Design and implementation of Negative Authentication System

• dc.contributor.author: Dasgupta, Dipankar
• dc.contributor.author: Ferebee, Denise
• dc.contributor.author: Roy, Arunava
• dc.contributor.author: Madero, Alvaro
• dc.contributor.author: Sanchez, Abel
• dc.contributor.author: Nag, Abhijit Kumar
• dc.contributor.author: Saha, Sanjib Kumar
• dc.contributor.author: Subedi, Kul Prasad
• dc.contributor.author: Williams, John R
• dc.date.issued: 2017-11
• dc.identifier.issn: 1615-5262
• dc.identifier.issn: 1615-5270
• dc.identifier.uri: http://hdl.handle.net/1721.1/121000
• dc.description.abstract: Modern society is mostly dependent on online activities like official or social communications, fund transfers and so on. Unauthorized system access is one of the utmost concerns than ever before in cyber systems. For any cyber system, robust authentication is an absolute necessity for ensuring security and reliable access to all type of transactions. However, more than 80% of the current authentication systems are password based, and surprisingly, they are prone to direct and indirect cracking via guessing or side channel attacks. The inspiration of Negative Authentication System (NAS) is based on the negative selection algorithm. In NAS, the password-based authentication data for valid users are termed as password profile or self-region (positive profile); any element other than the self-region is defined as non-self-region in the same representative space. The anti-password detectors are generated which covers most of the non-self-region. There are also some uncovered regions left in the non-self-region for inducing uncertainty to the attackers. In this work, we describe the design and implementation of three approaches of NAS and its efficacy over the other authentication methods. These three approaches represent three different ways to achieve obfuscation of password points with non-password space. The experiments are conducted with both real and simulated password profiles to justify the efficiency of different implementations of NAS. Keywords: Cyber-security, Levels of abstraction, Security event, Passwords, Authentication, Negative Authentication, Hashing, Salting
• dc.publisher: Springer Berlin Heidelberg
• dc.relation.isversionof: https://doi.org/10.1007/s10207-017-0395-8
• dc.source: Springer Berlin Heidelberg
• dc.type: Article
• dc.identifier.citation: Dasgupta, Dipankar, Abhijit Kumar Nag, Denise Ferebee, Sanjib Kumar Saha, Kul Prasad Subedi, Arunava Roy, Alvaro Madero, Abel Sanchez, and John R. Williams. “Design and Implementation of Negative Authentication System.” International Journal of Information Security 18, no. 1 (November 21, 2017): 23–48.
• dc.contributor.department: Massachusetts Institute of Technology. Department of Civil and Environmental Engineering
• dc.contributor.department: Massachusetts Institute of Technology. Institute for Data, Systems, and Society
• dc.contributor.mitauthor: Sanchez, Abel
• dc.contributor.mitauthor: Madero, Alvaro
• dc.contributor.mitauthor: Williams, John R
• dc.relation.journal: International Journal of Information Security
• dc.eprint.version: Author's final manuscript
• dc.language.rfc3066: en
• dc.identifier.orcid: https://orcid.org/0000-0002-3826-2204