...S3PAS:A Scalable Shoulder-Surfing Resistant Textual-Graphical Password Authentication Scheme Huanyu Zhao and Xiaolin Li Scalable Software Systems Laboratory Department of Computer Science Oklahoma State University, Stillwater, OK 74078, USA Email: {huanyu, xiaolin}@cs.okstate.edu Abstract The vulnerabilities of the textual password have been well known. Users tend to pick short passwords or passwords that are easy to remember, which makes the passwords vulnerable for attackers to break. Furthermore, textual password is vulnerable to shoulder-surfing, hiddencamera and spyware attacks. Graphical password schemes have been proposed as a possible alternative to text-based scheme. However, they are mostly vulnerable to shouldersurfing. In this paper, we propose a Scalable ShoulderSurfing Resistant Textual-Graphical Password Authentication Scheme (S3PAS). S3PAS seamlessly integrates both graphical and textual password schemes and provides nearly perfect resistant to shoulder-surfing, hidden-camera and spyware attacks. It can replace or coexist with conventional textual password systems without changing existing user password profiles. Moreover, it is immune to brute-force attacks through dynamic and volatile session passwords. S3PAS shows significant potential bridging the gap between conventional textual password and graphical password. Further enhancements of S3PAS scheme are proposed and briefly discussed. Theoretical analysis of the security level using S3PAS is also investigated. is...
Words: 4369 - Pages: 18
...running (discreetly): helo chetstriker turnonringer To retrieve the external IP Address of your phone, assuming connected: chetstriker getip To receive last 10 call logs(even if deleted): chetstriker getcalllogs To receive live SMS notifications on SMS and CALL transactions: chetstriker liveon To turn off live notifications: chetstriker liveoff To lock PDA: chetstriker lock To run a program (exec is the program name): chetstriker run exec To run a program (exec is the program name, arg is any arguments added): chetstriker run exec | arg To setup FTP account to retreive without SMS (make sure you add space | space in between): chetstriker setupftp url @ user @ pass To setup FTP account (use this if not using default port 21): chetstriker setupftp url @ user @ pass @ port To setup FTP account (use this if ftp not saving to default base path): chetstriker setupftp url @ user @ pass @ port @ ftp_path To receive any log by ftp, you can pre-seed any get command with ftp: example: chetstriker getcalllogs would become chetstriker ftpgetcalllogs To add call blocking: (communication either way with specified number will disconnect) chetstriker addblk 8005551212 To add call redirecting: (if phone dials a specific nuumber it will cancel and dial an alternate number instead) chetstriker addredir ifthisnumbercalls sendtothisnumber To remove call blocks: chetstriker delblks To remove call redirects:...
Words: 556 - Pages: 3
...Description A six foot fence secures the outer perimeter. Video surveillance is active on the north fence and inactive on the south. A manned guard station permits entrance into the outer perimeter from the west; an unmanned and unlocked gate permits entrance from the east. No Trespassing signs are posted at intervals upon the perimeter fence; Employees Only is posted on the gate. Visitors must obtain a pass at the guard station. The outer perimeter contains the parking lot and office building. The perimeter has two light posts that, when functioning, illuminate the entire parking lot. Currently, the light post on the south side is not functioning. The office building exterior has three outer doors and one window. The first door is marked with an Employees Only sign and requires a badge for access. The second door is the main entrance for visitors and is manned by a guard, who requires a visitor’s pass for admittance. The third door is an emergency exit only and is clearly marked. Any attempt to gain access through the first door without a badge, the second door without a pass, or the third door at all, results in alarm activation and guard response. The window is locked from within; any attempt to gain access through the window also activates the alarm and alerts the guard. The interior of the office building is segmented into two major areas. The first area is the employee workstation; only employees can access this area. Visitor and employees can access the second area...
Words: 674 - Pages: 3
...Description A six foot fence secures the outer perimeter. Video surveillance is active on the north fence and inactive on the south. A manned guard station permits entrance into the outer perimeter from the west; an unmanned and unlocked gate permits entrance from the east. No Trespassing signs are posted at intervals upon the perimeter fence; Employees only is posted on the gate. Visitors must obtain a pass at the guard station. The outer perimeter contains the parking lot and office building. The perimeter has two light posts that, when functioning, illuminate the entire parking lot. Currently, the light post on the south side is not functioning. The office building exterior has three outer doors and one window. The first door is marked with an Employees Only sign and requires a badge for access. The second door is the main entrance for visitors and is manned by a guard, who requires a visitor’s pass for admittance. The third door is an emergency exit only and is clearly marked. Any attempt to gain access through the first door without a badge, the second door without a pass, or the third door at all, results in alarm activation and guard response. The window is locked from within; any attempt to gain access through the window also activates the alarm and alerts the guard. The interior of the office building is segmented into two major areas. The first area is the employee workstation; only employees can access this area. Visitor and employees can access the second area...
Words: 666 - Pages: 3
...ABSTRACT This term paper discusses the security exposures of a server that occur due to a SQL injection flaw in a web application that communicate with a database. Over ten years have passed since a famous hacker coined the term “SQL injection” and it is still considered one of the major application threats. A lot has been said on this vulnerability, but not all of the aspects and implications have been uncovered, yet. This paper aim is to collate some of the existing knowledge, introduce new techniques and demonstrate how to get complete control over the database management system's underlying operating system, file system and internal network through SQL injection vulnerability in over-looked and theoretically not exploitable scenarios. This paper also discuss about the prevention from the SQL Injection, not only in ORACLE but also in PHP, C#, JAVA and other languages. INDEX ABSTRACT………………………………………………………………………………….....02 INTRODUCTION……………….…………………………….…….………………………….04 BLIND SQL INJECTION…………………………………….………………………………..05 SQL INJECTION OVERVIEW…………………………….………………………………....06 CATEGORIES OF SQL INJECTION ATTACKS…………………………………………..07 WHAT’S VULNERABLE…………………………………………………………..…………08 WHAT’S NOT VULNERABLE…………………………………………………….………….08 SQL INJECTION METHODS……………………………………….……………….……….09 SQL MANIPULATION………………………………………………………..……………….09 CODE INJECTION……………………………………………………….……………………10 FUNCTION CALL INJECTION……………………………………………………………….11 BUFFER OVERFLOWS………………………………………………………………………13 ...
Words: 3449 - Pages: 14
...1. What are other available Password Policy options that could be enforced to improve security? Enforce password history, Maximum password age, Minimum password age, Minimum password length, Password must meet complexity requirements, & Store passwords using reversible encryption. 2. Is using the option to ‘Store passwords using reversible encryption’ a good security practice? Why or why not? As it stores passwords without encrypting them, it is not good practice because they will be stored in plain text. 3. When should you enable the option to ‘Store passwords using reversible encryption’? Only when using a program that requires it. 4. Why should you use the different password policy options available (with exception to storing the password using reversible encryption)? Enforce password history - Prevents users from creating a new password that is the same as their current password or a recently used password, Maximum password age - Sets the maximum number of days that a password is valid and after this number of days, the user will have to change the password Minimum password age - Sets the minimum number of days that must pass before a password can be changed Minimum password length - Specifies the fewest number of characters a password can have Password must meet complexity requirements - Requires that passwords: be at least six characters long/contain a combination of at least three of the following characters: uppercase letters, lowercase...
Words: 676 - Pages: 3
...computer system. 1a. Protection: To avoid unwanted emails, a spam filter is the best solution it detects unwanted emails and stops the spam from going into the user’s inbox. Never reply to spam and delete spam without opening it. 2. Wireless Systems: MAC association: A Media Access Control address is a physical address associated with the Network adapter that is used to facilitate communications. On the second OSI layer which is the Data link layer, it is important that the Network Adapter communicates with another Network adapter, they communicate with each other by swapping MAC addresses. A MAC address is a 48 bit binary number which is a sequence of 12 hexadecimal digits eg. "a2:34:4b:66:4c:01"...
Words: 535 - Pages: 3
...that the security on your employer’s servers and firewalls can catch everything. There are several things that employees can look out for everyday to help prevent their individual computer being attacked and their data being made vulnerable. Internet, e-mail, passwords and sharing data probably rank as the top 4 ways employees allow their information to become exposed. Let us begin by exploring how you can help keep your data safe, while still getting your job done if you require internet access. Basic advice of internet security 101 would be to not download anything that you do not know the source. Pop ups for advertisements are a main source for opening websites or downloading information that has a virus. When viewing websites or downloading information from various websites, look for the SSL symbol. SSL stands for Secure Sockets Layer and the symbol is a little pad lock in the bottom right hand corner of your internet browser. “SSL is the transaction security protocol used by websites to protect online communications. The most common use of SSL is to provide protection for confidential data, such as personal details or credit card information, entered into a website” (“How SSL Certificates Work”, 2011). Without e-mail most businesses would be unable to communicate with employees, customers and vendors. E-mail has become second nature to most people, yet some are still unaware at how viruses and hackers can use their e-mail or others to send phishing e-mails to make...
Words: 784 - Pages: 4
...CHAPTER 5 – ARRAYS CASE STUDY SCENARIO Sorting Data A dozen umbrellas lie on the ground just inside the classroom door when Dr. Taylor begins his lecture. “A cold, rainy day like today makes me want to stay in and order pizza for delivery rather than go out myself.” Handing a phone book to a student in the front row, Dr. Taylor says “Gail, please look up the phone number for Domino’s Pizza on Main Street, and if you don’t mind, I will time how long it takes you to find the number.” Gail flips through a few pages while Dr. Taylor looks at his watch. “Here it is . . . 555-8275,” she says. “Seven seconds. Thank you Gail.” Dr. Taylor presses some keys on his cell phone while continuing his conversation. “Now please look up the name of the person with the phone number 555-5982, and again I will time you.” Dr. Taylor’s focus returns to his watch even as he speaks into the phone. Gail slowly flips a couple of pages, then stops just about the same time Dr. Taylor ends his call. “I assure you the number is in there, Gail. We will wait while you look it up.” “You will probably wait a long time,” she says, “because there is no fast way to find a number.” “Why not? It’s the same data.” “But the phone book is sorted by names, so finding a name is easy. Finding a number is very difficult because a phone book is not sorted by numbers.” Dr. Taylor takes the phone book from Gail. “Exactly! The sorting process does not change the data, but it organizes the data in a context...
Words: 5653 - Pages: 23
...1. Introduction The company is a greeting card manufacturers and exporter. The office is unit 6, 7 and 10 on the 17th floor in Fortress Tower Center. There are around 12clerical staffs, 10sales representatives and 5 managers. The company has some issues for their existing systems. One is that staffs are using USB flash drive to store sensitive documents for work at home and it is easy to lose. Second is to reduce the number of business trips. Third is to reduce communication expense. Fourth is that some clients cannot send and receive large drawing. Fifth is that all engineering drawings and proposals are important assists should be retaining from disaster. Sixth is to found a way to minimize the effort and loan procedures. Seventh is that full wireless network coverage is required in all office areas. 2. Solutions to the addressed issues 2.1. Save documents 2.1.1. Dropbox Dropbox is a free service that lets you bring all your photos, documents, and videos anywhere. Any file you save to your Dropbox will also automatically save to all your computers, phones, and even the Dropbox website. This means that you can start working on your computer at school or the office, and finish on your home computer. Never email yourself a file again!(1) 2.1.2. Drop Box (for business) The space is 1,000 GB when you start to use it. If you run out, tell them and they will increase it for free. It support WORD、EXCEL、POWER POINT、PDF etc. The files are stored using 256-bit AES(Advanced...
Words: 2947 - Pages: 12
...applications that allows hacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database. In essence, SQL Injection arises because the fields available for user input allow SQL statements to pass through and query the database directly. SQL Injection is the hacking technique which attempts to pass SQL commands (statements) through a web application for execution by the backend database. If not sanitized properly, web applications may result in SQL Injection attacks that allow hackers to view information from the database and/or even wipe it out. Oracle database privileges are of two types, system privileges and object privileges. The system privileges grant users power to perform the specified actions system-wide, whereas the object privileges let users perform particular actions on specified database objects. Microsoft SQL Server allows individual users to create private objects in the database. The system records the owner of every user object. Users can access objects only if the owner of the object has granted them access. Administrators can define a custom password-verification function that checks the user password against company specific rules. In addition to pass SQL Server relies on encryption support that is built into the Windows operating system. It can automatically encrypt data and other network traffic as it travels between the client and server systems on a network. Relational databases have...
Words: 495 - Pages: 2
...appropriate authentication mechanism whereby the criticality of the information being protected are being used as justification for having a more refined authentication mechanism as compared to a more simple approach. Without the appropriate authentication mechanism in place, attacker could easily gain access to systems or applications by utilizing personal information, gained through various means, including but not limited to social engineering. Conventional textual passwords are the most common mechanism used in authentication. This method requires a user to enter their username and password, either in alphabet or numeric, or more commonly, a mixture of both forms as authentication tokens to gain access to systems or applications. Two recent surveys have shown that users choose short, simple passwords that are easily guessable, for example, “password”, personal names of family members, names of pets, and dictionary words (Sasse et al. 2001; Brown et al. 2004). Ironically, these practices are one of many loopholes that can be compromised easily. Therefore, it is essential that the application of this mechanism involve having appropriate complexity rules, such that the probability of password been cracked is less likely. Without the appropriate complexity, passwords can be easily...
Words: 17307 - Pages: 70
...Unit 9: Basic Linux Administration Objectives 9: Administer and maintain a Linux system. 9.1: Create users and groups by using the CLI and GUI tools. 9.2: Back up a Linux system by using the tar utility. 9.3: Maintain effective logs by using the log rotate utility. Readings A Practical Guide to Fedora and Red Hat Enterprise Linux Chapter 11, pp. 407-425 * Chapter 16 In-Class Assessment * Week 9 Quiz: Homework The following homework is designed to cover the course objectives for this unit. Assignment 9.1: Complete the following exercise in your textbook: * Chapter 16: Question 1-5 on page 643 Submit your written answer to your instructor at the start of Unit 10. Labs Instructor Notes: Assign students the following lab which can be printed from Appendix D. Lab 9.1: Using tar to Back Up Files What is the purpose? This lab exercise lets you perform basic file backup on your Linux system. What are the steps? Task 1: Backing up with tar Procedure 1. Open a terminal window as a regular user. 2. Create a directory named backup in your home directory. 3. Copy some files from your home directory into your new directory. 4. Create a backup of your new directory by using tar and compress the file with bzip2. Make sure that the backup file is not placed in the directory you are backing up. You will need to: a. Create permission. b. Choose verbose mode option. c. Choose the bzip2 file format. d. Specify...
Words: 1093 - Pages: 5
...SE571 Principles of Information Security and Privacy Course Project FTP- File Transfer Protocol 12/02/2011 Company Overview MedAssets provides technology solutions and consulting services to cover the full spectrum of providers’ revenue cycle needs from patient access to claims denials. In addition, MedAssets’ decision support suite integrates financial, clinical and administrative information, and then distributes that data enterprise wide for timely analysis and decision making to positively impact future performance. All of these solutions help ensure your facility gets paid fairly, in a timely manner, for services rendered; which could potentially improve your net patient revenue 1-3%. Revenue Capture Solutions/ Value proposition MedAssets’ revenue capture solutions help establish and sustain revenue integrity by identifying missed charges, improving clinical documentation and providing tools for case management, all working to transform the revenue cycle and yield increases in the bottom line. Whether working with a large integrated delivery network or a small rural hospital, as a knowledgeable strategic business partner, MedAssets can replace multiple vendors and build a customized, multi-year program, using technology and know-how to help your facility achieve your financial and operational goals. File Transfer Protocol The File Transfer Protocol (FTP) allows clients to access remote file servers, list remote directories, and move files to or from...
Words: 738 - Pages: 3
...As the Information Technology Manager my day to day duties are to provide and support the First Bank system and network. By actively communicating with the IT team and management, we will be able to identify priorities, establish policy and procedures and ensuring the network is kept up to date. The ultimate goal is to make sure the business can function day to day internally and also be accessed by the various customers the business serves. Deliverable 1. The hacker had left a text of letters. An obvious encrypted text; due to our knowledge in the Security Technology area we were able to break the intruder’s encrypted message with a double transposition. I | A | U | T | M | O | C | S | M | N | I | M | R | E | B | O | T | N | E | L | S | T | R | H | E | R | E | O | A | E | V | M | W | I | H | T | S | E | E | A | T | M | A | E | O | H | W | H | S | Y | C | E | E | L | T | T | E | O | H | M | U | O | U | F | E | H | T | R | F | T | By using a matrix of 7 rows and 10 columns, we identified that the key word was “there”. This established the ground work for what we now had to do to identify all the evidence involved in this case. We ran into doing some extra work due to the fact that the letter “E” needed to match up with the specific row and column to ensure the rest of the message would be coherent. | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 1 | T | H | E | R | E | A | R | E | S | O | 2 | M | E | W | H | O | S | A | Y | T | H | 3 | A | T | C | O | M | M |...
Words: 2370 - Pages: 10
