Multi-Factor graphical user authentication for web applications
| Main Author: | |
|---|---|
| Publication Date: | 2017 |
| Format: | Master thesis |
| Language: | eng |
| Source: | Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) |
| Download full: | http://hdl.handle.net/10198/14658 |
Summary: | Nowadays everybody uses web applications and need to protect their accounts with strong authentication methods. Following this need, this work research problems and solutions related with the authentication, specially concerning textual and graphical passwords. The common problem among the users is the difficulty remembering a textual password that is long and random-looking. Because of the visual aspect, graphical passwords are more easy to remember. This work proposes a recognition and recall based graphical authentication methods that can be used as a challenge to authenticate users. A security analysis is made to check the correctness of the proposed solution and how it minimizes the vulnerabilities of the authentication process. These analysis will enable us to implement these challenges in future work as an extension to authentication, authorization and accounting services, supporting a multi-factor authentication and combining theses challenges with others already available. The idea is to extend an authentication method on Apache Shiro to provide developers with a common framework to develop secure web application with strong authentication, authorization and accounting. |
| id |
RCAP_fb91e8a29463aa7fd74fde417c6e445f |
|---|---|
| oai_identifier_str |
oai:bibliotecadigital.ipb.pt:10198/14658 |
| network_acronym_str |
RCAP |
| network_name_str |
Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) |
| repository_id_str |
https://opendoar.ac.uk/repository/7160 |
| spelling |
Multi-Factor graphical user authentication for web applicationsAplicações WebDomínio/Área Científica::Engenharia e Tecnologia::Outras Engenharias e TecnologiasNowadays everybody uses web applications and need to protect their accounts with strong authentication methods. Following this need, this work research problems and solutions related with the authentication, specially concerning textual and graphical passwords. The common problem among the users is the difficulty remembering a textual password that is long and random-looking. Because of the visual aspect, graphical passwords are more easy to remember. This work proposes a recognition and recall based graphical authentication methods that can be used as a challenge to authenticate users. A security analysis is made to check the correctness of the proposed solution and how it minimizes the vulnerabilities of the authentication process. These analysis will enable us to implement these challenges in future work as an extension to authentication, authorization and accounting services, supporting a multi-factor authentication and combining theses challenges with others already available. The idea is to extend an authentication method on Apache Shiro to provide developers with a common framework to develop secure web application with strong authentication, authorization and accounting.Hoje em dia, as pessoas fazem uso de aplicações web e necessitam proteger as suas contas com métodos de autenticação forte. Considerando esta necessidade, este trabalho investiga os problemas e soluções de autenticação, especialmente relacionadas com palavras chave textuais e gráficas. Um problema comum dos utilizadores é a dificuldade de se lembrar de palavras chave textuais que sejam longas e pareçam criadas aleatoriamente. Devido ao aspeto visual, as palavras chave gráficas são mais fáceis de recordar. Este trabalho propõe métodos de autenticação gráfica baseados em reconhecimento e localização de pontos que podem ser utilizados como desafios de autenticação. É também efetuada uma análise de segurança aos métodos propostos por verificar a sua correção e que minimizam vulnerabilidades do processo de autenticação. Estes resultados permitirão, no futuro, implementar desafios de autenticação adicionais como uma extensão aos serviços de autenticação, autorização e contabilização, suportando autenticação multi-fator. A ideia será estender os métodos de autenticação do Apache Shiro para permitir os programadores desenvolverem, utilizando uma framework comum, aplicações web seguras com autenticação, autorização e contabilização.Lopes, Rui PedroPedrosa, TiagoBiblioteca Digital do IPBHasmik, Badikyan2017-11-27T17:05:48Z20172017-01-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10198/14658TID:201784734enginfo:eu-repo/semantics/openAccessreponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiainstacron:RCAAP2025-02-25T12:04:48Zoai:bibliotecadigital.ipb.pt:10198/14658Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireinfo@rcaap.ptopendoar:https://opendoar.ac.uk/repository/71602025-05-28T11:31:13.507552Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiafalse |
| dc.title.none.fl_str_mv |
Multi-Factor graphical user authentication for web applications |
| title |
Multi-Factor graphical user authentication for web applications |
| spellingShingle |
Multi-Factor graphical user authentication for web applications Hasmik, Badikyan Aplicações Web Domínio/Área Científica::Engenharia e Tecnologia::Outras Engenharias e Tecnologias |
| title_short |
Multi-Factor graphical user authentication for web applications |
| title_full |
Multi-Factor graphical user authentication for web applications |
| title_fullStr |
Multi-Factor graphical user authentication for web applications |
| title_full_unstemmed |
Multi-Factor graphical user authentication for web applications |
| title_sort |
Multi-Factor graphical user authentication for web applications |
| author |
Hasmik, Badikyan |
| author_facet |
Hasmik, Badikyan |
| author_role |
author |
| dc.contributor.none.fl_str_mv |
Lopes, Rui Pedro Pedrosa, Tiago Biblioteca Digital do IPB |
| dc.contributor.author.fl_str_mv |
Hasmik, Badikyan |
| dc.subject.por.fl_str_mv |
Aplicações Web Domínio/Área Científica::Engenharia e Tecnologia::Outras Engenharias e Tecnologias |
| topic |
Aplicações Web Domínio/Área Científica::Engenharia e Tecnologia::Outras Engenharias e Tecnologias |
| description |
Nowadays everybody uses web applications and need to protect their accounts with strong authentication methods. Following this need, this work research problems and solutions related with the authentication, specially concerning textual and graphical passwords. The common problem among the users is the difficulty remembering a textual password that is long and random-looking. Because of the visual aspect, graphical passwords are more easy to remember. This work proposes a recognition and recall based graphical authentication methods that can be used as a challenge to authenticate users. A security analysis is made to check the correctness of the proposed solution and how it minimizes the vulnerabilities of the authentication process. These analysis will enable us to implement these challenges in future work as an extension to authentication, authorization and accounting services, supporting a multi-factor authentication and combining theses challenges with others already available. The idea is to extend an authentication method on Apache Shiro to provide developers with a common framework to develop secure web application with strong authentication, authorization and accounting. |
| publishDate |
2017 |
| dc.date.none.fl_str_mv |
2017-11-27T17:05:48Z 2017 2017-01-01T00:00:00Z |
| dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
| dc.type.driver.fl_str_mv |
info:eu-repo/semantics/masterThesis |
| format |
masterThesis |
| status_str |
publishedVersion |
| dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/10198/14658 TID:201784734 |
| url |
http://hdl.handle.net/10198/14658 |
| identifier_str_mv |
TID:201784734 |
| dc.language.iso.fl_str_mv |
eng |
| language |
eng |
| dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
| eu_rights_str_mv |
openAccess |
| dc.format.none.fl_str_mv |
application/pdf |
| dc.source.none.fl_str_mv |
reponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia instacron:RCAAP |
| instname_str |
FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia |
| instacron_str |
RCAAP |
| institution |
RCAAP |
| reponame_str |
Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) |
| collection |
Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) |
| repository.name.fl_str_mv |
Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia |
| repository.mail.fl_str_mv |
info@rcaap.pt |
| _version_ |
1833591983330820096 |