Abstract-User authentication through textual passwords is very common in computer systems due to its ease of use. However textual passwords are vulnerable to different kinds of security attacks, such as spyware and dictionary attacks. In order to overcome the deficiencies of textual password scheme, many graphical password schemes have been proposed. The proposed schemes could not fully replace textual passwords, due to usability and security issues. In this paper a text based user authentication scheme is proposed which improves the security of textual password scheme by modifying the password input method and adding a password transformation layer. In the proposed scheme alphanumeric password characters are represented by random decimal numbers which resist online security attacks such as shoulder surfing and key logger attacks. In the registration process password string is converted into a completely new string of symbols or characters before encryption. This strategy improves password security against offline attacks such as brute-force and dictionary attacks. In the proposed scheme passwords consist of alphanumeric characters therefore users are not required to remember any new kind of passwords such as used in graphical authentication. Hence password memorability burden has been minimized. However mean authentication time of the proposed scheme is higher than the textual password scheme due to the security measures taken for the online attacks.
Nowadays, the usage of the Industrial Internet of Things (IIoT) in practical applications has increased. The primary utilization is a fog cloud network, which offers different services, such as network and remote edges, at different places. Existing studies implemented the Service-Oriented Architecture (SOA) based on the fog-cloud network to run IIoT applications, such as e-healthcare, e-agriculture, renewable energy, etc. However, due to the applications' monolithic property, issues like failures, security, and cost factors occur, e.g. the failure of one service in SOA affects monolithic applications' performance in the system. With this motivation, this study suggests a microservice-based system to deal with the cost, security, and failure risks of IIoT applications in the fog-cloud system. The study improves the existing SOA systems for e-healthcare, e-agriculture, and renewable energy and minimizes the applications' overall cost. The performance evaluation shows that the devised systems outperform the existing SOA system in terms of failure, cost, and the deadline for all applications.
Despite numerous efforts, developing an authentication scheme that offers strong security while offering memorability and usability remains a grand challenge. In this paper, we propose a textual-graphical hybrid authentication scheme that improves the security, memorability and usability inadequacies of existing authentication schemes. This has been achieved by combining a range of mechanisms together, in a novel manner, to address weaknesses of the existing security schemes. Firstly, two dynamically selectable modes of password entry (Easy Login, and Secure Login) provide a trade-off between usability and security, allowing the user to dynamically switch to any of these methods in real-time based on the security of the surrounding environment (e.g., secure home environment versus insecure public places) or the criticality of the user account (e.g., a bank account). The other mechanisms included a novel use of the drawmetric mechanism for setting the password to improve memorability, multistep authentication, a novel adaptation of one-time password (OTP) concept using a random selection of password elements, random placement of password elements in different steps, assigning random numbers to the password elements to increase security, and use of simple addition to improve security. We have implemented and analysed the proposed scheme for its security against brute-force attacks, dictionary, shoulder surfing, random guessing, phishing or forming, keystroke/mouse logger, and multiple recording attacks. We have also investigated its usability and memorability, reporting various trends of password elements used and the respective authentication times. Moreover, we have compared the proposed scheme with eight other well-known authentication schemes in terms of its resilience and authentication time. The results and analyses demonstrate the effectiveness of the proposed scheme. We believe that a range of novel methods introduced in this proposed scheme opens several doors for innovation in security techniques.
Traditional textual password scheme provides a large number of password combinations but users generally use a small portion of available password space. Complex textual passwords are difficult to remember, therefore most users choose passwords with small length and contain dictionary words. Due to the use of small password length and dictionary words, textual passwords become easy to crack through offline guessability attacks. Traditional textual passwords scheme is also weak against keystroke logger attacks because alphanumeric characters are directly inserted into the password field. In this paper, enhancements are proposed in the registration and login screen of the traditional textual password scheme for improving security against offline guessability attacks and keystroke logger attacks. The proposed registration screen also improve memorability of traditional textual passwords through visual cues or patternbased approach. In the proposed login screen, passwords are indirectly inserted into the password field, to resist keystroke logger attacks. A comparative analysis between the passwords created in traditional and proposed pattern-based approach is presented. The testing results show that users create strong and high entropy passwords in the proposed pattern-based approach as compared to the traditional textual passwords approach.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.