An Identity Based Secure Pattern Authentication System
GVS Raj Kumar1, Bh Padma2, K Naveen Kumar3
1Dr G.V.S Raj Kumar, Associate Professor in the Department of Information Technology, GITAM Institute of Technology, GITAM (Deemed to be University) Visakhapatnam.
2Smt Bh Padma, Assistant Professor in the Department of Computer Sciences, GVPPG, Visakhapatnam-45.
3Dr K Naveen Kumar, Assistant Professor in the department of Information Technology, GIT, GITAM University, Visakhapatnam.
Manuscript received on 09 April 2019 | Revised Manuscript received on 14 May 2019 | Manuscript published on 30 May 2019 | PP: 1652-1661 | Volume-8 Issue-1, May 2019 | Retrieval Number: F2334037619/19©BEIESP
Open Access | Ethics and Policies | Cite | Mendeley | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: Mobile security is critical today as the usage of mobile devices has been increasing and consequently mobile security becomes more crucial. People are frequently using mobile devices for secure storage of their sensitive data like social security numbers, credit card numbers etc. If these devices are not handled securely, anyone can access the devices by hacking authentication passwords. Pattern locking systems are commonly exercised for validating a user for mobile access. But these systems are not safe, and are subjected to pre-computation attacks like dictionaries, rainbow tables and brute-force attacks. Android Kit Kat and Lollipop pattern authentication systems are vulnerable to pre-computations since they use SHA-1 unsalted hashes. The latest versions of Android like Marshmallow utilize SCRYPT hashes and salts for authenticating the users; they need additional hardware support like Trusted Execution Environment (TEE) and Gatekeeper functionality. Therefore this research presents an alternative representation for mobile patterns using elliptic curves, and proposes three algorithms based on this ideology to make the pattern passwords strong against these attacks without using additional hardware. Security analysis regarding SAC (Strict Avalanche Criterion) and brute-force search space is also presented in this paper. Executions times are analyzed after the implementation of the three proposed methods.
Index Terms: Brute-Forcing, Dictionaries, Mobile Security, Elliptic Curves, Pattern Locking, Rainbow Tables, SAC.
Scope of the Article: Authentication, Authorization, Accounting