Multi-layered crypto cloud integration of oPass
24 Aug 2015-pp 1-7
TL;DR: A protocol is proposed based on oPass to implement multi-layer crypto-cloud integration with oPass which can handle Impersonation of the User attack.
Abstract: One of the most popular forms of user authentication is the Text Passwords. It is due to its convenience and simplicity. Still, the passwords are susceptible to be taken and compromised under various threats and weaknesses. In order to overcome these problems, a protocol called oPass was proposed. A cryptanalysis of it was done. We found out four kinds of attacks which could be done on it i.e. Use of SMS service, Attacks on oPass communication links, Unauthorized intruder access using the master password, Network attacks on untrusted web browser. One of them was Impersonation of the User. In order to overcome these problems in cloud environment, a protocol is proposed based on oPass to implement multi-layer crypto-cloud integration with oPass which can handle this kind of attack.
Citations
More filters
Book•
01 Jan 2014
19 citations
References
More filters
01 Jan 2014
TL;DR: In this paper, the authors proposed user authentication to secure data of encryption algorithm with digital signature in cloud computing, which is Internet based computer, shared software information and resource to world, these cloud environment resources are shared to all servers, and separate users.
Abstract: The cloud computing is Internet based computer, shared software information and resource to world. These cloud environment resources are shared to all servers, and separate users. The cloud computing supports distributed services multi-domain Infrastructure, and multi-users. This paper proposed user authentication to secure data of encryption algorithm with digital signature in cloud computing. This infrastructure guaranteed to secure the information in cloud server.
6 citations
01 Jan 2012
TL;DR: One-time password mechanism that has enhanced security using private key infrastructure to prevent integrity problem due to phishing attack and keyloggers is proposed.
Abstract: Text password is the most popular form of user authentication on websites due to its convenience and simplicity. However, user’s passwords are prone to be stolen and compromised by different threats and vulnerabilities. Users often select weak passwords and reuse the same passwords across different websites. Typing passwords into untrusted computers suffers password thief threat. The user authentication protocol proposes the oPass enhancement to protect user identity; it requires a long-term password for cell phone protection and account ID for login on all websites. OPass only requires each participating website possesses a unique phone number, and involves a telecommunication service provider in registration and recovery phases for the creation of one-time password. User can recover oPass system with reissued SIM cards and long-term passwords. Opass is efficient and affordable compared with the conventional web authentication mechanisms. Therefore one-time password mechanism that has enhanced security using private key infrastructure to prevent integrity problem due to phishing attack and keyloggers. Index Terms—Network security, password reuse attack, pass- word stealing attack, user authentication.
6 citations
24 Aug 2013
TL;DR: A user authentication protocol named Procure Pass, which benefits a user's cell phone and short message service to prevent password stealing and password reuse attacks, adopts the one-time password strategy, which free users from having to remember or type any passwords into conventional public computers for authentication.
Abstract: The most popular form of user authentication is the text password, which is the most convenient and the simplest Users mostly choose weak passwords and reuse the same password across different websites and thus, a domino effect ie, when an adversary compromises one password, she exploits, gaining access to more websites Also typing passwords into public computers (kiosks) suffers password thief threat, thereby the adversary can launch several password stealing attacks, such as phishing, key loggers and malware Therefore user's passwords tend to be stolen and compromised under different threats and vulnerabilities A user authentication protocol named Procure Pass, which benefits a user's cell phone and short message service to prevent password stealing and password reuse attacks Procure Pass adopts the one-time password strategy, which free users from having to remember or type any passwords into conventional public computers for authentication In case of users lose their cell phones, this still works by reissuing the SIM cards and long-term passwords
5 citations
29 Apr 2013
TL;DR: An authentication protocol is proposed which requires a user's cellphone, an untrusted system, a telecommunication provider and a web server and here users have to remember only a long-term password for login to all websites.
Abstract: For past few decades, the text password is the primary means of user authentication in websites. The users select their passwords on their own. The password based authentication resist against brute force attacks and dictionary attacks. But the user passwords are prone to be stolen and can be compromised to attacks and vulnerabilities. First, the user reuses the password for several websites as it is difficult to remember several passwords. This lead to the loss of sensitive information and hackers can easily intrude into user accounts. If one of the websites password is compromised then the intruder can gain access to more websites. Second, the users may enter the passwords into untrusted systems may lead to password thief threat. The adversaries can launch several password attacks such as phishing, key loggers and malware. In this paper, an authentication protocol is proposed which requires a user's cellphone, an untrusted system, a telecommunication provider and a web server. It comprises of three phases: Registration phase, Login phase and Recovery phase. Here users have to remember only a long-term password for login to all websites.
2 citations
"Multi-layered crypto cloud integrat..." refers background in this paper
...Each round applies one of the eight 4-bit to 4-bit S-boxes 32 times in parallel....
[...]
01 Dec 2013
TL;DR: The user authentication protocol named LOPass is proposed which creates long term password and one time password for authenticating the user which has three phases as registration, login and recovery phase.
Abstract: Today, the internet has became most convenient and widely used media for people exchanging information and doing business over the internet such as accessing web based emails, online auctions or banking sites But nowadays, accessing the internet is faced with many challenges One of the most important challenges is to ensure security with vital role to provide security in websites The text passwords are convenient and simplest form for a user authentication on websites and this level is more prone to security attacks User mostly uses theses weak passwords and it is often used across several websites The reuse of the same password in untrusted websites causes password threats Hackers invoke password stealing methods to grab password such as phishing, malware and keyloggers Hereby we propose the user authentication protocol named LOPass which creates long term password and one time password for authenticating the user It has three phases as registration, login and recovery phase In LOPass, random password is generated for each login Registration is used for the registration of the user Recovery phase is used, if the user's mobile phone gets lost The user needs to remember only his long term password which is secret
2 citations
"Multi-layered crypto cloud integrat..." refers methods in this paper
...The Serpent Algorithm makers went for a more conservative approach compared to other algorithm designers, electing for a larger security margin compared to the other algorithms....
[...]