Active One-Time Password Mechanism for User Authentication

Cloud computing brings novel concepts and various applications for people to use computer on theInternet, where all of above-mentioned concern with user authentication. Password is the most popular approach for user authentication in daily life due to its convenienceand simplicity. However, on Internet, user’s password is easier to suffer from distinct threats and vulnerability. First, for the purpose of easily memorizing, user often selects a weak password and reuses it between different service providers on websites. Without a doubt, an adversary will obtain access to more websites if the password is compromised. Next, an adversary can launch several methods to snatch users’ passwords such as phishing, keyloggers, and malware, and those are hard to be guarded against. In this manuscript, we propose an active one-time password (AOTP) mechanism for user authentication to overcome two abovementioned problems, password stealing and reuse, utilizing cellphone and short message service. Through AOTP, there is no need for additional tokens, card readers and drivers, or unfamiliar security procedures and user can choose any desirous password to register on all websites. Furthermore, we also give some comparison tables to present that the proposed mechanism is better than other similar works.

[1]  Felix C. Freiling,et al.  Learning More about the Underground Economy: A Case-Study of Keyloggers and Dropzones , 2009, ESORICS.

[2]  David A. Wagner,et al.  Dynamic pharming attacks and locked same-origin policies for web browsers , 2007, CCS '07.

[3]  Edward W. Felten,et al.  Password management strategies for online accounts , 2006, SOUPS '06.

[4]  Brent Waters,et al.  A convenient method for securely managing passwords , 2005, WWW '05.

[5]  Michael K. Reiter,et al.  The Design and Analysis of Graphical Passwords , 1999, USENIX Security Symposium.

[6]  Ulrich Sax,et al.  Position Paper: Wireless Technology Infrastructures for Authentication of Patients: PKI that Rings , 2005, J. Am. Medical Informatics Assoc..

[7]  Alain Forget,et al.  Multiple password interference in text passwords and click-based graphical passwords , 2009, CCS.

[8]  Susan Wiedenbeck,et al.  Design and evaluation of a shoulder-surfing resistant graphical password scheme , 2006, AVI '06.

[9]  Julie Thorpe,et al.  Towards secure design choices for implementing graphical passwords , 2004, 20th Annual Computer Security Applications Conference.

[10]  Helmut Schneider,et al.  The domino effect of password reuse , 2004, CACM.

[11]  Nasir D. Memon,et al.  PassPoints: Design and longitudinal evaluation of a graphical password system , 2005, Int. J. Hum. Comput. Stud..

[12]  Marti A. Hearst,et al.  Why phishing works , 2006, CHI.

[13]  Cormac Herley,et al.  A large-scale study of web password habits , 2007, WWW '07.

[14]  Niels Provos,et al.  The Ghost in the Browser: Analysis of Web-based Malware , 2007, HotBots.

[15]  L. O'Gorman,et al.  Comparing passwords, tokens, and biometrics for user authentication , 2003, Proceedings of the IEEE.

[16]  Ka-Ping Yee,et al.  Passpet: convenient password management and phishing protection , 2006, SOUPS '06.

[17]  Benny Pinkas,et al.  Securing passwords against dictionary attacks , 2002, CCS '02.