Main Article Content

Abstract

Web services present most commonly rely on passwords to authenticate users. Unfortunately, two serious issues in this paradigm are: users will inevitably forget their passwords, and their passwords could be compromised and changed by attackers, which result in the failures to access their own accounts. Therefore, web services often provide users with backup authentication mechanisms to help users regain access to their accounts. Unfortunately, current widely used backup authentication mechanisms such as security questions and alternate email addresses are insecure or unreliable or both. Recently, authenticating users with the help of their friends (i.e., trustee-based social authentication) has been shown to be a promising backup authentication mechanism. A user in this system is associated with a few trustees that were selected from the user’s friends. When the user wants to regain access to the account, the service provider sends different verification codes to the user’s trustees. The user must obtain at least k (i.e., recovery threshold) verification codes from the trustees before being directed to reset his or her password. This project provides the first systematic study about the security of trustee-based social authentications. This project introduces a novel framework of attacks, which is called as forest fire attacks. In these attacks, an attacker initially obtains a small number of compromised users, and then the attacker iteratively attacks the rest of users by exploiting trustee-based social authentications. Then, a probabilistic model is constructed to formalize the threats of forest fire attacks and their costs for attackers. Finally, the framework is applied to extensively evaluate various concrete attack and defense strategies using three real-world social network datasets. The application used for simulation is designed using Microsoft Visual Studio .Net 2005 as front end. The coding language used is C#.Net. MS-SQL Server 2000 is used as back end database.

Article Details

How to Cite
R. NavinKumar, & C. Seenivasan. (2018). Trustee-Base Social Authentication Process using Alert System . International Journal of Intellectual Advancements and Research in Engineering Computations, 6(2), 1577–1580. Retrieved from https://ijiarec.com/ijiarec/article/view/699