Search engine for discovering works of Art, research articles, and books related to Art and Culture
Javascript must be enabled to continue!
Secure authentication scheme to thwart known authentication attacks using Mobile Device
View through CrossRef
Recently, the use of two-factors authentication (2FA) has increased to mitigate the risk of stealing user credentials. Most of 2FA use a mobile device to complete the authentication process, but many of them require an Internet connection or a subscriber identity module (SIM) chip to activate the synchronization of the One Time Password (OTP), which may not be guaranteed all the time or may not be equipped in the user's phone in the first place. Thus, this paper attempts to overcome this problem by adopting the camera of the mobile device and QR code to verify the OTP instead of relying on the Internet connection or cellular network. The proposed approach involves encrypting keys and secret codes with symmetric and asymmetric keys for added security, and using QR to exchange those codes fast and more easily, including a code suffix to prevent phishing attacks. Security analysis proves that the scheme is immune to many well-known attacks such as MITM, Shoulder surfing Keylogger, Phishing Attacks, etc. This scheme could contribute to adding a secure, practical, and easy-to-use option to diversify of 2FA if it is adopted by service providers such as Google, Meta, and Microsoft.
Keywords: Authentication; Two-Factor Authentication (2FA); Mobile device ; One-Time-Password (OTP); Challenge Response Protocol and Quick Response (QR) Code
College of Education, Mustansiriyah University
Title: Secure authentication scheme to thwart known authentication attacks using Mobile Device
Description:
Recently, the use of two-factors authentication (2FA) has increased to mitigate the risk of stealing user credentials.
Most of 2FA use a mobile device to complete the authentication process, but many of them require an Internet connection or a subscriber identity module (SIM) chip to activate the synchronization of the One Time Password (OTP), which may not be guaranteed all the time or may not be equipped in the user's phone in the first place.
Thus, this paper attempts to overcome this problem by adopting the camera of the mobile device and QR code to verify the OTP instead of relying on the Internet connection or cellular network.
The proposed approach involves encrypting keys and secret codes with symmetric and asymmetric keys for added security, and using QR to exchange those codes fast and more easily, including a code suffix to prevent phishing attacks.
Security analysis proves that the scheme is immune to many well-known attacks such as MITM, Shoulder surfing Keylogger, Phishing Attacks, etc.
This scheme could contribute to adding a secure, practical, and easy-to-use option to diversify of 2FA if it is adopted by service providers such as Google, Meta, and Microsoft.
Keywords: Authentication; Two-Factor Authentication (2FA); Mobile device ; One-Time-Password (OTP); Challenge Response Protocol and Quick Response (QR) Code.
Related Results
An Authentication and Key Agreement Scheme Based on Roadside Unit Cache for VANET
An Authentication and Key Agreement Scheme Based on Roadside Unit Cache for VANET
Vehicular Ad Hoc Network (VANET) is a wireless Mobile Ad Hoc Network that is used for communication between vehicles, vehicles and fixed access points, and vehicles and pedestrians...
Cross-SN: A Lightweight Authentication Scheme for a Multi-Server Platform Using IoT-Based Wireless Medical Sensor Network
Cross-SN: A Lightweight Authentication Scheme for a Multi-Server Platform Using IoT-Based Wireless Medical Sensor Network
Several wireless devices and applications can be connected through wireless communication technologies to exchange data in future intelligent health systems (e.g., the Internet of ...
An Efficient Login Authentication System against Multiple Attacks in Mobile Devices
An Efficient Login Authentication System against Multiple Attacks in Mobile Devices
Access management of IoT devices is extremely important, and a secure login authentication scheme can effectively protect users’ privacy. However, traditional authentication scheme...
An Efficient Blockchain-Based Verification Scheme with Transferable Authentication Authority
An Efficient Blockchain-Based Verification Scheme with Transferable Authentication Authority
Abstract
In some situations, the transfer of authentication authority is necessary for user authentication. In traditional authentication, a trust mechanism based on a trus...
Blockchain-Based Anonymous Authentication in Edge Computing Environment
Blockchain-Based Anonymous Authentication in Edge Computing Environment
Authentication is an important requirement for the security of edge computing applications. The existing authentication schemes either frequently rely on third-party trusted author...
Deception-Based Security Framework for IoT: An Empirical Study
Deception-Based Security Framework for IoT: An Empirical Study
<p><b>A large number of Internet of Things (IoT) devices in use has provided a vast attack surface. The security in IoT devices is a significant challenge considering c...
A New Hybrid Online and Offline Multi-Factor Cross-Domain Authentication Method for IoT Applications in the Automotive Industry
A New Hybrid Online and Offline Multi-Factor Cross-Domain Authentication Method for IoT Applications in the Automotive Industry
Connected vehicles have emerged as the latest revolution in the automotive industry, utilizing the advent of the Internet of Things (IoT). However, most IoT-connected cars mechanis...
An Efficient Data Collection Path Planning Scheme in Wireless Sensor Networks with Mobile Sinks
An Efficient Data Collection Path Planning Scheme in Wireless Sensor Networks with Mobile Sinks
Abstract
Wireless sensor networks with mobile sinks enable a mobile device to move into the sensing area for the purpose of collecting the sensing data. Mobile sinks increa...