Two Level Security using Mindmetrics and ID2S Password Authentication Technique

Abstract or Introduction

Having been a core feature of IT systems for several decades, passwords continue to represent both one of the most familiar and most maligned aspects of security technology. While their potential weaknesses have been well recognized mainly over the past decade, no permanent solution has come up yet as in terms of all-round usage and applicability. Shoulder surfing, simple guessing, external eavesdropping, side channel attacks etc are the common methods which lead to password leakages. The situation gets worse when a user puts a very obvious password which can be easily guessed by anyone knowing the person even vaguely.

Most systems propose to improve both identification and verification of user but this method of mindmetrics can augment the current password based systems by strengthening the identification process. Mind-metrics utilizes personal secret data instead of a login id to identify a user uniquely. The proposed system also creates a scenario where two servers cooperate to authenticate a client and if one server is compromised, the attacker still cannot pretend to be the client with the information from the compromised server. The proposed system presents a symmetric solution for two-server key encryption, where the client can establish different cryptographic keys with the two servers, respectively.