No Arabic abstract
Humans possess a large amount of, and almost limitless, visual memory, that assists them to remember pictures far better than words. This phenomenon has recently motivated the computer security researchers in academia and industry to design and develop graphical user identification systems (GUISs). Cognometric GUISs are more memorable than drawmetric GUISs, but takes more time to authenticate. None of the previously proposed GUISs combines the advantages of both cognometric and drawmetric systems. A signature personify a person and a graphical signature is easier to recall than other drawings. This paper proposes a new graphical Signature-based User Identification System named SUIS. It is based on a 2D grid technology, that is used to draw, digitize and store the signature for user identification. SUIS is categorized as both a cognometric and drawmetric system. Unlike other systems that use 2D grid: We take one cell in a grid as one pixel in the drawing; for signature matching, the signature drawn has to follow the same grid cells as the signature stored, independent of the sequence; and that the system is not based on any machine learning model. Increasing the number of grid cells increases the password space, and decreasing the size of the grid cell increases the precision of the signature. These characteristics makes SUIS: (1) Rigorous enough to be a password system, but easy enough to be usable. (2) Independent of the language and device used to draw the signature. (3) Efficient and practical to be used for online authentication systems.
The major problem of user registration, mostly text base password, is well known. In the login user be inclined to select simple passwords which is frequently in mind that are straightforward for attackers to guess, difficult machine created password mostly complicated to user take in mind. User authenticate password using cued click points and Persuasive Cued Click Points graphical password scheme which includes usability and security evaluations. This paper includes the persuasion to secure user authentication & graphical password using cued click-points so that users select more random or more difficult to guess the passwords. In click-based graphical passwords, image or video frame that provide database to load the image, and then store all information into database. Mainly passwords are composed of strings which have letters as well as digits. Example is alpha-numeric type letters and digits.
This paper proposes a new signature scheme based on two hard problems : the cube root extraction modulo a composite moduli (which is equivalent to the factorisation of the moduli, IFP) and the discrete logarithm problem(DLP). By combining these two cryptographic assumptions, we introduce an efficient and strongly secure signature scheme. We show that if an adversary can break the new scheme with an algorithm $mathcal{A},$ then $mathcal{A}$ can be used to sove both the DLP and the IFP. The key generation is a simple operation based on the discrete logarithm modulo a composite moduli. The signature phase is based both on the cube root computation and the DLP. These operations are computationally efficient.
With the increasing usage of open-source software (OSS) components, vulnerabilities embedded within them are propagated to a huge number of underlying applications. In practice, the timely application of security patches in downstream software is challenging. The main reason is that such patches do not explicitly indicate their security impacts in the documentation, which would be difficult to recognize for software maintainers and users. However, attackers can still identify these secret security patches by analyzing the source code and generate corresponding exploits to compromise not only unpatch
Diagnostic data such as logs and memory dumps from production systems are often shared with development teams to do root cause analysis of system crashes. Invariably such diagnostic data contains sensitive information and sharing it can lead to data leaks. To handle this problem we present Knowledge and Learning-based Adaptable System for Sensitive InFormation Identification and Handling (KLASSIFI) which is an end to end system capable of identifying and redacting sensitive information present in diagnostic data. KLASSIFI is highly customizable, allowing it to be used for various different business use cases by simply changing the configuration. KLASSIFI ensures that the output file is useful by retaining the metadata which is used by various debugging tools. Various optimizations have been done to improve the performance of KLASSIFI. Empirical evaluation of KLASSIFI shows that it is able to process large files (128 GB) in 84 minutes and its performance scales linearly with varying factors. This points to practicability of KLASSIFI
We present an attack against a code-based signature scheme based on the Lyubashevsky protocol that was recently proposed by Song, Huang, Mu, Wu and Wang (SHMWW). The private key in the SHMWW scheme contains columns coming in part from an identity matrix and in part from a random matrix. The existence of two types of columns leads to a strong bias in the distribution of set bits in produced signatures. Our attack exploits such a bias to recover the private key from a bunch of collected signatures. We provide a theoretical analysis of the attack along with experimental evaluations, and we show that as few as 10 signatures are enough to be collected for successfully recovering the private key. As for previous attempts of adapting Lyubashevskys protocol to the case of code-based cryptography, the SHMWW scheme is thus proved unable to provide acceptable security. This confirms that devising secure code-based signature schemes with efficiency comparable to that of other post-quantum solutions (e.g., based on lattices) is still a challenging task.