Authentication Using Improved Image Based OTP
Keywords:
Authentication, TFA, MFA, OTP, Image OTPAbstract
Everything in our digital life requires an authentication mechanism to establish the identity of the user and protect his/her privacy. Since passwords are the most common form of authentication, our aim is to provide an alternative form that is not susceptible to the security risks and problems associated with passwords. However, the password may be foreseeable because it should be easy for users to memorize. Thus, an rival could get the passwords of users by brute-force attack in a short period of time. Two-Factor Authentication (TFA) can be used as a antidote to this weakness. One Time Password is mostly used authentication method now days. Our proposed idea is to enhance the security level of One Time Password by using improved and more secure image based OTP. In this method text fields are encrypted with image as key string to produce OTP. Proposed method keep resistance against token theft, man in the middle attack, reply attacks etc.
References
[1] Leeladhar, V. “Taking Banking services to the common man-financial inclusion”. Reserve Bank of India Bulletin, (2006).
[2] Davi, L., A. Dmitrienko, et al.,“Privilege Escalation Attacks on Android Information Security,” M. Burmester, G. Tsudik, S. Magliveras and I.Ilic, Springer Berlin /Heidelberg. 6531: 346-360, 2011.
[3] “Juniper Networks.Mobile Malware Development Continues To Rise,Android leads The Way”. Available at http://globalthreatcenter.com/?p=2492, 2011.
[4] Ausitn, Charles Frederick, Xingsheng Wan, and Andrew Wright. ”Two factor authentication”, U.S. Patent Application 13/748, 153
[5] K. Rieck, P. Stewin, and J.-P. Seifert ,“SMS-Based One-Time Passwords: Attacks and Defence” DIMVA 2013, LNCS 7967, Springer-Verlag Berlin Heidelberg 2013,pp. 150–159, 2013.
[6] “Man in the Middle” Available on http://securityblog.s21sec.com/2010/09/zeus-mitmo-man-in-mobile-i.html 2010
[7] Dr. Ananthi Shesashaayee, D. Sumathy” OTP Encryption Techniques in Mobiles for Authentication and Transaction Security” IJIRCCE Vol 2, Issue 10, Oct 2014.
[8] Mohammed Hamid Khan “OTP Generation using SHA-1” IJRITCC Vol 3, Issue 4, Apr 2015.
[9] Safa Hamdare, Varsha Nagpurkar, Jayashri Mittal “Securing SMS Based One Time Password Technique from Man in the Middle Attack”, (IJETT)-Volume 11 Issue 3- May 2014.
[10] Himika Parmar1, Nancy Nainan2 and Sumaiya Thaseen, “Generation 0f Secure One-Time Password Based On Image Authentication”, CS & IT-CSCP 2012.
[11] Pwc, “pwc cybersecurity,” Pricewaterhouse Coopers, 2016. [Online]. Available: http://www.pwc.com/gsiss. [Accessed 30 May 2016].
[12] TechTarget .(2015,March).Retrieved May 20, 2016,
[13] Hoyul Choi, Hyunsoo Kwon “A Secure OTP Algorithm Using a Smartphone Application”, IEEE-2015.
[14] Changsok Yoo, Byung-Tak Kang, Huy Kang Kim, ”Case study of the vulnerability of OTP implemented in internet banking systems of South Korea”, An International Journal Springer Science+Business Media New York 2014, 10.1007/s11042-014-1888-3, 2014.
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors contributing to this journal agree to publish their articles under the Creative Commons Attribution 4.0 International License, allowing third parties to share their work (copy, distribute, transmit) and to adapt it, under the condition that the authors are given credit and that in the event of reuse or distribution, the terms of this license are made clear.
