[Link] Kumar, Nagesh Vadaparthi, [Link], A.
Alekhya/ International Journal of
Engineering Research and Applications (IJERA) ISSN: 2248-9622 [Link]
Vol. 3, Issue 2, March -April 2013, pp.1749-1751
Secure Sessionbased Authentication Schemes
[Link] Kumar1, Nagesh Vadaparthi2, A.Manvi3, A.Alekhya4
1,2,3,4
Department of Information Technology, MVGR College of Engineering, Vizianagaram.
ABSTRACT: techniques are sensitive to shoulder surfing [1].
Authentication is a process of verifying Therefore, there is a need for a novel approach that
the identity of someone (a user, device, or an can resist the problems existing with the current
entity) who wants to access data, resources, or graphical authentication schemes.
applications. Validating the identity shall establish In this paper we propose a novel approach for
a trust relationship for further interactions. graphical authentication schemes based on colors and
Authentication even enables the accountability by [Link] this technique we suggest new DAS
making it possible to integrate both access and scheme which overcomes the issues in DAS and
actions to specific identities. There are a huge RDAS. The paper is organized as the section-2
number of techniques to provide security in terms describes in detail about ODAS(One-Time Draw –a-
of authentication. But still there is wide scope for Secret) scheme and various levels of authentication
much enhanced authentication schemes. Hence in and section-3 conclude the paper.
this paper, we proposed a novel technique which is
based of one-time Draw-a-secret method. Related Techniques
I. INTRODUCTION In this technique we have suggested a novel
In the current world of advanced technique that can be applied for PCs, PDAs etc. In
technology, internet has become a part ofhuman life. this approach security has been provided through
But, the most promising issue is to protect the session passwords. The process includes 4 levels of
password. There are various techniques available in authentication where in the first level registration
the literature for assuring the security of password. process is carried out, second level incudes pair-
But, still there is a wide scope for improving the based authentication, third level is hybrid-based
security aspects in protecting the passwords. Though authentication and finally the fourth level is our
there are various techniques viz., encryption of newly proposed one-time draw-a-secret (ODAS)
passwords, hiding of passwords etc., graphical image scheme.
based authentication has its own importance in
assuring the [Link] above techniques are prone REGISTRATION PROCESS:
to cracking, dictionary attacks etc. [1]. Thus there is a In this process user needs to enter his mobile
need for an alternative technique to protect the number. The users mobile number is initially verified
passwords. This has paved a path for utilization of as shown in fig(1)and a textual session-password is
graphical passwords [2,3,4,5]. However, most generated which is sent to the users mobile.
existing graphical password authentication
Fig-1: Mobile number validation screen
1749 | P a g e
� [Link] Kumar, Nagesh Vadaparthi, [Link], [Link]/ International Journal of
Engineering Research and Applications (IJERA) ISSN: 2248-9622 [Link]
Vol. 3, Issue 2, March -April 2013, pp.1749-1751
Fig-2: Authentication by OTP
Now the user needs to enter this OTP at the then he must go through a few steps to get access to
authentication screen as shown in fig(2). If the user is the application. First his mobile number is verified as
not registered he will be navigated to the registration said above and then after getting verified registration
page before getting [Link] the client is a new user, form is displayed as shown in fig(3).
Fig-3: Registration Form
Then after entering his details in registration form a enter into the application as shown in fig(4). The
few DAS patterns are displayed where he needs to DAS scheme is stored in database for future
select his DAS scheme and finally has permissions to verification.
1750 | P a g e
� [Link] Kumar, Nagesh Vadaparthi, [Link], [Link]/ International Journal of
Engineering Research and Applications (IJERA) ISSN: 2248-9622 [Link]
Vol. 3, Issue 2, March -April 2013, pp.1749-1751
Fig-4: ODAS Scheme
PAIR-BASED AUTHENTICATION: III. CONCLUSION
The pair based password is also known as Authentication is an act of confirming the
secret password. The minimum length of the pair- truth of an attribute of a datum or entity. This might
based password is 8 characters. The user is made to involve confirming the identity of a person or
enter the pair-based password with the help of a user- software program, tracing the origins of an artifact, or
interface by dividing the password into pairs which ensuring that a product is what its packaging and
was entered in registration page as shown in the labeling claims to be. Authentication often involves
above fig(4) named as password. verifying the validity of at least one form of
The user interface is divided into 6*6 grid which identification. Therefore it plays a vital role in
display a combination of letters and numbers. This accessing the data or entity. Hence, in this paper we
grid changes randomly for every login. The secret have proposed a novel approach for secured
pass which he enters in pairs is considered as a pair authentication technique based on DAS which
of letters in which the first letter is used to select the provides high security.
row and second letter selects the column. This
intersection letter is treated as password to cross this REFERENCES
level of Authentication. [1] [Link] et al, “Authentication Techniques for
Engendering Session Passwords with Colors and
HYBRID-BASED AUTHENTICATION: Text”, Advances in Computer Science and its
The user at the time of registration is made Applications, 1(3):189-195, 2012.
to rate the colors as shown in fig(4) in the range of [2] [Link] and [Link], “S3PAS: A Scalable Shoulder-
numbers 1 to [Link] interface contains 8 colors for Surfing Resistant Textual-Graphical Password
which the user gives the rating. Depending on the Authentication Scheme”, 21st International
ratings given by the user to the colors, and also a grid Conference AINAW 07, Vol.2, pp:467-472,
of 8*8 size which changes for every login, the Canada 2007.
session password is obtained. [3] [Link], [Link] and [Link], “Graphical
Passwords: A Survey”, Proceesing of ACSAC,
2005.
II. ODAS [4] [Link] et al., “A New algorithm on
In the One-Time Draw-a-Secretlevel a grid of Graphical User Authentication (GUA) based on
3*3 consisting of set of same patterns are displayed. multi-line grids”, Scientific Research and Essays,
Here the session password is drawn based on the 5(24):3865-3875, 2010.
pattern selected during registration phase. This [5] [Link] et al., “Authentication Schemes for
pattern changes for every login. For the first login we Session Passwords using Color and Images”,
draw the first pattern. But as the login count increases International Journal of Network Security & its
the pattern gets rotated and is stored in the database. Applications (IJNSA), 3(3):111-119, 2011.
Now the user has to enter the rotated pattern after
somelogins. This rotation is done based on some
angle.
1751 | P a g e
