Design and implementation of Negative Authentication System
Author(s)
Dasgupta, Dipankar; Ferebee, Denise; Roy, Arunava; Madero, Alvaro; Sanchez, Abel; Nag, Abhijit Kumar; Saha, Sanjib Kumar; Subedi, Kul Prasad; Williams, John R; ... Show more Show less
Download10207_2017_395_ReferencePDF.pdf (1.495Mb)
OPEN_ACCESS_POLICY
Open Access Policy
Creative Commons Attribution-Noncommercial-Share Alike
Terms of use
Metadata
Show full item recordAbstract
Modern society is mostly dependent on online activities like official or social communications, fund transfers and so on. Unauthorized system access is one of the utmost concerns than ever before in cyber systems. For any cyber system, robust authentication is an absolute necessity for ensuring security and reliable access to all type of transactions. However, more than 80% of the current authentication systems are password based, and surprisingly, they are prone to direct and indirect cracking via guessing or side channel attacks. The inspiration of Negative Authentication System (NAS) is based on the negative selection algorithm. In NAS, the password-based authentication data for valid users are termed as password profile or self-region (positive profile); any element other than the self-region is defined as non-self-region in the same representative space. The anti-password detectors are generated which covers most of the non-self-region. There are also some uncovered regions left in the non-self-region for inducing uncertainty to the attackers. In this work, we describe the design and implementation of three approaches of NAS and its efficacy over the other authentication methods. These three approaches represent three different ways to achieve obfuscation of password points with non-password space. The experiments are conducted with both real and simulated password profiles to justify the efficiency of different implementations of NAS. Keywords: Cyber-security, Levels of abstraction, Security event, Passwords, Authentication, Negative Authentication, Hashing, Salting
Date issued
2017-11Department
Massachusetts Institute of Technology. Department of Civil and Environmental Engineering; Massachusetts Institute of Technology. Institute for Data, Systems, and SocietyJournal
International Journal of Information Security
Publisher
Springer Berlin Heidelberg
Citation
Dasgupta, Dipankar, Abhijit Kumar Nag, Denise Ferebee, Sanjib Kumar Saha, Kul Prasad Subedi, Arunava Roy, Alvaro Madero, Abel Sanchez, and John R. Williams. “Design and Implementation of Negative Authentication System.” International Journal of Information Security 18, no. 1 (November 21, 2017): 23–48.
Version: Author's final manuscript
ISSN
1615-5262
1615-5270