Mobile security has turn out to be vital in mobile computing. People began preserving their personal and business information on smart phones. Users and businesses utilize smart phones as message tools, and means of scheduling and regulating their labor and private life. Indeed, smart phones contain increasing amount of receptive information to which access must be prohibited. But security is never easy, and security with mobile devices, smart phones is no exception. But we can take a few steps to meaningfully improve our mobile security. Password authentication is most significant protection primitive for mobile computer access and broadly used validation mechanism. Users usually use characters as passwords but text based passwords are hard to keep in mind. Even if they are easy to memorize, they are susceptible to various kinds of attacks and are predictable. To address these authentication problems, graphical passwords have been introduced. The Unlock Pattern[7] is a graphical password scheme widely used for Android to authenticate the user. The SHA-1 unsalted hash value of pattern password is stored in a key file, which if hacked, the user can predict the password using rainbow table attacks, and dictionary attacks. To deal with this problem a new enhancement to SHA-1 algorithm using elliptic curves to store the password in the key file is proposed in this paper. Elliptic curve[1] based security protocols are proved to be excellent for the upcoming technologies like mobile computing as it demands less amount of power and computing resources. Since the proposed scheme generates an intermediate hash, it becomes hard to guess password for the cryptanalyst. As the grid is dynamically generated, this scheme is resistant to SHA-1 dictionary and rainbow table attacks.
[1]
Robert Biddle,et al.
Graphical passwords: Learning from the first twelve years
,
2012,
CSUR.
[2]
Joseph Bonneau,et al.
Guessing human-chosen secrets
,
2012
.
[3]
Padma Bh,et al.
Encoding And Decoding of a Message in the Implementation of Elliptic Curve Cryptography using Koblitz's Method
,
2010
.
[4]
Victor S. Miller,et al.
Use of Elliptic Curves in Cryptography
,
1985,
CRYPTO.
[5]
Adam J. Aviv,et al.
Smudge Attacks on Smartphone Touch Screens
,
2010,
WOOT.
[6]
N. Koblitz.
Elliptic curve cryptosystems
,
1987
.
[7]
Alfred Menezes,et al.
Guide to Elliptic Curve Cryptography
,
2004,
Springer Professional Computing.
[8]
Alfred Menezes,et al.
The State of Elliptic Curve Cryptography
,
2000,
Des. Codes Cryptogr..
[9]
Vincent Rijmen,et al.
The Impact of Carries on the Complexity of Collision Attacks on SHA-1
,
2006,
FSE.