Abstract
Cloud computing is widely used by many users, so any one must be authenticated before accessing any service into the cloud. In this paper, a two-factor authentication scheme is proposed to authenticate users in cloud computing. The first factor uses the traditional user name and password, while the second factor uses one time password, which is valid for only one login session or transaction. During the registration phase, user must choose a user name and a password in addition to specify 4 cells from a 3 × 3 grid to use its containing characters when logging into the system. At the login phase, the user inputs his user name and password then, a grid with random numbers is displayed to him, and he must input the sequence of characters chosen during the registration phase. These characters represent the one time password which is changed every login. The results show that the proposed scheme can resist practical attacks, easy for users, does not have strong constrains, and does not require specific extra hardware.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Hashizume, K., Rosado, D.G., Medina, E.F., Femandez, E.B.: An analysis of security issues for cloud computing. J. Internet Serv. Appl. 4(1), 1 (2013)
Yan, X., Zhang, X., Chen, T., Zhao, H., Li, X.: The research and design of cloud computing security framework. In: Wu, Y. (eds.) Advances in Computer, Communication, Control and Automation. Lecture Notes in Electrical Engineering (LNEE), vol. 121. Springer, Heidelberg (2011)
Eminagaoglu, M., Cini, E., Sert, G., Zor, D.: A two-factor authentication system with QR codes for web and mobile application. In: 5th International Conference on Emerging Security Technologies, Turkey, 10–12 September, pp. 105–112. IEEE (2014)
Sun, H., Chen, S., Yeh, J., Cheng, C.: A shoulder surfing resistant graphical authentication system. J. Trans. Dependable Secure Comput. 99, 1 (2016)
Devki, P., Rao, R.: A novel way of ICON based authentication methods. In: Proceedings of International Advance Computing Conference (IACC), India, 12–13 June, pp. 449–453. IEEE (2015)
Laghari, A., Rehman, W.U., Memon, Z.A.: Biometric authentication technique using smartphone sensor. In: 13th International Bhurban Conference on Applied Sciences and Technology (IBCAST), Islamabad, Pakistan, 12–16 January, pp. 381–384. IEEE (2016)
Cotta, L., Fernandes, A.L., Melo, L.T.C., Saggioro, L.F.Z., Martins, F., Neto, A.L.M., Loureiro, A.A.F., Cunha, I., Oliveira, L.B.: User authentication for smart devices based on nomadic keys. In: International Conference on Communication (ICC), Communication and Information Systems Security Symposium, Kuala Lumpur, Malaysia, 22–27 May, pp. 1–6. IEEE (2016)
Kim, T., Yi, J.H., Seo, C.: Spyware resistant smartphone user authentication scheme. Int. J. Distrib. Sensor Netw. 2014, 1–8 (2014)
Kumari, S., Om, H.: Remote login authentication scheme based on bilinear and fingerprint. J. Trans. Internet Inf. Syst. KSII 9(12), 4987–5014 (2015)
Kang, D., Jung, J., Mun, J., Lee, D., Choi, Y., Won, D.: Efficient and robust user authentication scheme that achieve user anonymity with a Markov chain. J. Secur. Commun. Netw. 9(11), 1462–1476 (2016)
Reddy, A.G., Yoon, E., Das, A.K., Yoo, K.: Light weight authentication with key-agreement protocol for mobile network environment using smart cards. IET Inf. Secur. 10(5), 272–282 (2016)
Leu, J., Hsieh, W.: Efficient and secure dynamic ID-based remote user authentication scheme for distributed systems using smart cards. IET Inf. Secur. 8(2), 104–113 (2014)
Jeong, Y., Park, J.S., Park, J.H.: An efficient authentication system of smart device using multi factors in mobile cloud service architecture. Int. J. Commun. Syst. 28(4), 659–674 (2015)
Amin, R., Hafizul, S., Biswas, G.P., Giri, D., Khan, M.K., Kumar, N.: A more secure and privacy-aware anonymous user authentication scheme for distributed mobile cloud computing environments. J. Secur. Commun. Netw. 9(17), 4650–4666 (2016)
Paranjape, V., Pandey, V.: An approach towards security in private cloud using OTP. Int. J. Emerg. Technol. Adv. Eng. 3(3), 683–687 (2013)
Acharya, S., Polawar, A., Pawar, P.Y.: Two factor authentication using smartphone generated one time password. IOSR J. Comput. Eng. (IOSR-JCE) 11(2), 85–90 (2013)
Mohamed, E.M., Abdelkader, H.S., El-Etriby, S.: Data security model for cloud computing. In: 12th International Conference on Networks (ICN), pp. 66–74, Seville, Spain, 27 January–1 February 2013 (2013)
Yeh, H., Chen, B., Wu, Y.: Mobile user authentication system in cloud environment. J. Secur. Commun. Netw. 6(9), 1161–1168 (2013)
Marimuthu, K., Gopal, D.G., Kanth, K.S., Setty, S., Tainwala, K.: Scalable and secure data sharing for dynamic groups in cloud. In: International Conference on Advanced Communication Control and Computing Technologies (ICACCCT), Ramanathapuram, India, 8–10 May, pp. 1697–1701. IEEE (2014)
Raza, M., Iqbal, M., Sharif, M., Haider, W.: A survey of password attacks and comparative analysis on methods for secure authentication. World Appl. Sci. J. 19(4), 439–444 (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
El-sherif, S.H., Abdel-kader, R.F., Rizk, R.Y. (2019). Two-Factor Authentication Scheme Using One Time Password in Cloud Computing. In: Hassanien, A., Tolba, M., Shaalan, K., Azar, A. (eds) Proceedings of the International Conference on Advanced Intelligent Systems and Informatics 2018. AISI 2018. Advances in Intelligent Systems and Computing, vol 845. Springer, Cham. https://doi.org/10.1007/978-3-319-99010-1_39
Download citation
DOI: https://doi.org/10.1007/978-3-319-99010-1_39
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-99009-5
Online ISBN: 978-3-319-99010-1
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)