关键计算机强大的安全系统(IJITCS-V4-N6-4)

I.J.InformationTechnologyandComputerScience,2012,6,24-29PublishedOnlineJune2012inMECS()DOI:10.5815/ijitcs.2012.06.04Copyright©2012MECSI.J.InformationTechnologyandComputerScience,2012,6,24-29RobustSecuritySystemforCriticalComputersPreetInderSinghDepartmentofCSE,LovelyProfessionalUniversity(Punjab),PhagwaraEmail:preetindermail@gmail.comAbstract—Amongthevariousmeansofavailableresourceprotectionincludingbiometrics,passwordbasedsystemismostsimple,userfriendly,costeffectiveandcommonlyused,butthissystemhavinghighsensitivitywithattacks.Mostoftheadvancedmethodsforauthenticationbasedonpasswordencryptthecontentsofpasswordbeforestoringortransmittinginphysicaldomain.Butallconventionalcryptographicbasedencryptionmethodsarehavingitsownlimitations,generallyeitherintermsofcomplexity,efficiencyorintermsofsecurity.Inthispaperasimplemethodisdevelopedthatprovidemoresecureandefficientmeansofauthentication,atthesametimesimpleindesignforcriticalsystems.Apartfromprotection,asteptowardperfectsecurityhastakenbyaddingthefeatureofintruderdetectionalongwiththeprotectionsystem.Thisispossiblebymergingvarioussecuritysystemswitheachotheri.epasswordbasedsecuritywithkeystrokedynamic,thumbimpressionwithretinascanassociatedwiththeusers.Thisnewmethodiscentrallybasedonuserbehaviorandusersrelatedsecuritysystem,whichprovidestherobustsecuritytothecriticalsystemswithintruderdetectionfacilities.IndexTerms—Thumbimpression,KeystrokeDynamics,ComputerSecurity&UserAuthenticationetc.I.Introduction1.1WhatarecriticalSystemsCriticalsystemsaresystemsinwhichdefectscouldhaveadramaticimpactonhumanlife,sensitiveinformation,theenvironmentorsignificantassets.Suchsystemsareexpectedtosatisfyavarietyofspecificqualitiesincludingreliability,availability,securityandsafety.Withthesteadyinfiltrationofcomputersandsoftwareinallaspectsofourmodernworld,criticalsystemsincreasinglydependonsoftwarefunctionality.Thesesystemsarecommonplaceinmanydifferentproducts,rangingfromaircraftsystemstohomeusemedicaldevices.Criticalsoftwaremustbeembeddedinthecriticalsystem/systems.Criticalsoftwarecanalsobeoneelementinasystemofsystems.1.2NeedofRobustSecuritytoCriticalSystemsToprotectthesensitiveinformationfromtheintruder/hackersweneedhighestlevelofsecurityforthecriticalsystems.Thenumberofcriticalcomputer/systemsusersandtheirdatabasesareincreasingdaybydayandrobustsecuritybecomestheoneofthechallengingtothesecomputers.Simplepasswordbasedsecuritysystemdoesnotprovidetherobustsecuritytothesetypesofsystemsbecausesimplepasswordsystemshasmanytypesofweakness.So,differenttypesofattacksarepossibleonsimplestpasswordbasedsystemwhichiswidelyusedbecauseofitssimplicityandeasytouse.Theseare1.Phishing.2.Keylogging.3.Abrute-forceattackontheuser'saccount(i.e.anattackerknowstheuserIDandtriestoguessthepassword).4.Abulkguessingattackonallaccountsattheinstitution.5.Specialknowledgeoraccessattacks:(a)Guessingbasedoninformationabouttheuser.(b)Shouldersurfing.(c)Consoleaccesstoamachinewherepasswordauto-fillisenabledorapasswordmanagerisinuse.Ascanbeseen,noneofthepasswordbestpracticesoffersanyrealprotectionagainstphishingorkey-logging,whichappeartobethemostprevalentattacks.Strongpasswordsarejustassusceptibletobeingstolenbyaphisherorkeyloggerasweakones,andchangingthepasswordfrequentlyhelpsonlyiftheattackerisextremelyslowtoexploittheharvestedcredentials.Hence,toovercomethisproblemtheultimatelevelofsecuritysystemisdeveloped.Computersecurityhasbecomeanimportantissueinrecenttimes.Ithasbecomenecessarytocontroltheaccesstocomputersystemsduetomoreandmoresensitiveinformationbeingstoredonthem.PatternrecognitionandclassificationisatechniquethatcanbeusedtodeterminethatanindividualisreallywhoheRobustSecuritySystemforCriticalComputers25Copyright©2012MECSI.J.InformationTechnologyandComputerScience,2012,6,24-29saysheis.Previouseffortshavefocusedonhandwritinganalysistodeterminetheidentityoftheuser,withlimitedsuccess.Morerecently,classicalpatternrecognitiontechniqueshavebeenappliedtotheindividual’stypingtechniquetoachieveuseridentification[l].Thenumberofcomputeruseshasincreasedrapidlyandsotoohastheuseofinternetapplicationssuchase-commerce,onlinebankingservices,webmail,andblogs.Allinternetapplicationsrequiretheusertouseapasswordauthenticationschemetomakesureonlythegenuineindividualcanlogintotheapplication.Passwordsandpersonalidentificationnumbers(PIN)havetraditionallybeenusedtoaccesssuchapplications[2,3,4].However,itiseasyforunauthorizedpersonstoaccessthesesystemswithoutdetection.Inordertoenhancesuchpasswordauthenticationsystems,typingbiometrics,knownaskeystroke,canbeusedasatransparentlayerofuserauthentication.Theconventionalsecuritysystemcanbeshowninfigure-1givenbelow.TheuserwhichhastheIDandcorrespondingpasswordcaneasilylogontothecomputersystemandaccesstheresources[9].Figure1:ConventionalSecuritySystemDuetothedeficienciesintraditionalpassword-basedaccessmethods/Securitysystems,thenewsecuritysystemcomesintoexistencewhichprovideshigherlevelofsecurityistheKeystrokebiometrics,whichseekstoidentifyindividualsbytheirtypingchar