This chapter discusses the state of the art security mechanisms that have been used, in use and the current state of web service security. It also reviews the various algorithms that make up degradation in digital images and discusses some related work as it pertain the objective of the work. Sections 2.1through 2.5, discusses an overview of web security and user authentication mechanism. We review the role of cryptography and cryptographic techniques, Symmetric and Asymmetric cryptographic key and further discussed Digital Signatures, User Authentication mechanism including passwords and PINs, Kerberos, Biometric, and other authentication mechanisms. The chapter went further in section 2.6 through 2.11 to review image processing as it related image degradation and introduced CAPTCHA and the various techniques that make up the scheme, consequently, recognition (human and machine) was examined to peruse how they operate. The chapter concludes in section 2.13 by reviewing the various related work, their strength and weaknesses.
2.1 WEB SECURITY AND USER AUTHENTICATION
Security plays a significant role in computing and is considered as the avoidance of bad things (Neumann, 2004). Security though necessary is well thought-out as a challenge since it is very expensive to manage and implement. A well-developed information system with but poor security implementation makes the system a fruitless effort. Users especially those on the web need assurance about the authenticity of servers and the confidentiality of their private data. Also, they need to know the genuineness of any authentication measure provided (password, biometric) and that which is sent to the server is only accessible by that server. At the backend, severs as well want to trust that data they are sending to customers is unadulterated and inaccessible to all but only the customer to which the message is intended (Stubblefield, et al., 2005). Other attributes of security which include integrity, availability, non-repudiability and accountability also ensure the appropriate security is put in place. Integrity means that data cannot be altered except under properly authorized circumstances, while availability ensures that correct resources are available when needed. On the other hand, non-repudiability implies that authenticity is trustworthy and lastly, accountability means the possibility to determine what has been transpired at any time (Neumann, 2004). The Oxford Dictionary of Computing defined security as the prevention of or protection against access to information by unauthorized recipients or an intentional but unauthorized destruction or alteration of that information. For whatever reason (intentional or unintentional), unauthorized access to information is considered a threat to information.
The World Wide Web (WWW) in the last two decades is considered the fastest- growing protocol on the internet. The benefits of the web transcends beyond its use only. Despite the numerous benefits of the WWW, it is also vulnerable to attacks and interception of vital information on the web which has resulted to huge amount of fraud and loss. Report from CSI, 2011 reveals that organizations spend up to 17.7% of their annual budget on information security alone. This huge amount is to curb or control any form of attack or threat on their information and communication network. Table 2.1 and figure 2.1 shows the 2011 and 2012 CSI computer crime and security survey of the different types of attack experiences and their percentage (%) estimate of damage on information. This danger affects both the client and servers. From the table and figure, we observe that automated tool attack has the highest percentage of 14% in 2012. This indicates that bots still remains a challenging area in web security. One of the largest ever recorded system attacks on Microsoft Corporation is the one reported by the associated Press of Microsoft Corporation on February 10, 2004. The Associated Press reported the discovery of a major vulnerability in the windows operating system. Microsoft Corporation warned customers about this vulnerability and its ability to allow hackers quietly break into their computers to steal files, delete data, or eavesdrop on sensitive information (Vemuri, 2006). In Bellovin, 2004, the danger of the WWW to clients use comes from the nature of the information received. Viruses and worms have impacted greatly on everyone and everyday use of web resources. Intrusion detection systems play a vital role in identifying these worms and viruses and also devise means in protecting organization and individual's confidential data (Vemuri, 2006).
Providing adequate authentication to identify users, subsystems, servers, networks nodes and any other entity that can be spoofed or subverted are considered one of the most important problem to security of information and web resources. Different security mechanism and security policies have been developed and applied to different hierarchical layers such as hardware, operating system kernels, network software, database management, and application software. The most prevalent underlying means of protection information is through the use of cryptography. Cryptography and some of the techniques employed in encrypting information is discussed in the next section.