Secure Encrypted Steganography Graphical Password scheme for Near Field Communication smartphone access control system

We propose a two-factor authentication access control system using NFC smartphone.First credential is steganography key on NFC smartphone (ownership).Second credential is Encrypted Steganography Graphical Password scheme (knowledge).Integration of both credentials provides higher security to access control system.Evaluation shows users weigh security as a dominant attribute to use the system. The revolutionary development of smartphone which offers compelling computing and storage capabilities has radically changed the digital lifestyles of users. The integration of Near Field Communication (NFC) into smartphone has further opened up opportunities for new applications and business models such as in industry for payment, electronic ticketing and access control systems. NFC and graphical password scheme are two imperative technologies that can be used to achieve secure and convenient access control system. One of the potential uses of such technologies is the integration of steganography graphical password scheme into NFC-enabled smartphone to transcend conventional digital key/tokens access control systems into a more secure and convenient environment. Smartphone users would have more freedom in customizing the security level and how they interact with the access control system. As such, this paper presents a secure two-factor authentication NFC smartphone access control system using digital key and the proposed Encrypted Steganography Graphical Password (ESGP). This paper also validates the user perception and behavioral intention to use NFC ESGP smartphone access control system through an experiment and user evaluation survey. Results indicated that users weigh security as a dominant attribute for their behavioral intention to use NFC ESGP smartphone access control system. Our findings offer a new insight for security scholars, mobile device service providers and expert systems to leverage on the two-factor authentication with the use of NFC-enabled smartphone.

[1]  O. Roeva,et al.  Information Hiding: Techniques for Steganography and Digital Watermarking , 2000 .

[2]  Muhammad Sharif,et al.  A Survey of Password Attacks and Comparative Analysis on Methods for Secure Authentication , 2012 .

[3]  Princely Ifinedo,et al.  Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory , 2012, Comput. Secur..

[4]  Bruce Schneier,et al.  Cryptography Engineering - Design Principles and Practical Applications , 2010 .

[5]  Sadiq Almuairfi,et al.  IPAS: Implicit Password Authentication System , 2011, 2011 IEEE Workshops of International Conference on Advanced Information Networking and Applications.

[6]  R. Bagozzi,et al.  On the evaluation of structural equation models , 1988 .

[7]  Jameel Ahmed,et al.  RFID System: Design Parameters and Security Issues , 2013 .

[8]  Bruce Schneier,et al.  Applied cryptography : protocols, algorithms, and source codein C , 1996 .

[9]  Anjali A. Shejul,et al.  A Secure Skin Tone based Steganography Using Wavelet Transform , 2011 .

[10]  Ying Zhu,et al.  Graphical passwords: a survey , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[11]  Roy Want,et al.  Near field communication , 2011, IEEE Pervasive Computing.

[12]  Do Hyong Koh,et al.  Usability evaluation of touchless mouse based on infrared proximity sensing , 2011 .

[13]  C. Fornell,et al.  Evaluating structural equation models with unobservable variables and measurement error. , 1981 .

[14]  S. Goel,et al.  Comparison of Image Steganography Techniques , 2013 .

[15]  C. Chellappan,et al.  Biometrics: An Overview of the Technology, Issues and Applications , 2012 .

[16]  Zhenhua Guo,et al.  Online joint palmprint and palmvein verification , 2011, Expert Syst. Appl..

[17]  Sharath Pankanti,et al.  BIOMETRIC IDENTIFICATION , 2000 .

[18]  Arun Ross,et al.  An introduction to biometric recognition , 2004, IEEE Transactions on Circuits and Systems for Video Technology.

[19]  Bruce Schneier,et al.  Applied cryptography (2nd ed.): protocols, algorithms, and source code in C , 1995 .

[20]  Arash Habibi Lashkari,et al.  Shoulder Surfing attack in graphical password authentication , 2009, ArXiv.

[21]  Chin-Chen Chang,et al.  High payload steganography mechanism using hybrid edge detector , 2010, Expert Syst. Appl..

[22]  Moniruzzaman Bhuiyan,et al.  A Gesture Controlled User Interface for Inclusive Design and Evaluative Study of Its Usability , 2011, J. Softw. Eng. Appl..

[23]  Antonella De Angeli,et al.  Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems , 2005, Int. J. Hum. Comput. Stud..