ABSTRACT
Every person has his own data and needs it to be secure, so authentication and acceptance were
found to be essential. Most web based applications are based on password level authentication only.
Since passwords are easily prone to be attacked, a better authentication is needed. The biometrics and
the biometric way of authentication came to existence but this also suffered from the drawback of
excess hardware and complex mechanisms. This paper presents a simple and efficient user
authentication approach based on OTP with four digit pin number. When the user logins into the
system, the login password is matches with database and if they match, the user is identified as a
legitimate user. Further, an OTP is generated and sent to the user. The user enter the OTP along with
four digit pin. If this combined OTP and four digit pin is matched with database, user is authenticated.
Otherwise user is not allowed to access. This achieves better authentication and efficiency. If user
forget their password, recovery phase is available. In this phase user have to answer the query which is
based on the image that is displayed by server. If the answer is matches, then password reset link will
send to user’s mail id. This recovery method is not vulnerable to password resetting attack. This paper
provides different types of password, types of authentication and types of attack.
References
[1] Janardan Choubey, Bhaskar Choubey “Secure User Authentication in Internet Banking:
A Qualitative Survey”, International Journal of Innovation, Management and
Technology, Vol. 4, No. 2, April 2013.
[2] Mudassar Raza, Muhammad Iqbal, Muhammad Sharif and Waqas Haider, “A Survey of
Password Attacks and Comparative Analysis on Methods for Secure Authentication”,
World Applied Sciences Journal 19 (4): 439-444, 2012.
[3] Ari Juels, “RFID Security and Privacy: A Research Survey”, IEEE Journal on Selected
Areas in Communications, Volume 24, No. 2, Feb 2006.
[4] Priti Jadhao, Lalit Dole, “Survey on Authentication Password Techniques”,
International Journal of Soft Computing and Engineering (IJSCE), Volume 3, Issue 2, May 2013.
[5] Prajitha M V, “A Survey on User Authentication Protocols”, International Journal of
Computer Science Engineering, Volume 3, Issue 1, Jan 2015.
[6] Bin Hu, Qi Xie, Yang Li, Automatic verification of password based authentication
protocols using smart card (2011).
[7] G. E. Blonder, “Graphical passwords”, United States Patent 5559961, 1996.
[8] A. Hiltgen, T. Kramp, and T. Weigold, “Secure internet banking authentication,” IEEE
Security and Privacy, Vol. 4, No. 2, pp. 21-29, 2006.
[9] Anand Sharma and Vishal Ojha, 2010. Password based authentication: Philosophical
Survey. IEEE.
[10] Ahmed, A.A.E. and I. Traore, 2005. Anomaly Intrusion Detection Based on Biometrics,
Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop, IAW ’05.
[11] B. Pinkas and T. Sander, “Securing passwords against dictionary at- tacks,” in CCS ’02:
Proc. 9th ACM Conf. Computer Communications Security, New York, ACM, 2002,
pp. 161-170.
[12] I. Jermyn, A. Mayer, F. Monrose, M. K. Reiter, and A. D. Rubin, “The design and
analysis of graphical passwords,” in SSYM’99: Proc. 8th Conf. USENIX Security
Symp., Berkeley, CA, USENIX Association, 1999, pp. 1.
[13] B. Parno, C. Kuo, and A. Perrig, “Phoolproof phishing prevention,” Financial
Cryptography Data Security, 2006, pp. 1-19.
[14] D. Florencio and C. Herley, “A large-scale study of web password habits,” in WWW
’07: Proc. 16th Int. Conf. World Wide Web., New York, ACM, 2007, pp. 657-666.
[15] S. Chiasson, A. Forget, E. Stobert, P. C. van Oorschot, and R. Biddle, “Multiple
password interference in text passwords and click-based graphical passwords,” in CCS
’09: Proc. 16th ACM Conf. Computer Communications Security, New York, 2009, pp. 500-511.
[16] Muhammad Sharif, Tariq Faiz and Mudassar Raza, 2008. Time Signatures – An
Implementation of Keystroke and Click Patterns for Practical and Secure.
[17] Hirotaka Tazawa and Takashi Katoh, 2010. A user authentication scheme using
Multiple Passphrases and its arrangements. ISITA Taiwan.
[18] Dalia Abdul Hadi Abdul Ameer and Ahmed Abdulhakim Al-Absi, 2010. Anywhere OnKeyboard Password Technique. IEEE Student conference on Research and
development 2010 Putrajaya Malaysia.
[19] Manabo Hirano and Tomohiro Umeda, 2009. T-PIM: Trusted password Input method
against data stealing Malware IEEE 6 International Conference on IT.
[20] http://passcodes.org/security/password-attack-methods-and-prevention/
[21] http://computernetworkingnotes.com/network-security-acess-lists-standards-and
extended/types-of-attack.html
[22] http://searchsecurity.techtarget.com/definition/digital-signature
[23] http://searchnetworking.techtarget.com/definition/Novell-Directory-Services
[24] http://searchsecurity.techtarget.com/definition/biometric-authentication
Download all article in PDF
Support the magazine and subscribe to the content
This is premium stuff. Subscribe to read the entire article.