Skip to main content
SpringerLink
Log in

Active One-Time Password Mechanism for User Authentication

  • Conference paper
Grid and Pervasive Computing (GPC 2013)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 7861))

Included in the following conference series:

Abstract

Cloud computing brings novel concepts and various applications for people to use computer on theInternet, where all of above-mentioned concern with user authentication. Password is the most popular approach for user authentication in daily life due to its convenienceand simplicity. However, on Internet, user’s password is easier to suffer from distinct threats and vulnerability. First, for the purpose of easily memorizing, user often selects a weak password and reuses it between different service providers on websites. Without a doubt, an adversary will obtain access to more websites if the password is compromised. Next, an adversary can launch several methods to snatch users’ passwords such as phishing, keyloggers, and malware, and those are hard to be guarded against. In this manuscript, we propose an active one-time password (AOTP) mechanism for user authentication to overcome two abovementioned problems, password stealing and reuse, utilizing cellphone and short message service. Through AOTP, there is no need for additional tokens, card readers and drivers, or unfamiliar security procedures and user can choose any desirous password to register on all websites. Furthermore, we also give some comparison tables to present that the proposed mechanism is better than other similar works.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. TS 23.040: Technical Realization Short Message Service (SMS) 3GPP (Online), http://www.3gpp.org/

  2. I. T. Report, ITU Internet Rep. 2006: Digital.Life (Online) (2006), http://www.itu.int/

  3. One-time password, Wikipedia 2011 (2011), http://en.wikipedia.org/wiki/One-timepassword

  4. Chiasson, S., Forget, A., Stobert, E., van Oorschot, P.C., Biddle, R.: Multiple password interference in text passwords and click-based graphical passwords3. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009, pp. 500–511. ACM, New York (2009)

    Google Scholar 

  5. Dhamija, R., Tygar, J.D., Hearst, M.: Why phishing works. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI 2006, pp. 581–590. ACM, New York (2006)

    Google Scholar 

  6. Florencio, D., Herley, C.: A large-scale study of web password habits. In: Proceedings of the 16th International Conference on World Wide Web, WWW 2007, pp. 657–666. ACM, New York (2007)

    Chapter  Google Scholar 

  7. Gaw, S., Felten, E.W.: Password management strategies for online accounts. In: Proceedings of the 2nd Symposium on Usable Privacy and Security, SOUP 2006, pp. 44–55. ACM, New York (2006)

    Google Scholar 

  8. Halderman, J.A., Waters, B., Felten, E.W.: A convenient method for securely managing passwords. In: Proceedings of the 14th International Conference on World Wide Web, WWW 2005, pp. 471–479. ACM, New York (2005)

    Chapter  Google Scholar 

  9. Holz, T., Engelberth, M., Freiling, F.: Learning more about the underground economy: A case-study of keyloggers and dropzones. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 1–18. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  10. Ives, B., Walsh, K.R., Schneider, H.: The domino effect of password reuse. Commun. ACM 47(4), 75–78 (2004)

    Article  Google Scholar 

  11. Jermyn, I., Mayer, A., Monrose, F., Reiter, M.K., Rubin, A.D.: The design and analysis of graphical passwords. In: Proceedings of the 8th Conference on USENIX Security Symposium, SSYM 1999, vol. 8, p. 1. USENIX Association, Berkeley (1999)

    Google Scholar 

  12. Karlof, C., Shankar, U., Tygar, J.D., Wagner, D.: Dynamic pharming attacks and locked same-origin policies for web browsers. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2007, pp. 58–71. ACM, New York (2007)

    Chapter  Google Scholar 

  13. O’Gorman, L.: Comparing passwords, tokens, and biometrics for user authentication. Proceedings of the IEEE 91(12), 2021–2040 (2003)

    Article  Google Scholar 

  14. Perrig, A., Song, D.: Hash visualization: a new technique to improve real-world security. In: International Workshop on Cryptographic Techniques and E-Commerce, pp. 131–138 (1999)

    Google Scholar 

  15. Pinkas, B., Sander, T.: Securing passwords against dictionary attacks. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, pp. 161–170. ACM, New York (2002)

    Google Scholar 

  16. Provos, N., Mcnamee, D., Mavrommatis, P., Wang, K., Modadugu, N.: The ghost in the browser: Analysis of web-based malware. In: Proceedings of the 1st Conference Workshop on Hot Topics in Understanding Botnets, HotBot 2007, p. 4. USENIX Association, Berkeley (2007)

    Google Scholar 

  17. Sax, U., Kohane, I.S., Mandl, K.D.: Wireless technology infrastructures for authentication of patients: PKI that rings. Journal of the American Medical Informatics Association 12(3), 263–268 (2005)

    Article  Google Scholar 

  18. Thorpe, J., van Oorschot, P.: Towards secure design choices for implementing graphical passwords. In: 20th Annual Computer Security Applications Conference, pp. 50–60 (2004)

    Google Scholar 

  19. Wiedenbeck, S., Waters, J., Birget, J.C., Brodskiy, A., Memon, N.: Passpoints: Design and longitudinal evaluation of a graphical password system. Int. J. Hum.-Comput. Stud. 63(1-2), 102–127 (2005)

    Article  Google Scholar 

  20. Wiedenbeck, S., Waters, J., Sobrado, L., Birget, J.C.: Design and evaluation of a shoulder-surfing resistant graphical password scheme. In: Proceedings of the Working Conference on Advanced Visual Interfaces, AVI 2006, pp. 177–184. ACM, New York (2006)

    Google Scholar 

  21. Yee, K, P., Sitaker, K.: Passpet: Convenient password management and phishing protection. In: Proceedings of the 2nd Symposium on Usable Privacy Security, SOUPS 2006, pp. 32–43. ACM, New York (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, National Sun Yat-sen University, Kaohsiung, Taiwan, R.O.C.

    Chun-I Fan, Chien-Nan Wu & Chi-Yao Weng

  2. 2udg INC., Samoa

    Chung-Yu Lin

Authors
  1. Chun-I Fan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chien-Nan Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Chi-Yao Weng
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chung-Yu Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, Seoul University of Science and Technology (SeoulTech), 139-743, Seoul, Korea

    James J. (Jong Hyuk) Park

  2. Department of Computer Science, University of Georgia, 30602-7404, Athens, GA, USA

    Hamid R. Arabnia

  3. Department of Computer Science and Engineering, Sejong University, 143-747, Seoul, Korea

    Cheonshik Kim

  4. Department of Computer Science, Wayne State University, 48202, Detroit, MI, USA

    Weisong Shi

  5. School of Information Technology Engineering, Catholic University of Daegu, 712-702, Gyeongsan-si, Gyeongbuk, Korea

    Joon-Min Gil

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Fan, CI., Wu, CN., Weng, CY., Lin, CY. (2013). Active One-Time Password Mechanism for User Authentication. In: Park, J.J.(.H., Arabnia, H.R., Kim, C., Shi, W., Gil, JM. (eds) Grid and Pervasive Computing. GPC 2013. Lecture Notes in Computer Science, vol 7861. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38027-3_49

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-38027-3_49

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-38026-6

  • Online ISBN: 978-3-642-38027-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation