A Usable and Secure Two-Factor Authentication Scheme

ABSTRACT There are many secure authentication schemes that are secure but difficult to use. Most existing network applications authenticate users with a username and password pair. Such systems using the reusable passwords are susceptible to attacks based on the theft of password. Each scheme has its merits and drawbacks (Misbahuddin, Aijaz Ahmed, & Shastri, 2006). To overcome the susceptibility in the existing applications, there is an authentication mechanism known as Two-Factor Authentication. Two-Factor Authentication is a process used to authenticate or verify the identity of a person or other entity requesting access under security constraints. It is a system wherein two different factors are used in conjunction to authenticate. Using two factors as opposed to one factor generally delivers a higher level of authentication assurance. The proposed scheme allows users to freely choose their PassFile (file password) instead of remembering the password, eliminating the problem of entering the reusable password and remembering the password. In this scheme, we proposed an efficient scheme for remote user authentication. It does not maintain verifier table and allows the user to freely choose and change their passwords. The proposed scheme provides best usability for the user in terms of PassFile without changing the existing protocol. This approach uses a smart card and is secure against identity theft, guessing attack, insider attack, stolen verifier attack, replay attack, impersonation attack, and reflection attack. The proposed achieves the mutual authentication essential for many applications.

[1]  Wei-Chi Ku,et al.  Impersonation Attack on a Dynamic ID-Based Remote User Authentication Scheme Using Smart Cards , 2005, IEICE Trans. Commun..

[2]  William Stallings,et al.  Network Security Essentials , 1999 .

[3]  Amit K. Awasthi,et al.  Proxy Blind Signature Scheme , 2003, IACR Cryptol. ePrint Arch..

[4]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[5]  M. Misbahuddin,et al.  A Simple and Efficient Solution to Remote User Authentication Using Smart Cards , 2006, 2006 Innovations in Information Technology.

[6]  William Stallings,et al.  Network Security Essentials: Applications and Standards , 1999 .

[7]  Mohammed Misbahuddin,et al.  Cryptanalysis of Liao-Lee-Hwang's Dynamic ID Scheme , 2008, Int. J. Netw. Secur..

[8]  Bruce Schneier,et al.  Two-factor authentication: too little, too late , 2005, CACM.

[9]  Gwoboa Horng Password Authentication Without Using a Password Table , 1995, Inf. Process. Lett..

[10]  Roman V. Yampolskiy Secure Network Authentication with PassText , 2007, Fourth International Conference on Information Technology (ITNG'07).

[11]  Ashutosh Saxena,et al.  A dynamic ID-based remote user authentication scheme , 2004, IEEE Transactions on Consumer Electronics.

[12]  Quynh H. Dang,et al.  Secure Hash Standard | NIST , 2015 .

[13]  Wassim El-Hajj,et al.  Two factor authentication using mobile phones , 2009, 2009 IEEE/ACS International Conference on Computer Systems and Applications.

[14]  William Stallings Network Security Essentials: Applications and Standards (3rd Edition) , 2006 .