尊敬的 微信汇率:1円 ≈ 0.046166 元 支付宝汇率:1円 ≈ 0.046257元 [退出登录]
SlideShare a Scribd company logo

Denial of password guessing attack using turing test

Download as PPTX, PDF
Vikram Verma
Vikram Verma

This document outlines a proposed system to defend against automated password guessing attacks using Turing tests. It begins with an objective to implement a system using Turing tests to prevent password guessing. It then reviews existing techniques, including Pinkas and Sander's original approach, a modified version, and Van Oorschot and Stubblebine's approach. The proposed system aims to identify trusted systems based on IP address and MAC address rather than cookies. It would allow unlimited attempts for legitimate users and impose Turing tests after 3 attempts for untrusted systems. Diagrams depict the system modules, use cases, and activities. Advantages include preventing cookie theft attacks while not affecting legitimate users. Future work could focus on preventing keyloggers and remote

Education
1 of 19
Denial of Password Guessing Attack using Turing Test Under the Supervision of By Shilpi Sharma Vikram Verma (Assistant Professor) Mtech CS&E (A2300912017)
Outline of presentation •OBJECTIVE •REVIEW OF EXISTING TECHNIQUES • PROPOSED SYSTEM •Algorithm •SYSTEM MODULES •SYSTEM UML DIAGRAMS •ADVANTAGES OF PROPOSED SYSTEM •FUTURE SCOPE
Objective: Implement a system to deface automated password guessing attacks using Turing tests
Existing Techniques • Pinkas and Sander’s ATT approach • Modified Pinkas and Sander’s ATT approach • Van Oorschot and Stubblebine’s ATT approach
Pinkas and Sander’s ATT approach • Introduced login protocol which uses Turing Test as the main basis to authenticate user. • This approach made answering of Turing Test as first step after the user id is provided. • This causes even legitimate users to answer Turing Test unnecessarily.
Modified Pinkas and Sander’s ATT approach • Introduced reduction in ATT attempt for legitimate users. • Web browser cookies were used to identify previous successful login. • The risk of cookie steeling attack persists. • Stolen cookies can be used by hackers to act as legitimate user and perform password guessing attacks.
Van Oorschot and Stubblebine’s ATT approach • This restricts cookie theft by automatic deletion of cookies. • This approach is based on checking number of login attempts. • Once the login attempt exceeds threshold value then even the legitimate user needs to go through Turing Test to make successful login. • The biggest dis-advantage: Once a legitimate user’s account exceeds threshold of unsuccessful login attempts then the user needs to go through Turing Test for login on every login after that.
Proposed System • The proposed system works on ATT based on System on the whole rather than cookies to identify the legitimate user’s system. • The system IP and MAC are used to verify trusted system. • Unlimited login attempts are provided to legitimate user by verifying his registered system. • Limits the use of untrusted system to 3 attempts and imposes Turing Test for logging in.
Algorithm Algorithm for base application • Create login form for validation of user. • Using socket programming credentials needs to be passed to the server. Algorithm for verifying system • Using java.net package we extract information about the system MAC and IP address. • Using MD5 encryption we encrypt and transfer login credentials and system details to server. • The server would then identify untrusted system based on its values from database and then generate truring test which then needs to be verified by again using MD5 encryption.
Proposed System Modules • Login Module: – It performs verification of user id and password using MD5 encryption. • Verify Module: – It checks for the system IP and MAC address to identify if system is registered or not. – It is invoked in both successful and unsuccessful login attempt.
• Add System – This module works for adding new system when a successful login is made from an unregistered system. • Turing Test – This is where the Turing Test is conducted. – It is invoked when unsuccessful login attempt from unregistered system exceeds 3 attempts.
Use Case Diagram
Activity Diagram
Advantages of proposed system • Cookie steeling attack gets defaced • Use of IP address in registering system helps users to use a number of devices accessing authentication system using a common access point. • It doesn’t effect legitimate user in case hacker tries to hack his account.
Screen Shots Login Screen Registration Screen
Unsuccessful login Unsuccessful Turing Test
Successful Turing Test
Future scope • This system would fail if the password is stolen using online keylogers or Remote administration Trojans • Thus an approach to prevent Keyloggers and Trojans from creating logs for leaking password information must be developed.
Thank you!! 

Recommended

Time based Security Filter in Mule
Time based Security Filter in MuleTime based Security Filter in Mule
Time based Security Filter in Mule
Sunil Kumar
 
12.registration form
12.registration form12.registration form
12.registration form
Pramod Rathore
 
Ethical hacking (sql injection and butter overflow)
Ethical hacking (sql injection and butter overflow)Ethical hacking (sql injection and butter overflow)
Ethical hacking (sql injection and butter overflow)
R Islam
 
Query Management system-Iv review
Query Management system-Iv reviewQuery Management system-Iv review
Query Management system-Iv review
logeshprabu
 
Unit v
Unit vUnit v
Unit v
Suvithak
 
Solution about automating end to end server test
Solution about automating end to end server testSolution about automating end to end server test
Solution about automating end to end server test
Yu Tao Zhang
 
Evaluating the vulnerability of network traffic using joint security and rout...
Evaluating the vulnerability of network traffic using joint security and rout...Evaluating the vulnerability of network traffic using joint security and rout...
Evaluating the vulnerability of network traffic using joint security and rout...
Mumbai Academisc
 
2 (data security in local network using)
2 (data security in local network using)2 (data security in local network using)
2 (data security in local network using)
JIEMS Akkalkuwa
 

Recommended

Time based Security Filter in Mule
Time based Security Filter in MuleTime based Security Filter in Mule
Time based Security Filter in Mule
Sunil Kumar
 
12.registration form
12.registration form12.registration form
12.registration form
Pramod Rathore
 
Ethical hacking (sql injection and butter overflow)
Ethical hacking (sql injection and butter overflow)Ethical hacking (sql injection and butter overflow)
Ethical hacking (sql injection and butter overflow)
R Islam
 
Query Management system-Iv review
Query Management system-Iv reviewQuery Management system-Iv review
Query Management system-Iv review
logeshprabu
 
Unit v
Unit vUnit v
Unit v
Suvithak
 
Solution about automating end to end server test
Solution about automating end to end server testSolution about automating end to end server test
Solution about automating end to end server test
Yu Tao Zhang
 
Evaluating the vulnerability of network traffic using joint security and rout...
Evaluating the vulnerability of network traffic using joint security and rout...Evaluating the vulnerability of network traffic using joint security and rout...
Evaluating the vulnerability of network traffic using joint security and rout...
Mumbai Academisc
 
2 (data security in local network using)
2 (data security in local network using)2 (data security in local network using)
2 (data security in local network using)
JIEMS Akkalkuwa
 
Discovery and verification Documentation
Discovery and verification DocumentationDiscovery and verification Documentation
Discovery and verification Documentation
Sambit Dutta
 
Graphical password authentication system with association of sound
Graphical password authentication system with association of soundGraphical password authentication system with association of sound
Graphical password authentication system with association of sound
Vikram Verma
 
Graphical password authentication
Graphical password authenticationGraphical password authentication
Graphical password authentication
anilaja
 
Graphical password authentication
Graphical password authenticationGraphical password authentication
Graphical password authentication
shalini singh
 
Graphical password
Graphical passwordGraphical password
Graphical password
vitam,berhampur
 
graphical password authentication
graphical password authenticationgraphical password authentication
graphical password authentication
Akhil Kumar
 
Graphical password authentication
Graphical password authenticationGraphical password authentication
Graphical password authentication
Asim Kumar Pathak
 
Online Quiz System Project PPT
Online Quiz System Project PPTOnline Quiz System Project PPT
Online Quiz System Project PPT
Shanthan Reddy
 
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Jowin John Chemban
 
Empirically Detecting False Test Alarms Using Association Rules @ ICSE 2015
Empirically Detecting False Test Alarms Using Association Rules @ ICSE 2015Empirically Detecting False Test Alarms Using Association Rules @ ICSE 2015
Empirically Detecting False Test Alarms Using Association Rules @ ICSE 2015
Kim Herzig
 
Security testing
Security testingSecurity testing
Security testing
Rihab Chebbah
 
Manual Testing Types Used in Software Testing
Manual Testing Types Used in Software TestingManual Testing Types Used in Software Testing
Manual Testing Types Used in Software Testing
seojayeshts
 
BAIT1103 Chapter 7
BAIT1103 Chapter 7BAIT1103 Chapter 7
BAIT1103 Chapter 7
limsh
 
Promostat original
Promostat originalPromostat original
Promostat original
Chandra Budati
 
IT Revision and Auditing
IT Revision and AuditingIT Revision and Auditing
IT Revision and Auditing
Amith Reddy
 
SOFTWARE TESTING W4_watermark.pdf
SOFTWARE TESTING W4_watermark.pdfSOFTWARE TESTING W4_watermark.pdf
SOFTWARE TESTING W4_watermark.pdf
GayathriRHICETCSESTA
 
Owasp security testing methodlogies –part2
Owasp security testing methodlogies –part2Owasp security testing methodlogies –part2
Owasp security testing methodlogies –part2
robin_bene
 
Decentralized cloud firewall framework with resources provisioning cost optim...
Decentralized cloud firewall framework with resources provisioning cost optim...Decentralized cloud firewall framework with resources provisioning cost optim...
Decentralized cloud firewall framework with resources provisioning cost optim...
aish006
 
Unit 7 verification & validation
Unit 7 verification & validationUnit 7 verification & validation
Unit 7 verification & validation
raksharao
 
anonymous and efficient authentication scheme for privacy-preserving distribu...
anonymous and efficient authentication scheme for privacy-preserving distribu...anonymous and efficient authentication scheme for privacy-preserving distribu...
anonymous and efficient authentication scheme for privacy-preserving distribu...
SUBHAJIT GHOSH
 
Enumeration and system hacking
Enumeration and system hackingEnumeration and system hacking
Enumeration and system hacking
begmohsin
 
PROJECT.ppt (6).pptx
PROJECT.ppt (6).pptxPROJECT.ppt (6).pptx
PROJECT.ppt (6).pptx
PraveenaModinipally
 

More Related Content

Viewers also liked

Discovery and verification Documentation
Discovery and verification DocumentationDiscovery and verification Documentation
Discovery and verification Documentation
Sambit Dutta
 
Graphical password authentication system with association of sound
Graphical password authentication system with association of soundGraphical password authentication system with association of sound
Graphical password authentication system with association of sound
Vikram Verma
 
Graphical password authentication
Graphical password authenticationGraphical password authentication
Graphical password authentication
anilaja
 
Graphical password authentication
Graphical password authenticationGraphical password authentication
Graphical password authentication
shalini singh
 
Graphical password
Graphical passwordGraphical password
Graphical password
vitam,berhampur
 
graphical password authentication
graphical password authenticationgraphical password authentication
graphical password authentication
Akhil Kumar
 
Graphical password authentication
Graphical password authenticationGraphical password authentication
Graphical password authentication
Asim Kumar Pathak
 

Viewers also liked (7)

Discovery and verification Documentation
Discovery and verification DocumentationDiscovery and verification Documentation
Discovery and verification Documentation
 
Graphical password authentication system with association of sound
Graphical password authentication system with association of soundGraphical password authentication system with association of sound
Graphical password authentication system with association of sound
 
Graphical password authentication
Graphical password authenticationGraphical password authentication
Graphical password authentication
 
Graphical password authentication
Graphical password authenticationGraphical password authentication
Graphical password authentication
 
Graphical password
Graphical passwordGraphical password
Graphical password
 
graphical password authentication
graphical password authenticationgraphical password authentication
graphical password authentication
 
Graphical password authentication
Graphical password authenticationGraphical password authentication
Graphical password authentication
 

Similar to Denial of password guessing attack using turing test

Online Quiz System Project PPT
Online Quiz System Project PPTOnline Quiz System Project PPT
Online Quiz System Project PPT
Shanthan Reddy
 
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Jowin John Chemban
 
Empirically Detecting False Test Alarms Using Association Rules @ ICSE 2015
Empirically Detecting False Test Alarms Using Association Rules @ ICSE 2015Empirically Detecting False Test Alarms Using Association Rules @ ICSE 2015
Empirically Detecting False Test Alarms Using Association Rules @ ICSE 2015
Kim Herzig
 
Security testing
Security testingSecurity testing
Security testing
Rihab Chebbah
 
Manual Testing Types Used in Software Testing
Manual Testing Types Used in Software TestingManual Testing Types Used in Software Testing
Manual Testing Types Used in Software Testing
seojayeshts
 
BAIT1103 Chapter 7
BAIT1103 Chapter 7BAIT1103 Chapter 7
BAIT1103 Chapter 7
limsh
 
Promostat original
Promostat originalPromostat original
Promostat original
Chandra Budati
 
IT Revision and Auditing
IT Revision and AuditingIT Revision and Auditing
IT Revision and Auditing
Amith Reddy
 
SOFTWARE TESTING W4_watermark.pdf
SOFTWARE TESTING W4_watermark.pdfSOFTWARE TESTING W4_watermark.pdf
SOFTWARE TESTING W4_watermark.pdf
GayathriRHICETCSESTA
 
Owasp security testing methodlogies –part2
Owasp security testing methodlogies –part2Owasp security testing methodlogies –part2
Owasp security testing methodlogies –part2
robin_bene
 
Decentralized cloud firewall framework with resources provisioning cost optim...
Decentralized cloud firewall framework with resources provisioning cost optim...Decentralized cloud firewall framework with resources provisioning cost optim...
Decentralized cloud firewall framework with resources provisioning cost optim...
aish006
 
Unit 7 verification & validation
Unit 7 verification & validationUnit 7 verification & validation
Unit 7 verification & validation
raksharao
 
anonymous and efficient authentication scheme for privacy-preserving distribu...
anonymous and efficient authentication scheme for privacy-preserving distribu...anonymous and efficient authentication scheme for privacy-preserving distribu...
anonymous and efficient authentication scheme for privacy-preserving distribu...
SUBHAJIT GHOSH
 
Enumeration and system hacking
Enumeration and system hackingEnumeration and system hacking
Enumeration and system hacking
begmohsin
 
PROJECT.ppt (6).pptx
PROJECT.ppt (6).pptxPROJECT.ppt (6).pptx
PROJECT.ppt (6).pptx
PraveenaModinipally
 
Заполучили права администратора домена? Игра еще не окончена
Заполучили права администратора домена? Игра еще не оконченаЗаполучили права администратора домена? Игра еще не окончена
Заполучили права администратора домена? Игра еще не окончена
Positive Hack Days
 
UNIT TESTING.pptx
UNIT TESTING.pptxUNIT TESTING.pptx
UNIT TESTING.pptx
DrTThendralCompSci
 
Using AWS To Build A Scalable Machine Data Analytics Service
Using AWS To Build A Scalable Machine Data Analytics ServiceUsing AWS To Build A Scalable Machine Data Analytics Service
Using AWS To Build A Scalable Machine Data Analytics Service
Christian Beedgen
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
Er Vivek Rana
 
Test Data Approach
Test Data ApproachTest Data Approach
Test Data Approach
kzoe1996
 

Similar to Denial of password guessing attack using turing test (20)

Online Quiz System Project PPT
Online Quiz System Project PPTOnline Quiz System Project PPT
Online Quiz System Project PPT
 
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
 
Empirically Detecting False Test Alarms Using Association Rules @ ICSE 2015
Empirically Detecting False Test Alarms Using Association Rules @ ICSE 2015Empirically Detecting False Test Alarms Using Association Rules @ ICSE 2015
Empirically Detecting False Test Alarms Using Association Rules @ ICSE 2015
 
Security testing
Security testingSecurity testing
Security testing
 
Manual Testing Types Used in Software Testing
Manual Testing Types Used in Software TestingManual Testing Types Used in Software Testing
Manual Testing Types Used in Software Testing
 
BAIT1103 Chapter 7
BAIT1103 Chapter 7BAIT1103 Chapter 7
BAIT1103 Chapter 7
 
Promostat original
Promostat originalPromostat original
Promostat original
 
IT Revision and Auditing
IT Revision and AuditingIT Revision and Auditing
IT Revision and Auditing
 
SOFTWARE TESTING W4_watermark.pdf
SOFTWARE TESTING W4_watermark.pdfSOFTWARE TESTING W4_watermark.pdf
SOFTWARE TESTING W4_watermark.pdf
 
Owasp security testing methodlogies –part2
Owasp security testing methodlogies –part2Owasp security testing methodlogies –part2
Owasp security testing methodlogies –part2
 
Decentralized cloud firewall framework with resources provisioning cost optim...
Decentralized cloud firewall framework with resources provisioning cost optim...Decentralized cloud firewall framework with resources provisioning cost optim...
Decentralized cloud firewall framework with resources provisioning cost optim...
 
Unit 7 verification & validation
Unit 7 verification & validationUnit 7 verification & validation
Unit 7 verification & validation
 
anonymous and efficient authentication scheme for privacy-preserving distribu...
anonymous and efficient authentication scheme for privacy-preserving distribu...anonymous and efficient authentication scheme for privacy-preserving distribu...
anonymous and efficient authentication scheme for privacy-preserving distribu...
 
Enumeration and system hacking
Enumeration and system hackingEnumeration and system hacking
Enumeration and system hacking
 
PROJECT.ppt (6).pptx
PROJECT.ppt (6).pptxPROJECT.ppt (6).pptx
PROJECT.ppt (6).pptx
 
Заполучили права администратора домена? Игра еще не окончена
Заполучили права администратора домена? Игра еще не оконченаЗаполучили права администратора домена? Игра еще не окончена
Заполучили права администратора домена? Игра еще не окончена
 
UNIT TESTING.pptx
UNIT TESTING.pptxUNIT TESTING.pptx
UNIT TESTING.pptx
 
Using AWS To Build A Scalable Machine Data Analytics Service
Using AWS To Build A Scalable Machine Data Analytics ServiceUsing AWS To Build A Scalable Machine Data Analytics Service
Using AWS To Build A Scalable Machine Data Analytics Service
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
 
Test Data Approach
Test Data ApproachTest Data Approach
Test Data Approach
 

Recently uploaded

Contiguity Of Various Message Forms - Rupam Chandra.pptx
Contiguity Of Various Message Forms - Rupam Chandra.pptxContiguity Of Various Message Forms - Rupam Chandra.pptx
Contiguity Of Various Message Forms - Rupam Chandra.pptx
Kalna College
 
Keynote given on June 24 for MASSP at Grand Traverse City
Keynote given on June 24 for MASSP at Grand Traverse CityKeynote given on June 24 for MASSP at Grand Traverse City
Keynote given on June 24 for MASSP at Grand Traverse City
PJ Caposey
 
Diversity Quiz Prelims by Quiz Club, IIT Kanpur
Diversity Quiz Prelims by Quiz Club, IIT KanpurDiversity Quiz Prelims by Quiz Club, IIT Kanpur
Diversity Quiz Prelims by Quiz Club, IIT Kanpur
Quiz Club IIT Kanpur
 
The basics of sentences session 8pptx.pptx
The basics of sentences session 8pptx.pptxThe basics of sentences session 8pptx.pptx
The basics of sentences session 8pptx.pptx
heathfieldcps1
 
How to stay relevant as a cyber professional: Skills, trends and career paths...
How to stay relevant as a cyber professional: Skills, trends and career paths...How to stay relevant as a cyber professional: Skills, trends and career paths...
How to stay relevant as a cyber professional: Skills, trends and career paths...
Infosec
 
220711130095 Tanu Pandey message currency, communication speed & control EPC ...
220711130095 Tanu Pandey message currency, communication speed & control EPC ...220711130095 Tanu Pandey message currency, communication speed & control EPC ...
220711130095 Tanu Pandey message currency, communication speed & control EPC ...
Kalna College
 
IoT (Internet of Things) introduction Notes.pdf
IoT (Internet of Things) introduction Notes.pdfIoT (Internet of Things) introduction Notes.pdf
IoT (Internet of Things) introduction Notes.pdf
roshanranjit222
 
78 Microsoft-Publisher - Sirin Sultana Bora.pptx
78 Microsoft-Publisher - Sirin Sultana Bora.pptx78 Microsoft-Publisher - Sirin Sultana Bora.pptx
78 Microsoft-Publisher - Sirin Sultana Bora.pptx
Kalna College
 
Accounting for Restricted Grants When and How To Record Properly
Accounting for Restricted Grants When and How To Record ProperlyAccounting for Restricted Grants When and How To Record Properly
Accounting for Restricted Grants When and How To Record Properly
TechSoup
 
Interprofessional Education Platform Introduction.pdf
Interprofessional Education Platform Introduction.pdfInterprofessional Education Platform Introduction.pdf
Interprofessional Education Platform Introduction.pdf
Ben Aldrich
 
220711130082 Srabanti Bag Internet Resources For Natural Science
220711130082 Srabanti Bag Internet Resources For Natural Science220711130082 Srabanti Bag Internet Resources For Natural Science
220711130082 Srabanti Bag Internet Resources For Natural Science
Kalna College
 
Opportunity scholarships and the schools that receive them
Opportunity scholarships and the schools that receive themOpportunity scholarships and the schools that receive them
Opportunity scholarships and the schools that receive them
EducationNC
 
Erasmus + DISSEMINATION ACTIVITIES Croatia
Erasmus + DISSEMINATION ACTIVITIES CroatiaErasmus + DISSEMINATION ACTIVITIES Croatia
Erasmus + DISSEMINATION ACTIVITIES Croatia
whatchangedhowreflec
 
managing Behaviour in early childhood education.pptx
managing Behaviour in early childhood education.pptxmanaging Behaviour in early childhood education.pptx
managing Behaviour in early childhood education.pptx
nabaegha
 
The Science of Learning: implications for modern teaching
The Science of Learning: implications for modern teachingThe Science of Learning: implications for modern teaching
The Science of Learning: implications for modern teaching
Derek Wenmoth
 
220711130100 udita Chakraborty Aims and objectives of national policy on inf...
220711130100 udita Chakraborty Aims and objectives of national policy on inf...220711130100 udita Chakraborty Aims and objectives of national policy on inf...
220711130100 udita Chakraborty Aims and objectives of national policy on inf...
Kalna College
 
How to Download & Install Module From the Odoo App Store in Odoo 17
How to Download & Install Module From the Odoo App Store in Odoo 17How to Download & Install Module From the Odoo App Store in Odoo 17
How to Download & Install Module From the Odoo App Store in Odoo 17
Celine George
 
Get Success with the Latest UiPath UIPATH-ADPV1 Exam Dumps (V11.02) 2024
Get Success with the Latest UiPath UIPATH-ADPV1 Exam Dumps (V11.02) 2024Get Success with the Latest UiPath UIPATH-ADPV1 Exam Dumps (V11.02) 2024
Get Success with the Latest UiPath UIPATH-ADPV1 Exam Dumps (V11.02) 2024
yarusun
 
Library news letter Kitengesa Uganda June 2024
Library news letter Kitengesa Uganda June 2024Library news letter Kitengesa Uganda June 2024
Library news letter Kitengesa Uganda June 2024
Friends of African Village Libraries
 
Talking Tech through Compelling Visual Aids
Talking Tech through Compelling Visual AidsTalking Tech through Compelling Visual Aids
Talking Tech through Compelling Visual Aids
MattVassar1
 

Recently uploaded (20)

Contiguity Of Various Message Forms - Rupam Chandra.pptx
Contiguity Of Various Message Forms - Rupam Chandra.pptxContiguity Of Various Message Forms - Rupam Chandra.pptx
Contiguity Of Various Message Forms - Rupam Chandra.pptx
 
Keynote given on June 24 for MASSP at Grand Traverse City
Keynote given on June 24 for MASSP at Grand Traverse CityKeynote given on June 24 for MASSP at Grand Traverse City
Keynote given on June 24 for MASSP at Grand Traverse City
 
Diversity Quiz Prelims by Quiz Club, IIT Kanpur
Diversity Quiz Prelims by Quiz Club, IIT KanpurDiversity Quiz Prelims by Quiz Club, IIT Kanpur
Diversity Quiz Prelims by Quiz Club, IIT Kanpur
 
The basics of sentences session 8pptx.pptx
The basics of sentences session 8pptx.pptxThe basics of sentences session 8pptx.pptx
The basics of sentences session 8pptx.pptx
 
How to stay relevant as a cyber professional: Skills, trends and career paths...
How to stay relevant as a cyber professional: Skills, trends and career paths...How to stay relevant as a cyber professional: Skills, trends and career paths...
How to stay relevant as a cyber professional: Skills, trends and career paths...
 
220711130095 Tanu Pandey message currency, communication speed & control EPC ...
220711130095 Tanu Pandey message currency, communication speed & control EPC ...220711130095 Tanu Pandey message currency, communication speed & control EPC ...
220711130095 Tanu Pandey message currency, communication speed & control EPC ...
 
IoT (Internet of Things) introduction Notes.pdf
IoT (Internet of Things) introduction Notes.pdfIoT (Internet of Things) introduction Notes.pdf
IoT (Internet of Things) introduction Notes.pdf
 
78 Microsoft-Publisher - Sirin Sultana Bora.pptx
78 Microsoft-Publisher - Sirin Sultana Bora.pptx78 Microsoft-Publisher - Sirin Sultana Bora.pptx
78 Microsoft-Publisher - Sirin Sultana Bora.pptx
 
Accounting for Restricted Grants When and How To Record Properly
Accounting for Restricted Grants When and How To Record ProperlyAccounting for Restricted Grants When and How To Record Properly
Accounting for Restricted Grants When and How To Record Properly
 
Interprofessional Education Platform Introduction.pdf
Interprofessional Education Platform Introduction.pdfInterprofessional Education Platform Introduction.pdf
Interprofessional Education Platform Introduction.pdf
 
220711130082 Srabanti Bag Internet Resources For Natural Science
220711130082 Srabanti Bag Internet Resources For Natural Science220711130082 Srabanti Bag Internet Resources For Natural Science
220711130082 Srabanti Bag Internet Resources For Natural Science
 
Opportunity scholarships and the schools that receive them
Opportunity scholarships and the schools that receive themOpportunity scholarships and the schools that receive them
Opportunity scholarships and the schools that receive them
 
Erasmus + DISSEMINATION ACTIVITIES Croatia
Erasmus + DISSEMINATION ACTIVITIES CroatiaErasmus + DISSEMINATION ACTIVITIES Croatia
Erasmus + DISSEMINATION ACTIVITIES Croatia
 
managing Behaviour in early childhood education.pptx
managing Behaviour in early childhood education.pptxmanaging Behaviour in early childhood education.pptx
managing Behaviour in early childhood education.pptx
 
The Science of Learning: implications for modern teaching
The Science of Learning: implications for modern teachingThe Science of Learning: implications for modern teaching
The Science of Learning: implications for modern teaching
 
220711130100 udita Chakraborty Aims and objectives of national policy on inf...
220711130100 udita Chakraborty Aims and objectives of national policy on inf...220711130100 udita Chakraborty Aims and objectives of national policy on inf...
220711130100 udita Chakraborty Aims and objectives of national policy on inf...
 
How to Download & Install Module From the Odoo App Store in Odoo 17
How to Download & Install Module From the Odoo App Store in Odoo 17How to Download & Install Module From the Odoo App Store in Odoo 17
How to Download & Install Module From the Odoo App Store in Odoo 17
 
Get Success with the Latest UiPath UIPATH-ADPV1 Exam Dumps (V11.02) 2024
Get Success with the Latest UiPath UIPATH-ADPV1 Exam Dumps (V11.02) 2024Get Success with the Latest UiPath UIPATH-ADPV1 Exam Dumps (V11.02) 2024
Get Success with the Latest UiPath UIPATH-ADPV1 Exam Dumps (V11.02) 2024
 
Library news letter Kitengesa Uganda June 2024
Library news letter Kitengesa Uganda June 2024Library news letter Kitengesa Uganda June 2024
Library news letter Kitengesa Uganda June 2024
 
Talking Tech through Compelling Visual Aids
Talking Tech through Compelling Visual AidsTalking Tech through Compelling Visual Aids
Talking Tech through Compelling Visual Aids
 

Denial of password guessing attack using turing test

  • 1. Denial of Password Guessing Attack using Turing Test Under the Supervision of By Shilpi Sharma Vikram Verma (Assistant Professor) Mtech CS&E (A2300912017)
  • 2. Outline of presentation •OBJECTIVE •REVIEW OF EXISTING TECHNIQUES • PROPOSED SYSTEM •Algorithm •SYSTEM MODULES •SYSTEM UML DIAGRAMS •ADVANTAGES OF PROPOSED SYSTEM •FUTURE SCOPE
  • 3. Objective: Implement a system to deface automated password guessing attacks using Turing tests
  • 4. Existing Techniques • Pinkas and Sander’s ATT approach • Modified Pinkas and Sander’s ATT approach • Van Oorschot and Stubblebine’s ATT approach
  • 5. Pinkas and Sander’s ATT approach • Introduced login protocol which uses Turing Test as the main basis to authenticate user. • This approach made answering of Turing Test as first step after the user id is provided. • This causes even legitimate users to answer Turing Test unnecessarily.
  • 6. Modified Pinkas and Sander’s ATT approach • Introduced reduction in ATT attempt for legitimate users. • Web browser cookies were used to identify previous successful login. • The risk of cookie steeling attack persists. • Stolen cookies can be used by hackers to act as legitimate user and perform password guessing attacks.
  • 7. Van Oorschot and Stubblebine’s ATT approach • This restricts cookie theft by automatic deletion of cookies. • This approach is based on checking number of login attempts. • Once the login attempt exceeds threshold value then even the legitimate user needs to go through Turing Test to make successful login. • The biggest dis-advantage: Once a legitimate user’s account exceeds threshold of unsuccessful login attempts then the user needs to go through Turing Test for login on every login after that.
  • 8. Proposed System • The proposed system works on ATT based on System on the whole rather than cookies to identify the legitimate user’s system. • The system IP and MAC are used to verify trusted system. • Unlimited login attempts are provided to legitimate user by verifying his registered system. • Limits the use of untrusted system to 3 attempts and imposes Turing Test for logging in.
  • 9. Algorithm Algorithm for base application • Create login form for validation of user. • Using socket programming credentials needs to be passed to the server. Algorithm for verifying system • Using java.net package we extract information about the system MAC and IP address. • Using MD5 encryption we encrypt and transfer login credentials and system details to server. • The server would then identify untrusted system based on its values from database and then generate truring test which then needs to be verified by again using MD5 encryption.
  • 10. Proposed System Modules • Login Module: – It performs verification of user id and password using MD5 encryption. • Verify Module: – It checks for the system IP and MAC address to identify if system is registered or not. – It is invoked in both successful and unsuccessful login attempt.
  • 11. • Add System – This module works for adding new system when a successful login is made from an unregistered system. • Turing Test – This is where the Turing Test is conducted. – It is invoked when unsuccessful login attempt from unregistered system exceeds 3 attempts.
  • 14. Advantages of proposed system • Cookie steeling attack gets defaced • Use of IP address in registering system helps users to use a number of devices accessing authentication system using a common access point. • It doesn’t effect legitimate user in case hacker tries to hack his account.
  • 15. Screen Shots Login Screen Registration Screen
  • 18. Future scope • This system would fail if the password is stolen using online keylogers or Remote administration Trojans • Thus an approach to prevent Keyloggers and Trojans from creating logs for leaking password information must be developed.
  翻译: