scispace - formally typeset
Search or ask a question

Secure Scheme For User Authentication And Authorization In Android Environment

TL;DR: A technique that exponentially minimizes the operational cost by using secure hash algorithms that has the potential to generate mobile-based One Time Passwords (OTPs) scheme on Android environment ensuring enhanced protection with respect to password security is proposed.
Abstract: Providing ultimate security in sensitive transaction and communication of online premium application is still a question mark of standardization in the area of networking and security. It has been seen that currently majority of the authentication and authorization techniques are usually designed on the top of One Time Password on user trusted hand held device. However, due to various lethal threats on mobile security systems, it can be said that existing security is not sufficient. Keeping in viewpoint of security on effective authentication and authorization, this paper proposes a technique that exponentially minimizes the operational cost by using secure hash algorithms that has the potential to generate mobile-based One Time Passwords (OTPs) scheme on Android environment ensuring enhanced protection with respect to password security. Experimented on java platform, the implementation techniques discussed in the paper are found to be very robust
Citations
More filters
Proceedings ArticleDOI
01 Oct 2015
TL;DR: An overview of proposed secure authentication system which includes the authentication server, one-time password generator, and database server is given which provides several advantages with respect to most of the available solutions at the state of the art.
Abstract: Phishing is one of the most common attacks on the networks today and a primary enabler for fraud and identity theft, and the increasing sophistication of the phishers makes it very difficult for users to distinguish between genuine and fake. Thus, it is important to mutually authenticate each other. The mutual authentication between two entities is essential to establish a secure link over public/closed insecure networks. This paper gives an overview of proposed secure authentication system which includes the authentication server, one-time password generator, and database server. The system achieves mutual authentication by exchanging two one-time password (OTP) where OTP is a security mechanism, will be expired after single use/ some period of time and provides several advantages with respect to most of the available solutions at the state of the art. First, it enables transparent mutual authentication between two entities. Moreover, it guarantees authenticity of both entities within the same session. Finally, the proposed system ensures secure data transmission and protected access between two entities as well as to prevent from known attacks.

3 citations

Journal ArticleDOI
TL;DR: This paper introduces an approach to increase the security level by using multifactor authentication scheme, which requires the user to login with a username and password and gets the OTP generated by the system on his cell phone.
Abstract: As we know one factor authentication does not provide required security to a user while accessing the areas like banking, insurance, medical records etc. Users have to simply type a user name and password on the website So there is a need to increase the level of security for these users. This paper introduces an approach to increase the security level by using multifactor authentication scheme. This approach requires the user to login with a username and password. As the user enters his password, he will get the OTP generated by the system on his cell phone. We are integrating this approach with image based authentication and question based authentication. To develop this system we are using SHA algorithm and Lamport’s algorithm. By using these algorithms we can develop more secured multifactor authentication. We are using visual studio as the front end and My SQL as the back end. The results show a more secured system.

1 citations

Journal ArticleDOI
TL;DR: This paper presents an approach to further increase security using a two-factor authentication scheme that required the user to login with a username and password and also generate a One Time Password which will be sent to his email.
Abstract: Most people now access all the important areas of their life—banking, shopping, insurance, medical records, and so on—simply by sitting at their computer and typing a username and password into a website. Getting access to something this way is called one-factor authentication, because you need to know only one thing to get into the system: the combination of user name and password. In theory, this kind of protection should be reasonably secure; in practice, it's less and less trustworthy. This paper presents an approach to further increase security using a two-factor authentication scheme. This approach required the user to login with a username and password and also generate a One Time Password which will be sent to his email. The One Time Password will be used for authentication any time the user wishes to access a restricted resource. The one time password as the name implies will expire after a single use and after a period of 60 seconds. The system uses the HMACSHA-256 algorithm to develop a more secured two factor, one time password. Java Enterprise Edition (JEE) technology and MySQL was used and the frontend and backend respectively and was deployed on a single user computer using Java Bean Open Source Software (JBOSS) application server. The results from the system implementation show a more secured system difficult to compromise.
References
More filters
Proceedings ArticleDOI
07 Nov 2005
TL;DR: It is demonstrated that as long as passwords remain human-memorable, they are vulnerable to "smart-dictionary" attacks even when the space of potential passwords is large, calling into question viability of human- Memorable character-sequence passwords as an authentication mechanism.
Abstract: Human-memorable passwords are a mainstay of computer security. To decrease vulnerability of passwords to brute-force dictionary attacks, many organizations enforce complicated password-creation rules and require that passwords include numerals and special characters. We demonstrate that as long as passwords remain human-memorable, they are vulnerable to "smart-dictionary" attacks even when the space of potential passwords is large.Our first insight is that the distribution of letters in easy-to-remember passwords is likely to be similar to the distribution of letters in the users' native language. Using standard Markov modeling techniques from natural language processing, this can be used to dramatically reduce the size of the password space to be searched. Our second contribution is an algorithm for efficient enumeration of the remaining password space. This allows application of time-space tradeoff techniques, limiting memory accesses to a relatively small table of "partial dictionary" sizes and enabling a very fast dictionary attack.We evaluated our method on a database of real-world user password hashes. Our algorithm successfully recovered 67.6% of the passwords using a 2 x 109 search space. This is a much higher percentage than Oechslin's "rainbow" attack, which is the fastest currently known technique for searching large keyspaces. These results call into question viability of human-memorable character-sequence passwords as an authentication mechanism.

419 citations


"Secure Scheme For User Authenticati..." refers background in this paper

  • ...Such vulnerability poses a potential amount of threats in using various sensitive premium based application e.g. banking transactions and data storage in cloud....

    [...]

Proceedings ArticleDOI
05 Jan 2004
TL;DR: A system model of the risks associated with password-based authentication is presented from a users centric point of view including the construct of user password memory aids and a preliminary analysis of the implications of this user centric interconnection of security models is presented.
Abstract: User authentication in computer systems has been a cornerstone of computer security for decades. The concept of a user id and password is a cost effective and efficient method of maintaining a shared secret between a user and a computer system. One of the key elements in the password solution for security is a reliance on human cognitive ability to remember the shared secret. In early computing days with only a few computer systems and a small select group of users, this model proved effective. With the advent of the Internet, e-commerce, and the proliferation of PCs in offices and schools, the user base has grown both in number and in demographic base. Individual users no longer have single passwords for single systems, but are presented with the challenge of remembering numerous passwords for numerous systems, from email, to web accounts, to banking and financial services. This paper presents a conceptual model depicting how users and systems work together in this function and examines the consequences of the expanding user base and the use of password memory aids. A system model of the risks associated with password-based authentication is presented from a user centric point of view including the construct of user password memory aids. When confronted with too much data to remember, users develop memory aids to assist them in the task of remembering important pieces of information. These user password memory aids form a bridge between otherwise unconnected systems and have an effect on system level security across multiple systems interconnected by the user. A preliminary analysis of the implications of this user centric interconnection of security models is presented.

95 citations


"Secure Scheme For User Authenticati..." refers background in this paper

  • ...The public network is basically characterized with presence of multiple users in multiple locations with undefined score of vulnerable motives of internet usage....

    [...]

Proceedings ArticleDOI
11 Apr 2011
TL;DR: This paper presents a novel two-factor authentication scheme whereby a user's device produces multiples OTPs from an initial seed using the proposed production scheme, and applies the many from one function to a certain seed removes the requirement of sending SMS-based OTP's to users, and reduces the restrictions caused by the SMS system.
Abstract: Two-factor authentication (2FA) provides improved protection, since users are prompted to provide something they know and something they have. This method delivers a higher-level of authentication assurance, which is essential for online banking security. Many banking systems have satisfied the2FA requirements by sending a One Time Password (OTP), something possessed, through an SMS to the user's phone device. Unfortunately, international roaming and SMS costs and delays put restrictions on this system reliability. This paper presents a novel two-factor authentication scheme whereby a user's device produces multiples OTPs from an initial seed using the proposed production scheme. The initial seed is produced by the communications partners' unique parameters. Applying the many from one function to a certain seed removes the requirement of sending SMS-based OTPs to users, and reduces the restrictions caused by the SMS system.

66 citations


"Secure Scheme For User Authenticati..." refers background in this paper

  • ...Additionally, OTP systems usually lock the user once variety of unsuccessful logon tries....

    [...]

Journal ArticleDOI
TL;DR: In this article, the authors show that the AuthA protocol can be instantiated in an insecure way, and that there are no well defined (let alone rigorous) ways to distinguish between secure and insecure instantiations.

39 citations

Posted Content
TL;DR: The result shows that the AuthA protocol can be instantiated in an insecure way, and that there are no well defined (let alone rigorous) ways to distinguish between secure and insecure instantiations, so the value of provable security in ideal cipher model is limited.
Abstract: In recent years, several protocols for password-based authenticated key exchange have been proposed. These protocols aim to be secure even though the sample space of passwords may be small enough to be enumerated by an off-line adversary. In Eurocrypt 2000, Bellare, Pointcheval and Rogaway (BPR) presented a model and security definition for authenticated key exchange. They claimed that in the ideal-cipher model (random oracles), the two-flow protocol at the core of Encrypted Key Exchange (EKE) is secure. Bellare and Rogaway suggested several instantiations of the ideal cipher in their proposal to the IEEE P1363.2 working group. Since then there has been an increased interest in proving the security of password-based protocols in the ideal-cipher model. For example, Bresson, Chevassut, and Pointcheval have recently showed that the One-Encryption-Key-Exchange (OEKE) protocol is secure in the ideal cipher model. In this paper, we present examples of real (NOT ideal) ciphers (including naive implementations of the instantiations proposed to IEEE P1363.2) that would result in broken instantiations of the idealised AuthA protocol and OEKE protocol. Our result shows that the AuthA protocol can be instantiated in an insecure way, and that there are no well defined (let alone rigorous) ways to distinguish between secure and insecure instantiations. Thus, without a rigorous metric for ideal-ciphers, the value of provable security in ideal cipher model is limited.

36 citations


"Secure Scheme For User Authenticati..." refers background in this paper

  • ...The public network is basically characterized with presence of multiple users in multiple locations with undefined score of vulnerable motives of internet usage....

    [...]

  • ...EDW B13-0410926, International Islamic University Malaysia (IIUM)....

    [...]