基于神经网络用户行为增强密码安全系统(IJIEEB-V4-N2-5)

I.J.InformationEngineeringandElectronicBusiness,2012,2,29-35PublishedOnlineApril2012inMECS()DOI:10.5815/ijieeb.2012.02.05Copyright©2012MECSI.J.InformationEngineeringandElectronicBusiness,2012,2,29-35EnhancedPasswordBasedSecuritySystemBasedonUserBehaviorusingNeuralNetworksPreetInderSinghDepartmentofCSE/IT,LovelyProfessionalUniversity(Punjab),PhagwaraEmail:preetindermail@gmail.comGourSundarMitraThakurDepartmentofCSE/IT,LovelyProfessionalUniversity(Punjab),PhagwaraEmail:cse.gsmt@gmail.comAbstract—Therearemultiplenumbersofsecuritysystemsareavailabletoprotectyourcomputer/resources.Amongthem,passwordbasedsystemsarethemostcommonlyusedsystemduetoitssimplicity,applicabilityandcosteffectivenessButthesetypesofsystemshavehighersensitivitytocyber-attack.Mostoftheadvancedmethodsforauthenticationbasedonpasswordsecurityencryptthecontentsofpasswordbeforestoringortransmittinginthephysicaldomain.Butallconventionalencryptionmethodsarehavingitsownlimitations,generallyeitherintermsofcomplexityorintermsofefficiency.Inthispaperanenhancedpasswordbasedsecuritysystemhasbeenproposedbasedonusertypingbehavior,whichwillattempttoidentifyauthenticityofanyuserfailingtologininfirstfewattemptsbyanalyzingthebasicuserbehaviors/activitiesandfinallytrainingthemthroughneuralnetworkandclassifyingthemasgenuineorintruder.IndexTerms—Artificialneuralnetworks,KeystrokeDynamics,intrusiondetection,Security&UserAuthentication.1.IntroductionItisoftenseenthattogainsomepersonalbenefitorattentionortoharmsomeonesomepeoplealwaystrytobreakcybersecurities.Thefirststepinpreventingunauthorizedaccessistoassureuserauthentication.Userauthenticationistheprocessofverifyingclaimedidentity.Theauthenticationisaccomplishedbymatchingsomeshort-formindicatorofidentity,suchasasharedsecretthathasbeenpre-arrangedduringenrollmentorregistrationforauthorizedusers[1].Thisisdoneforthepurposeofperformingtrustedcommunicationsbetweenpartiesforcomputingapplications.Thewell-knownID/password(staticauthentication)isfarthemostusedauthenticationmethod.Itiswidelyuseddespiteitsobviouslackofsecurity.Thisfactisduetotheeaseofimplementationofthissolution,andtotheinstantaneousrecognitionofthatsystembytheusersthatfacilitatesitsdeploymentandacceptance.Increasingthepasswordstrengthisasolutiontoavoiddictionaryattacksortomakebruteforceattacksinfeasible[2].Itisgenerallyacceptedthatthelengthofthepassworddeterminesthesecurityitprovides,however,itisnotexactlytrue:thestrengthofthepasswordisratherrelatedtoitsentropy.Forexample,Userthatchoosesapasswordof7charactersissaidtoprovidebetween16and28bitsofentropy.Theconventionalsecuritysystemcanbeshowninfigure-1givenbelow.Figure1:ConventionalSecuritySystemDuetothedeficienciesintraditionalpassword-basedaccessmethods/Securitysystems,thenewsecuritysystemcomesintoexistencewhichprovideshigherlevelofsecurityistheKeystrokebiometrics,30EnhancedPasswordBasedSecuritySystemBasedonUserBehaviorusingNeuralNetworksCopyright©2012MECSI.J.InformationEngineeringandElectronicBusiness,2012,2,29-35whichseekstoidentifyindividualsbytheirtypingcharacteristics[3].Conventionally,userauthenticationiscategorizedintothreeclasses[4]:Knowledge-based,ObjectorToken-based,Biometric-based.Theknowledge-basedauthenticationisbasedonsomethingoneknowsandischaracterizedbysecrecy.Theexamplesofknowledge-basedauthenticatorsarecommonlyknownpasswordsandPINcodes.Theobject-basedauthenticationreliesonsomethingonehasandischaracterizedbypossession.Behavioralcharacteristicsarerelatedtowhatapersondoes,orhowthepersonusesthebody.Voiceprint,traditionalkeystothedoorscanbeassignedtotheobject-basedcategory.Usuallythetoken-basedapproachiscombinedwiththeknowledge-basedapproach.AnexampleofthiscombinationisabankcardwithPINcode.Inknowledge-basedandobject-basedapproaches,passwordsandtokenscanbeforgotten,lostorstolen.Therearealsousabilitylimitationsassociatedwiththem.Forinstance,managingmultiplepasswords/PINs,andmemorizingandrecallingstrongpasswordsarenoteasytasks.Biometric-basedpersonrecognitionovercomestheabovementioneddifficultiesofknowledge-basedandobjectbasedapproaches.Thefollowingfigure-2showsthedifferentclassificationofuserauthenticationmethods.Figure2:ClassificationofUserAuthenticationapproachesBiometricstechnologiesaregainingpopularityduetothereasonthatwhenusedinconjunctionwithtraditionalmethodsofauthenticationtheyprovideanextralevelofsecurity.Biometricsinvolvessomethingapersonisordoes.Thesetypesofcharacteristicscanbeapproximatelydividedintophysiologicalandbehavioraltypes[4].Biometrictechnologiesaredefinedasautomatedmethodsofverifyingorrecognizingtheidentityofalivingpersonbasedonphysiologicalorbehavioralcharacteristics[5].Physiologicalcharacteristicsrefertowhatthepersonis,or,inotherwords,theymeasurephysicalparametersofacertainpartofthebody.SomeexamplesareFingerprints,HandGeometry,VeinChecking,IrisScanning,RetinalScanning,FacialRecognition,recognition,SignatureRecognition,MouseDynamicsandkeystrokedynamics,aregoodexamplesofthisgroup.KeystrokedynamicsisconsideredasastrongbehavioralBiometricbasedAuthen