a4academics.com
Download
Report
Transcript a4academics.com
TWO FACTOR
AUTHENTICATION
INTRODUCTION
Many fields in the world requires authentication of the
users
We use authentication in day-today life
Most authentications are protected only by “Passwords”.
Eg : E –mail, Face Book
Passwords are known to be one of the easiest target of
hackers. So the authentication is easily broken
SOLUTION:
Two Factor Authentication
problems with passwords
“Social engineering”
Finding written password
Post-It Notes
Guessing password / pin
Dog/Kid’s name/ Birthday
Shoulder surfing
Keystroke logging
Can be resolved with mouse based entry
Screen scraping (with Keystroke logging)
Brute force password crackers
L0phtcrack
Two Factor
Two Factor
Authentication
Authentication
Two Factor Authentication
TFA is the most commonly used authentication
means
It is based on the following factors:
Something you know (as a secret password).
Something you have (as an unclonable secure
device with a secret key).
Something you are(E.g : Biometrics)
Two Factor Authentication implements two of the
above factors
Something you know
Pin
Password
Mothers Maiden Name
Something you own
Keys
Two Factor Authentication
Two Factor Authentication consists of Two of the three
factors
Example: ATM Cash Machine
Something you Know – Pin
Something you Own - Cash Card (Chip)
Stronger and more secure than the traditionally
implemented one factor authentication system.
Two Factor Authentication
An approach to authentication which requires the
presentation of two different kinds of evidence that
someone is who they say they are.
From a security perspective, the ideas is to use
evidences which have separate range of attack vectors
(e.g. logical, physical)leading to more complex attack
scenario and consequently lower risk.
TFA
Two-factor authentication is commonly found in
electronic computer authentication, where basic
authentication is the process of a requesting entity
presenting some evidence of its identity to a second
entity.
Two-factor authentication seeks to decrease the
probability that the requester is presenting false
evidence of its identity.
TFA
TFA could drastically
Reduce the incidence of online identity theft,
Reduce other online fraud
Because the victim’s password would no
longer be enough to give a thief permanent
access to their information.
FEASIBILITY
Two
Factor
STUDY
Authentication
TECHNICAL
FEASIBILITYFEASIBILITY
STUDY
Feasibility is a test of the proposed system according
system according to workability, impact on the
The
project requires the system to be functional
organization ability to meet user needs and
as effectiveness
multi-user use
one.
of resources. following are the
feasibilitybe
study
employed:
It should
based
on specified technology.
The system under study must be portable and
Technicalindependent.
feasibility
platform
Operational feasibility
The software that is needed for the
Economic feasibility
development of the system is java script
support socket programming, remote database,
xml etc which is easily available.
OPERATIONAL
FEASIBILITY
FEASIBILITY STUDY
Feasibility is a test of the proposed system according
system according to workability, impact on the
The
proposed system offers
organization ability to meet user needs and
User
friendliness
effectiveness
use of resources. following are the
feasibility
study employed:
Great
understand
ability
Less Restriction on companies
Technical feasibility
Simplicity
Operational feasibility
Economic feasibility
The operations of this application are absolutely
simple. Handling this application does not need
much training. so the system is operationally feasible.
ECONOMIC
FEASIBILITYFEASIBILITY
STUDY
Feasibility is a test of the proposed system according
system according to workability, impact on the
There
is no need
fortomuch
initial
investment
for
organization
ability
meet user
needs
and
software
or hardware.
effectiveness
use of resources. following are the
study
employed:to a maximum extend
Thefeasibility
total cost
is reduced
•
•
because the cost that should be expended in gateway
Technicalproviders
feasibility is not presented here.
of service
TheOperational
system isfeasibility
economically feasible because of the
Economic
feasibility
reduced
cost
as compared to the existing system.
•
The Existing System
Most systems today rely on static passwords to
verify the user’s identity which can affect security
management.
Passwords are known to be one of the easiest
targets of hackers.
The PP-TAKE protocol is based on the Decision
Diffie-Hellman (DDH) problem.
The Proposed System
Juanget al.’s protocols are modifications of the PPTAKE protocol.
The protocols are based on the DDH protocols but
they have fewer message exchanges than the PPTAKE protocol.
This protocol provides identity privacy.
This protocol also provides only half forward secrecy
as it can ensure forward secrecy only at the client
side and not at the server
SYSTEM REQUIREMENTS
Software requirements:
Front End : Java
Back end : My SQL
OS
: Linux, Windows
IDE : Net beans
Hardware requirements:
Processor
: Pentium IV or above
Primary Memory : 256 MB RAM
Storage
: 40 GB Hard Disk
SYSTEM DESIGN AND ANALYSIS
This phase is the first in moving from the problem
domain to the solution domain.
At the end of design phase is design document
which is used for the later implement of the project.
In system design, the specifications of client
requirements are studied and we identified how
client interacts with system.
Based on this the input and output format, major
modules in the system and desired result are
identified.
Accordingly, suitable software and hardware
specifications required are chosen.
INPUT
DESIGN
GUI of software
is created using java Applet.
It have option of giving remote machine address,
port number, RSA key length.
It have buttons data, which allows user to select
connect, listen, send data, receive data, generate key
and also to disconnect.
There it have a text field for entering user message
OUTPUT DESIGN
Output are the most important and direct source in
information to the consumer and administrator.
Intelligent output design will improve the system’s
relationship with user and help in decision making.
It has a conversation panel to display the connection
information, remote messages and information for
user.
DATABASE DESIGN
FIGURE: SYSTEM STRUCTURE
USERS
CLIENT
SERVER
DATABASE
DATABASE DESIGN
The database design gives us a description about
how data is stored and retrieved from storage area
i.e ; the database.
The design phase is comprised of 4 phases.
The entities and their design criterias are described
in the following slide.
DATABASE DESIGN
Phase 1:
The user is referred to the person having the
smartcard. User can get the smartcard by registering
into the system via client.
Phase 2:
Client is the interface between the user and the
system. The client authenticates the user by
verifying the smartcard and the details provided by
the user.
Phase 3:
Server: Authenticates the user by comparing the
MODULES
Two Factor
Authentication
1. Registration stage
The user should be registered to be an
authenticated user. An unregistered user should not be
allowed to enter the corresponding site. Here, the user
registers with the server.
2. Username and Password selection
The User who registers to the site should contains
a username and a password. Only the recognised user
could creates his own user username and password.
3. Symmetric Key Generation
This is the first stage of authentication. The
symmetric key is generated for further security
purposes. Symmetric Key, t, is generated as per the
formula .
4. Static Private Key Generation
Private key is to be produced in order to
authenticate using public key authentication. The
server generates a random number b and set it as static
private key
5. Public Key Generation
The server generates static public key based on
the static private key. The public key is generated based
on the equation y s = g b mod p
y s = public key
b = static private key
6. Pre-computation stage
This module deals with the generation of values and some
computations required in the authentication. The user selects a random
value x in Zq and computes yu = gx mod p
7. Reducing computational overhead
This module deals with the generation of values that reduces
computational overhead in authentication and key exchange stage. The
user computes c = g bx mod p and stores it.
8. Authentication
Mutual authentication is done between server and client.
Session key is also generated.
This module consists of 4 sub-modules
(8.1) A computes SIDA,
i=h(π, t, i)
f=h(π, t ,IDA),
e=E f ( y u )
sends (e, SIDA , i) to B.
8. Authentication
(8.2)
The computation of B
B replace π and t stored in the database to SID ‘ A, i =h(π, t, i)
B finds a value matching SIDA, i sent by A
After finding right π and t, B acquires IDA
B computes f=h(π, t, IDA) and y u= D f(e)
After decryption , B computes c= ( k=h(cg x) b mod p
B selects a random value r.
B computes sk=h(c, r, IDA) and MB= h(s k,π, t, IDA)
B sends r and M b to A.
8. Authentication
(8.3) Mutual Authentication
A computes the session key s k=h(c, r, IDA).
A and B share the session key sk.
A computes MB= h( s k, π, t, IDA) and compares it with the MB = h ( s
k, π, t, y s ) and send it to B.
(8.4) Mutual Authentication by B
B computes MA= h(s k, π, t, y s) and compares it with the MA sent by
A.
if so, B authenticates A as a legimate user.
Now a mutual authentication between A and B is completed.
9. Key Exchange Stage
The generated keys are exchanged. A and B produces its own
session keys. They are exchanged in various stages of authentication
in order to check its validity.
10. Successful/Unsuccessful Login stage
User Login is checked and verified whether its successful or not.
Its based upon the information provided by the user. The server
checks the details and if the informations are found correct, the user
is allowed to login successfully, else it shows ‘Unsuccessful Login’
REGISTRATION TABLE
FIELD
TYPE
DESCRIPTION
SIZE
ID
VARCHAR
USER-ID
50
PASSWORD
VARCHAR
PASSWORD
50
USERNAME
VARCHAR
USERNAME
50
LOGIN TABLE
FIELD
TYPE
DESCRIPTION
SIZE
ID
VARCHAR
USER-ID
50
PASSWORD
VARCHAR
PASSWORD
50
USERNAME
VARCHAR
USERNAME
50
SUCCESSFUL TABLE
FIELD
TYPE
DESCRIPTION
SIZE
ID
VARCHAR
USER-ID
50
PASSWORD
VARCHAR
PASSWORD
50
USERNAME
VARCHAR
USERNAME
50
SUCCESS
VARCHAR
SUCCESS
50
DATA FLOW DIAGRAM
UML Use Case Diagrams can be used to describe the
functionality of a system in a horizontal way, rather
than merely representing.
The details of individual features of the system in
horizontal way.
Rather than merely representing the details of
individual features of the system, UCDs can be used
to show all of its available functionality.
It is important to note, though, that UCDs are
fundamentally different from sequence diagrams or
flow charts because they do not make any attempt
to represent the order or number of times that the
systems actions and sub-actions should be executed
REGISTRATION
User
details
Registration
User
Smart Card
Client
User
details
Server
User
Register
LOGIN
Encrypted
details
Registration
Details
User
Client
Smart Card
Server
User
Register
UCD(Use Case Diagram)
UCDs have only 4 major elements:
1.
2.
3.
4.
The actor ,that the system you are describing interacts
with.
The system itself.
The use case or services, that the system knows how
to perform
The lines that represent relationships between these
elements.
Here the actor is a person, organization or
external system that plays a role in one or
more interactions with the system.
A use case describes a sequence of action
that provides something of measurable
value to an actor and is drawn as horizontal
ellipse.
A rectangle is drawn around the use cases
called the system boundary box to indicate
the scope of the system.
Anything within the box represents
functionality that is in scope and anything
outside the box is not.
In the registration phase and the login phase is
represented using UCD.
The main entities include the user(the person who
has the possession of smartcard),client(link between
user and system),sever(function provider) and a
database where the whole details about the user is
being stored and updated.
The registration phase and the login phase is
represented using UCD.
The main entities include the user(the person who
has the possession of smartcard),client(link between
user and the system ) , server(function provider) and
a database where the whole details about the user is
being stored and updated.
In the registration phase, the user registers using the
client which passes the user details onto the server
which is stored on the database.
The details will be entered onto the smartcard which
the user has. In the login phase, the user registers
using the smartcard.
The client passes the encrypted details onto the
server where it stores on the database.
FORM DESIGN OF REGISTRATION
FORM DESIGN OF LOGIN
Thank You !!
By,
SHEEBA.L
2nd MSC CS
AJK CAS