A Steganography-based framework to prevent active attacks during user authentication

User authentication is a vital component in most systems that need to assure security of services and data. Majority of the applications so far depend on alphanumeric text based password schemes for authentication, however, user information management is not as secure in some systems. A weak authentication may also enable hackers to steal user information or bypass authentication. Increase of social engineering schemes and use of multiple accounts per user has also brought new problems in password authentication schemes. Social profiles of users available in the public domain has led to exposing personal data and has made privacy a major issue. Users tend to use personal data to create passwords and hence this implies that password based authentication has become more vulnerable. This paper proposes a new framework of authentication, called imgAuth which is an image steganography based authentication scheme and user profile management. imgAuth image can act as a universal authentication framework, which has a balance between security, integrity and availability. We show that our approach is practical, and resistant against popular attacks that we had planned to overcome in this project. Experimental prototype shows that we do much better than some existing schemes.

[1]  Olivier Billet,et al.  Cryptanalysis of Rainbow , 2006, SCN.

[2]  Tal Garfinkel,et al.  Reducing shoulder-surfing by using gaze-based password entry , 2007, SOUPS '07.

[3]  Paul C. van Oorschot,et al.  Digital Objects as Passwords , 2008, HotSec.

[4]  Lars R. Knudsen,et al.  The Interpolation Attack on Block Ciphers , 1997, FSE.

[5]  D. Kulkarni,et al.  iPass Framework to Create Secure and Usable Passwords , 2009 .

[6]  Michael K. Reiter,et al.  The Design and Analysis of Graphical Passwords , 1999, USENIX Security Symposium.

[7]  Shawn D. Dickman An Overview of Steganography , 2007 .

[8]  Raphael C.-W. Phan,et al.  Related-Key Attacks on Triple-DES and DESX Variants , 2004, CT-RSA.

[9]  Chet Hosmer,et al.  An Overview of Steganography , 2011, Adv. Comput..

[10]  S. Murphy The Return of the Boomerang , 2009 .

[11]  Sushil Jajodia,et al.  Steganalysis: the investigation of hidden information , 1998, 1998 IEEE Information Technology Conference, Information Environment for the Future (Cat. No.98EX228).

[12]  M. Angela Sasse,et al.  Making Passwords Secure and Usable , 1997, BCS HCI.