HUMAN-VERIFIABLE

AUTHENTICATION PROTOCOL
Presented by
Balasubramaniyam Ajanthan
K.Prathiba
S.Roshini
S.Shiv Sharan
Guided by
Ms K.Kalai Selvi
08/21/15

OBJECTIVES:
To develop

web based security analysis of

one Time password authentication
schemes using mobile application.
Also to enhance protocol based
verification and authentication for two
different mediums.

08/21/15

PROBLEM DEFINITION
Text

password is the most popular form of

user authentication on websites
However, users passwords are prone to be
stolen and compromised under different
threats and vulnerabilities.
Firstly, users often select weak
passwords and reuse the same passwords
across different websites
08/21/15

Routinely reusing passwords causes a

domino effect; when an adversary
compromises one password, the adversary
will exploit it to gain access to more
websites.
Second, typing passwords into untrusted
computers suffers password thief threat.
An adversary can launch several password
stealing attacks to snatch passwords, such as
phishing, key loggers and malware

08/21/15

ABSTRACT:
In

this project, we design a user

authentication protocol named OPASS which
leverages a users cellphone and short
message service to thwart password stealing
and password reuse attacks.
OPASS only requires each participating
website possesses a unique phone number,
and involves a telecommunication service
provider in registration and recovery phases.
08/21/15

Through

OPASS, users only need to

remember a long-term password for login
on all websites.
After evaluating the OPASS prototype,
we believe OPASS is efficient and
affordable compared with the
conventional web authentication
mechanisms.

08/21/15

Existing System:

Captcha

Based Login System

Text Password Based Login System
Cryptography based Login system
Image based Login System.
Biometric Based Login System

08/21/15

Disadvantages
Forget

the password so the user doesnt Login

any one Website and the user cant access any
information from that website.
Reusing passwords causes a domino effect,
when an adversary compromises one password,
the user will exploit it to gain access to more
websites
Hacker Applying Random-Key
Function/Method for Hacking the user password

08/21/15

Proposed System
The main Objective of OPASS is free users

from having to remember or type any passwords

into conventional computers for authentication.
Unlike generic user Authentication, OPASS
involves a new component, the cellphone, which
is used to generate one-time passwords and a
new communication channel, SMS, which is
used to transmit authentication

08/21/15

Advantages
Anti-malware
Phishing

Protection
Secure Registration and Recovery
Password Reuse Prevention and Weak Password
Avoidance

08/21/15

System Requirements
Hardware Requirements
Intel Pentium IV
256/512 MB RAM
1 GB Free disk space or
greater
1 GB on Boot Drive
1 Network Interface
Card (NIC)
Android Smart Phone

Software Requirements:
MS Windows XP
MS IE Browser 6.0/later
MS Dot Net Framework
2.0
MS Visual Studio.NET
2005
MS SQL Server 2005
Language :ASP.Net(C#)

08/21/15

MODULE
Web

registration
OTP (One Time Password)verification
Mobile registration
User login
Mobile login
Account maintanance

Conclusion

It

is more securable as compared to

the existing system.

More

complicated for the hacker to expliot

the passwords

08/21/15

08/21/15