Negative Authentication System

What is a Negative Authentication System?

Negative Authentication System

By D. Dasgupta Director, CFIA

Password authentication is very critical for secure access to company servers as it verifies the identity of computer users and processes. Most authentication systems use some form Positive Identification (PI) to identify legitimate users. Specifically, these systems use a password profile containing all the user passwords that are authorized to access the system (or the server). The negative counterpart (non-self/anti-password space) represents all strings that are not in the password file (which can possibly be exploited by hackers using password guessing or cracking tools). The purpose is to keep the Anti- Password checking as the first line of Authentication (invisible to users) and be kept in a separate machine (probably outside the secure perimeter), while the positive authentication system should be inside the highly secure region).

While this Anti-Password (Anti-P) space appears to be very large, our technique utilizes a form of implicit clustering to generate a small set of Anti-P detectors to cover this password guessing space. The developed system demonstrated it is hard (if not impossible) to discover any individual password even though Anti-P detectors are being compromised. Thus, the system can filter out all illegitimate users (hackers, crackers, etc.) before allowing them to access the positive password verification system, providing an additional layer of protection (invisible) to the user. It can provide a robust solution in immunizing authentication systems (local, remote or online) by putting an additional layer of protection (invisible) to the user. The prototype system called Password Immunizer is developed by Prof. D. Dasgupta and his research group at the University of Memphis, USA. In short, it is a non-obvious bio-inspired tool for user authentication that creates the Anti-P protection shield to filter out invalid access requests. A demo illustrating the concept is available at NAS Password Immunizer (patent pending).

Send your comments/queries to dasgupta@memphis.edu.