Authors:
Marcia Gibson
;
Marc Conrad
and
Carsten Maple
Affiliation:
University of Bedfordshire, United Kingdom
Keyword(s):
User authentication, Password, Infinite alphabet, Formal model.
Related
Ontology
Subjects/Areas/Topics:
Access Control
;
Data Engineering
;
Databases and Data Security
;
Identification, Authentication and Non-Repudiation
;
Information and Systems Security
;
Internet Technology
;
Models
;
Paradigm Trends
;
Security in Distributed Systems
;
Software Engineering
;
Web Information Systems and Technologies
Abstract:
In the paper we propose a formal model for class of authentication systems termed, “Infinite Alphabet Password Systems” (IAPs). We define such systems as those that use a character set for the construction of the authentication token that is theoretically infinite, only bound by practical implementation restrictions. We find that the IAP architecture can feasibly be adapted for use in many real world situations, and may be implemented using a number of system architectures and cryptographic protocols. A security analysis is conducted on an implementation of the model that utilizes images for its underlying alphabet. As a result of the analysis we find that IAPs can offer security benefits over traditional alphanumeric password schemes. In particular some of the significant problems concerning phishing, pharming, replay, dictionary and offline brute force attacks are mitigated.