A Novel Multi-Factor Authentication Algorithm Based on Image Recognition and User Established Relations

Conventional authentication methods, like simple text-based passwords, have shown vulnerabilities to different types of security attacks. Indeed, 61% of all breaches involve credentials, whether stolen via social engineering or hacked using brute force. Therefore, a robust user authentication mechanism is crucial to have secure systems. Combining textual passwords with graphical passwords in a multi-factor approach can be an effective strategy. Advanced authentication systems, such as biometrics, are secure, but require additional infrastructure for efficient implementation. This paper proposes a Multi-Factor Authentication (MFA) based on a non-biometric mechanism that does not require additional hardware. The novelty of the proposed mechanism lies in a two-factor authentication algorithm which requires a user to identify specific images out of a set of randomly selected images, then the user is required to establish a self-pre-configured relation between two given images to complete authentication. A functional prototype of the proposed system was developed and deployed. The proposed system was tested by users of different backgrounds achieving 100% accuracy in identifying and authenticating users, if authentication elements and credentials were not forgotten. It was also found to be accepted by the users as being easy to use and preferable over common MFA mechanisms.

[1]  Ajaz Hussain Mir,et al.  A novel OTP based tripartite authentication scheme , 2021, Int. J. Pervasive Comput. Commun..

[2]  Je Sen Teh,et al.  Multifactor authentication system based on color visual cryptography, facial recognition, and dragonfly optimization , 2020, Inf. Secur. J. A Glob. Perspect..

[3]  S. Vaithyasubramanian,et al.  Authentication using Robust Primary PIN (Personal Identification Number), Multifactor Authentication for Credit Card Swipe and Online Transactions Security , 2020 .

[4]  Bartłomiejczyk Maciej,et al.  Multifactor Authentication Protocol in a Mobile Environment , 2019, IEEE Access.

[5]  Uriel Cohen Priva,et al.  Distance-dependent memory for pictures and words , 2019, Journal of Memory and Language.

[6]  Prabhat Kumar,et al.  A Pattern-Based Multi-Factor Authentication System , 2019, Scalable Comput. Pract. Exp..

[7]  Aleksandr Ometov,et al.  Multi-Factor Authentication: A Survey , 2018, Cryptogr..

[8]  Dipankar Dasgupta,et al.  Toward the design of adaptive selection strategies for multi-factor authentication , 2016, Comput. Secur..

[9]  Frank Stajano,et al.  Passwords and the evolution of imperfect authentication , 2015, Commun. ACM.

[10]  Stark C. Draper,et al.  Secure Biometrics: Concepts, Authentication Architectures, and Challenges , 2013, IEEE Signal Processing Magazine.

[11]  Kang G. Shin,et al.  On authentication in a connected vehicle: Secure integration of mobile devices with vehicular networks , 2013, 2013 ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS).

[12]  Dawn Xiaodong Song,et al.  Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication , 2012, IEEE Transactions on Information Forensics and Security.

[13]  Cheng-Jung Tsai,et al.  A graphical-based password keystroke dynamic authentication system for touch screen handheld mobile devices , 2012, J. Syst. Softw..

[14]  James Miller,et al.  Token-based graphical password authentication , 2011, International Journal of Information Security.

[15]  Diarmid Marshall,et al.  User perceptions of security and usability of single-factor and two-factor authentication in automated telephone banking , 2011, Comput. Secur..

[16]  Ting Yu,et al.  On mouse dynamics as a behavioral biometric for authentication , 2011, ASIACCS '11.

[17]  Seng-Phil Hong,et al.  A Method of Risk Assessment for Multi-Factor Authentication , 2011, J. Inf. Process. Syst..

[18]  Brijesh Kumar Chaurasia,et al.  Infrastructure based Authentication in VANETs , 2011 .