Based Authentication Problem
Reliable user authentication is becoming an increasingly important task in
the Web-enabled world. The consequences of an insecure authentication system in
a corporate or enterprise environment can be catastrophic, and may include loss
of confidential information, denial of service, and compromised data integrity.
The value of reliable user authentication is not limited to just computer or network
access. Many other applications in everyday life also require user authentication,
such as banking, e- commerce, and physical access control to computer resources,
and could benefit from enhanced security.
prevailing techniques of user authentication, which involve the use of either
passwords and user IDs (identifiers), or identification cards and PINs (personal
identification numbers), suffer from several limitations. Passwords and PINs can
be illicitly acquired by direct covert observation. Once an intruder acquires
the user ID and the password, the intruder has total access to the user's resources.
In addition, there is no way to positively link the usage of the system or service
to the actual user, that is, there isno protection against repudiation by the
user ID owner. For example, when a user ID and password is shared with a colleague
there is no way for the system to know who the actual user is. A similar situation
arises when a transaction involving a credit card number is conducted on the Web.
Even though the data are sent over the Web using secure encryption methods, current
systems are not capable of assuring that the rightful owner of the credit card
initiated the transaction.
the modern distributed systems environment, the traditional authentication policy
based on a simple combination of user ID and password has become inadequate. Fortunately,
automated biometrics in general, and fingerprint technology in particular, can
provide a much more accurate and reliable user authentication method. Biometrics
is a rapidly advancing field that is concerned with identifying a person based
on his or her physiological or behavioral characteristics. Examples of automated
biometrics include fingerprint, face, iris, and speech recognition. User authentication
methods can be broadly classified into three categories as shown in Table 1.1.
Because a biometric property is an intrinsic property of
an individual, it is difficult to surreptitiously duplicate and nearly impossible
to share. Additionally, a biometric property of an individual can be lost only
in case of serious accident.
readings, which range from several hundred bytes to over a megabyte, have the
advantage that their information content is usually higher than that of a password
or a pass phrase. Simply extending the length of passwords to get equivalent bit
strength presents significant usability problems. It is nearly impossible to remember
a 2K phrase, and it would take an annoyingly long time to type such a phrase (especially
without errors). Fortunately, automated biometrics can provide the security advantages
of long passwords while retaining the speed and characteristic simplicity of short
Even though automated
biometrics can help alleviate the problems associated with the existing methods
of user authentication, hackers will still find there are weak points in the system,
vulnerable to attack. Password systems are prone to brute force dictionary attacks.
Biometric systems, on the other hand, require substantially more effort for mounting
such an attack. Yet there are several new types of attacks possible in the biometrics
domain. This may not apply if biometrics is used as a supervised authentication
tool. But in remote, unattended applications, such as Web-based e-commerce applications,
hackers may have the opportunity and enough time to make several attempts, or
even physically violate the integrity of a remote client, before detection.
A problem with biometric authentication systems arises when the data associated
with a biometric feature has been compromised. For authentication systems based
on physical tokens such as keys and badges, a compromised token can be easily
canceled and the user can be assigned a new token. Similarly, user IDs and passwords
can be changed as often as required. Yet, the user only has a limited number of
biometric features (one face, ten fingers, two eyes). If the biometric data are
compromised, the user may quickly run out of biometri features to be used for
You may also like this : 4G Broadband seminar report, Finger Tracking In Real Time Human Computer Interaction, Eye Movement-Based Human Computer Interaction Techniques, Ethical Hacking, E-Cash Payment System PPT, Cyborgs, Brain Fingerprinting Biometrics in SECURE e-transaction, X- Internet, Surface Computer, Secure ATM by Image Processing, Mobile Ad-Hoc Networks Extensions to Zone Routing Protocol, Wibree PDF , Telepresence, System in Package, Smart Memories, Slammer Worm, Sensitive Skin, Pixie Dust, Linux Kernel 2.6, Lamp Technology, Humanoid Robot, HTAM, Haptic Technology, Elastic Cluster, Digital Scent Technology, Distributed Interactive Virtual Environment, Dynamic TCP Connection Elapsing, CAPTCHA, Virtual Retinal Display, Wireless LAN Security, Chameleon Chip, Haptics, Intelligent RAM, iSCSI, Linux Kernel 2.6, 3D Searching, Biological Computers, Rain Technology, Real Time Application Interface, GPS, HALO , BitTorrent, Compositional Adaptation, Rover Technology,Computer Seminars