Multi-factor graphical user authentication for web applications

Detalhes bibliográficos
Autor(a) principal: Badikyan, Hasmik
Data de Publicação: 2017
Outros Autores: Pedrosa, Tiago, Lopes, Rui Pedro
Idioma: eng
Título da fonte: Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
Texto Completo: http://hdl.handle.net/10198/25801
Resumo: Nowadays, there is a current trend that leads people to use web applications, requiring additional concerns for the protection of their accounts with strong authentication methods. In this sense, this work researches the problems and solutions related with the authentication, specially concerning textual and graphical passwords. One common authentication problem is the difficulty users have in remembering textual passwords, especially when they are long and random-looking. In alternative, graphical passwords are easier to remember, because of their visual aspect. This work proposes a recognition and recall based graphical authentication methods that can be used in the challenge phase of user authentication. A security analysis is made to check the correctness of the proposed solution and how it minimizes the vulnerabilities of the authentication process. These analyses will enable us to implement these challenges in future work as an extension to authentication, authorization and accounting services, supporting a multi-factor authentication and combining these challenges with others already available. The idea is to extend an authentication method on Apache Shiro to provide developers with a common framework to develop secure web application with strong authentication, authorization and accounting.
id RCAP_8b29e35eddaa4a9090a5f7e561d0f382
oai_identifier_str oai:bibliotecadigital.ipb.pt:10198/25801
network_acronym_str RCAP
network_name_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository_id_str https://opendoar.ac.uk/repository/7160
spelling Multi-factor graphical user authentication for web applicationsAutenticação multi-factor gráfico para aplicações webAuthenticationGraphical passwordsWeb applicationsNowadays, there is a current trend that leads people to use web applications, requiring additional concerns for the protection of their accounts with strong authentication methods. In this sense, this work researches the problems and solutions related with the authentication, specially concerning textual and graphical passwords. One common authentication problem is the difficulty users have in remembering textual passwords, especially when they are long and random-looking. In alternative, graphical passwords are easier to remember, because of their visual aspect. This work proposes a recognition and recall based graphical authentication methods that can be used in the challenge phase of user authentication. A security analysis is made to check the correctness of the proposed solution and how it minimizes the vulnerabilities of the authentication process. These analyses will enable us to implement these challenges in future work as an extension to authentication, authorization and accounting services, supporting a multi-factor authentication and combining these challenges with others already available. The idea is to extend an authentication method on Apache Shiro to provide developers with a common framework to develop secure web application with strong authentication, authorization and accounting.Hoje em dia, as pessoas recorrem, de forma crescente, à utilização de aplicações web, necessitando proteger as suas contas com métodos de autenticação forte. Considerando esta necessidade, este trabalho investiga os problemas e soluções de autenticação, especialmente relacionadas com palavras chave textuais e gráficas. Um problema comum dos utilizadores é a dificuldade de se lembrar de palavras chave textuais que sejam longas e pareçam criadas aleatoriamente. Por outro lado, as palavras chave gráficas são mais fáceis de recordar, devido ao aspeto visual. Este trabalho propõe métodos de autenticação gráfica baseados em reconhecimento e localização de pontos que podem ser utilizados como desafios de autenticação. É, também, efetuada uma análise de segurança aos métodos propostos por verificar a sua correção e que minimizam vulnerabilidades do processo de autenticação. Estes resultados permitirão, no futuro, implementar desafios de autenticação adicionais como uma extensão aos serviços de autenticação, autorização e contabilização, de forma a suportar autenticação multifator. A ideia será estender os métodos de autenticação do Apache Shiro para permitir os programadores desenvolverem, utilizando uma framework comum, aplicações web seguras com autenticação, autorização e contabilização.Instituto Politécnico de BragançaBiblioteca Digital do IPBBadikyan, HasmikPedrosa, TiagoLopes, Rui Pedro2022-08-02T15:33:47Z20172017-01-01T00:00:00Zconference objectinfo:eu-repo/semantics/publishedVersionapplication/pdfhttp://hdl.handle.net/10198/25801engBadikyan, Hasmik; Pedrosa, Tiago; Lopes, Rui Pedro (2017). Multi-factor graphical user authentication for web applications. In V Encontro de Jovens Investigadores do Instituto Politécnico de Bragança, Bragança.978-972-745-235-4info:eu-repo/semantics/openAccessreponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiainstacron:RCAAP2025-02-25T12:16:37Zoai:bibliotecadigital.ipb.pt:10198/25801Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireinfo@rcaap.ptopendoar:https://opendoar.ac.uk/repository/71602025-05-28T11:44:17.295675Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiafalse
dc.title.none.fl_str_mv Multi-factor graphical user authentication for web applications
Autenticação multi-factor gráfico para aplicações web
title Multi-factor graphical user authentication for web applications
spellingShingle Multi-factor graphical user authentication for web applications
Badikyan, Hasmik
Authentication
Graphical passwords
Web applications
title_short Multi-factor graphical user authentication for web applications
title_full Multi-factor graphical user authentication for web applications
title_fullStr Multi-factor graphical user authentication for web applications
title_full_unstemmed Multi-factor graphical user authentication for web applications
title_sort Multi-factor graphical user authentication for web applications
author Badikyan, Hasmik
author_facet Badikyan, Hasmik
Pedrosa, Tiago
Lopes, Rui Pedro
author_role author
author2 Pedrosa, Tiago
Lopes, Rui Pedro
author2_role author
author
dc.contributor.none.fl_str_mv Biblioteca Digital do IPB
dc.contributor.author.fl_str_mv Badikyan, Hasmik
Pedrosa, Tiago
Lopes, Rui Pedro
dc.subject.por.fl_str_mv Authentication
Graphical passwords
Web applications
topic Authentication
Graphical passwords
Web applications
description Nowadays, there is a current trend that leads people to use web applications, requiring additional concerns for the protection of their accounts with strong authentication methods. In this sense, this work researches the problems and solutions related with the authentication, specially concerning textual and graphical passwords. One common authentication problem is the difficulty users have in remembering textual passwords, especially when they are long and random-looking. In alternative, graphical passwords are easier to remember, because of their visual aspect. This work proposes a recognition and recall based graphical authentication methods that can be used in the challenge phase of user authentication. A security analysis is made to check the correctness of the proposed solution and how it minimizes the vulnerabilities of the authentication process. These analyses will enable us to implement these challenges in future work as an extension to authentication, authorization and accounting services, supporting a multi-factor authentication and combining these challenges with others already available. The idea is to extend an authentication method on Apache Shiro to provide developers with a common framework to develop secure web application with strong authentication, authorization and accounting.
publishDate 2017
dc.date.none.fl_str_mv 2017
2017-01-01T00:00:00Z
2022-08-02T15:33:47Z
dc.type.driver.fl_str_mv conference object
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10198/25801
url http://hdl.handle.net/10198/25801
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv Badikyan, Hasmik; Pedrosa, Tiago; Lopes, Rui Pedro (2017). Multi-factor graphical user authentication for web applications. In V Encontro de Jovens Investigadores do Instituto Politécnico de Bragança, Bragança.
978-972-745-235-4
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.publisher.none.fl_str_mv Instituto Politécnico de Bragança
publisher.none.fl_str_mv Instituto Politécnico de Bragança
dc.source.none.fl_str_mv reponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron:RCAAP
instname_str FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron_str RCAAP
institution RCAAP
reponame_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
collection Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository.name.fl_str_mv Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
repository.mail.fl_str_mv info@rcaap.pt
_version_ 1833592191384027136

Registros relacionados