Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
TWO FACTOR AUTHENTICATION INTRODUCTION Many fields in the world requires authentication of the users We use authentication in day-today life Most authentications are protected only by “Passwords”. Eg : E –mail, Face Book Passwords are known to be one of the easiest target of hackers. So the authentication is easily broken SOLUTION: Two Factor Authentication problems with passwords “Social engineering” Finding written password Post-It Notes Guessing password / pin Dog/Kid’s name/ Birthday Shoulder surfing Keystroke logging Can be resolved with mouse based entry Screen scraping (with Keystroke logging) Brute force password crackers L0phtcrack Two Factor Two Factor Authentication Authentication Two Factor Authentication TFA is the most commonly used authentication means It is based on the following factors: Something you know (as a secret password). Something you have (as an unclonable secure device with a secret key). Something you are(E.g : Biometrics) Two Factor Authentication implements two of the above factors Something you know Pin Password Mothers Maiden Name Something you own Keys Two Factor Authentication Two Factor Authentication consists of Two of the three factors Example: ATM Cash Machine Something you Know – Pin Something you Own - Cash Card (Chip) Stronger and more secure than the traditionally implemented one factor authentication system. Two Factor Authentication An approach to authentication which requires the presentation of two different kinds of evidence that someone is who they say they are. From a security perspective, the ideas is to use evidences which have separate range of attack vectors (e.g. logical, physical)leading to more complex attack scenario and consequently lower risk. TFA Two-factor authentication is commonly found in electronic computer authentication, where basic authentication is the process of a requesting entity presenting some evidence of its identity to a second entity. Two-factor authentication seeks to decrease the probability that the requester is presenting false evidence of its identity. TFA TFA could drastically Reduce the incidence of online identity theft, Reduce other online fraud Because the victim’s password would no longer be enough to give a thief permanent access to their information. FEASIBILITY Two Factor STUDY Authentication TECHNICAL FEASIBILITYFEASIBILITY STUDY Feasibility is a test of the proposed system according system according to workability, impact on the The project requires the system to be functional organization ability to meet user needs and as effectiveness multi-user use one. of resources. following are the feasibilitybe study employed: It should based on specified technology. The system under study must be portable and Technicalindependent. feasibility platform Operational feasibility The software that is needed for the Economic feasibility development of the system is java script support socket programming, remote database, xml etc which is easily available. OPERATIONAL FEASIBILITY FEASIBILITY STUDY Feasibility is a test of the proposed system according system according to workability, impact on the The proposed system offers organization ability to meet user needs and User friendliness effectiveness use of resources. following are the feasibility study employed: Great understand ability Less Restriction on companies Technical feasibility Simplicity Operational feasibility Economic feasibility The operations of this application are absolutely simple. Handling this application does not need much training. so the system is operationally feasible. ECONOMIC FEASIBILITYFEASIBILITY STUDY Feasibility is a test of the proposed system according system according to workability, impact on the There is no need fortomuch initial investment for organization ability meet user needs and software or hardware. effectiveness use of resources. following are the study employed:to a maximum extend Thefeasibility total cost is reduced • • because the cost that should be expended in gateway Technicalproviders feasibility is not presented here. of service TheOperational system isfeasibility economically feasible because of the Economic feasibility reduced cost as compared to the existing system. • The Existing System Most systems today rely on static passwords to verify the user’s identity which can affect security management. Passwords are known to be one of the easiest targets of hackers. The PP-TAKE protocol is based on the Decision Diffie-Hellman (DDH) problem. The Proposed System Juanget al.’s protocols are modifications of the PPTAKE protocol. The protocols are based on the DDH protocols but they have fewer message exchanges than the PPTAKE protocol. This protocol provides identity privacy. This protocol also provides only half forward secrecy as it can ensure forward secrecy only at the client side and not at the server SYSTEM REQUIREMENTS Software requirements: Front End : Java Back end : My SQL OS : Linux, Windows IDE : Net beans Hardware requirements: Processor : Pentium IV or above Primary Memory : 256 MB RAM Storage : 40 GB Hard Disk SYSTEM DESIGN AND ANALYSIS This phase is the first in moving from the problem domain to the solution domain. At the end of design phase is design document which is used for the later implement of the project. In system design, the specifications of client requirements are studied and we identified how client interacts with system. Based on this the input and output format, major modules in the system and desired result are identified. Accordingly, suitable software and hardware specifications required are chosen. INPUT DESIGN GUI of software is created using java Applet. It have option of giving remote machine address, port number, RSA key length. It have buttons data, which allows user to select connect, listen, send data, receive data, generate key and also to disconnect. There it have a text field for entering user message OUTPUT DESIGN Output are the most important and direct source in information to the consumer and administrator. Intelligent output design will improve the system’s relationship with user and help in decision making. It has a conversation panel to display the connection information, remote messages and information for user. DATABASE DESIGN FIGURE: SYSTEM STRUCTURE USERS CLIENT SERVER DATABASE DATABASE DESIGN The database design gives us a description about how data is stored and retrieved from storage area i.e ; the database. The design phase is comprised of 4 phases. The entities and their design criterias are described in the following slide. DATABASE DESIGN Phase 1: The user is referred to the person having the smartcard. User can get the smartcard by registering into the system via client. Phase 2: Client is the interface between the user and the system. The client authenticates the user by verifying the smartcard and the details provided by the user. Phase 3: Server: Authenticates the user by comparing the MODULES Two Factor Authentication 1. Registration stage The user should be registered to be an authenticated user. An unregistered user should not be allowed to enter the corresponding site. Here, the user registers with the server. 2. Username and Password selection The User who registers to the site should contains a username and a password. Only the recognised user could creates his own user username and password. 3. Symmetric Key Generation This is the first stage of authentication. The symmetric key is generated for further security purposes. Symmetric Key, t, is generated as per the formula . 4. Static Private Key Generation Private key is to be produced in order to authenticate using public key authentication. The server generates a random number b and set it as static private key 5. Public Key Generation The server generates static public key based on the static private key. The public key is generated based on the equation y s = g b mod p y s = public key b = static private key 6. Pre-computation stage This module deals with the generation of values and some computations required in the authentication. The user selects a random value x in Zq and computes yu = gx mod p 7. Reducing computational overhead This module deals with the generation of values that reduces computational overhead in authentication and key exchange stage. The user computes c = g bx mod p and stores it. 8. Authentication Mutual authentication is done between server and client. Session key is also generated. This module consists of 4 sub-modules (8.1) A computes SIDA, i=h(π, t, i) f=h(π, t ,IDA), e=E f ( y u ) sends (e, SIDA , i) to B. 8. Authentication (8.2) The computation of B B replace π and t stored in the database to SID ‘ A, i =h(π, t, i) B finds a value matching SIDA, i sent by A After finding right π and t, B acquires IDA B computes f=h(π, t, IDA) and y u= D f(e) After decryption , B computes c= ( k=h(cg x) b mod p B selects a random value r. B computes sk=h(c, r, IDA) and MB= h(s k,π, t, IDA) B sends r and M b to A. 8. Authentication (8.3) Mutual Authentication A computes the session key s k=h(c, r, IDA). A and B share the session key sk. A computes MB= h( s k, π, t, IDA) and compares it with the MB = h ( s k, π, t, y s ) and send it to B. (8.4) Mutual Authentication by B B computes MA= h(s k, π, t, y s) and compares it with the MA sent by A. if so, B authenticates A as a legimate user. Now a mutual authentication between A and B is completed. 9. Key Exchange Stage The generated keys are exchanged. A and B produces its own session keys. They are exchanged in various stages of authentication in order to check its validity. 10. Successful/Unsuccessful Login stage User Login is checked and verified whether its successful or not. Its based upon the information provided by the user. The server checks the details and if the informations are found correct, the user is allowed to login successfully, else it shows ‘Unsuccessful Login’ REGISTRATION TABLE FIELD TYPE DESCRIPTION SIZE ID VARCHAR USER-ID 50 PASSWORD VARCHAR PASSWORD 50 USERNAME VARCHAR USERNAME 50 LOGIN TABLE FIELD TYPE DESCRIPTION SIZE ID VARCHAR USER-ID 50 PASSWORD VARCHAR PASSWORD 50 USERNAME VARCHAR USERNAME 50 SUCCESSFUL TABLE FIELD TYPE DESCRIPTION SIZE ID VARCHAR USER-ID 50 PASSWORD VARCHAR PASSWORD 50 USERNAME VARCHAR USERNAME 50 SUCCESS VARCHAR SUCCESS 50 DATA FLOW DIAGRAM UML Use Case Diagrams can be used to describe the functionality of a system in a horizontal way, rather than merely representing. The details of individual features of the system in horizontal way. Rather than merely representing the details of individual features of the system, UCDs can be used to show all of its available functionality. It is important to note, though, that UCDs are fundamentally different from sequence diagrams or flow charts because they do not make any attempt to represent the order or number of times that the systems actions and sub-actions should be executed REGISTRATION User details Registration User Smart Card Client User details Server User Register LOGIN Encrypted details Registration Details User Client Smart Card Server User Register UCD(Use Case Diagram) UCDs have only 4 major elements: 1. 2. 3. 4. The actor ,that the system you are describing interacts with. The system itself. The use case or services, that the system knows how to perform The lines that represent relationships between these elements. Here the actor is a person, organization or external system that plays a role in one or more interactions with the system. A use case describes a sequence of action that provides something of measurable value to an actor and is drawn as horizontal ellipse. A rectangle is drawn around the use cases called the system boundary box to indicate the scope of the system. Anything within the box represents functionality that is in scope and anything outside the box is not. In the registration phase and the login phase is represented using UCD. The main entities include the user(the person who has the possession of smartcard),client(link between user and system),sever(function provider) and a database where the whole details about the user is being stored and updated. The registration phase and the login phase is represented using UCD. The main entities include the user(the person who has the possession of smartcard),client(link between user and the system ) , server(function provider) and a database where the whole details about the user is being stored and updated. In the registration phase, the user registers using the client which passes the user details onto the server which is stored on the database. The details will be entered onto the smartcard which the user has. In the login phase, the user registers using the smartcard. The client passes the encrypted details onto the server where it stores on the database. FORM DESIGN OF REGISTRATION FORM DESIGN OF LOGIN Thank You !! By, SHEEBA.L 2nd MSC CS AJK CAS