daniele D. Giusto,et al.  An Association-Based Graphical Password Design Resistant to Shoulder-Surfing Attack , 2005, 2005 IEEE International Conference on Multimedia and Expo.

[4]  Daphna Weinshall,et al.  Cognitive authentication schemes safe against spyware , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[5]  Susan Wiedenbeck,et al.  Design and evaluation of a shoulder-surfing resistant graphical password scheme , 2006, AVI '06.

[6]  Uwe Aickelin,et al.  Against Spyware Using CAPTCHA in Graphical Password Scheme , 2010, 2010 24th IEEE International Conference on Advanced Information Networking and Applications.

[7]  Sudhir Aggarwal,et al.  Next Gen PCFG Password Cracking , 2015, IEEE Transactions on Information Forensics and Security.

[8]  Emin Islam Tatli Cracking More Password Hashes With Patterns , 2015, IEEE Transactions on Information Forensics and Security.

[9]  Susan Wiedenbeck,et al.  Authentication Using Graphical Passwords: Basic Results , 2005 .

[10]  L.D. Paulson Taking a graphical approach to the password , 2002, Computer.

[11]  Dawei Hong,et al.  A Graphical Password Scheme Strongly Resistant to Spyware , 2004, Security and Management.