Abstract
Cloud computing brings novel concepts and various applications for people to use computer on theInternet, where all of above-mentioned concern with user authentication. Password is the most popular approach for user authentication in daily life due to its convenienceand simplicity. However, on Internet, user’s password is easier to suffer from distinct threats and vulnerability. First, for the purpose of easily memorizing, user often selects a weak password and reuses it between different service providers on websites. Without a doubt, an adversary will obtain access to more websites if the password is compromised. Next, an adversary can launch several methods to snatch users’ passwords such as phishing, keyloggers, and malware, and those are hard to be guarded against. In this manuscript, we propose an active one-time password (AOTP) mechanism for user authentication to overcome two abovementioned problems, password stealing and reuse, utilizing cellphone and short message service. Through AOTP, there is no need for additional tokens, card readers and drivers, or unfamiliar security procedures and user can choose any desirous password to register on all websites. Furthermore, we also give some comparison tables to present that the proposed mechanism is better than other similar works.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
TS 23.040: Technical Realization Short Message Service (SMS) 3GPP (Online), http://www.3gpp.org/
I. T. Report, ITU Internet Rep. 2006: Digital.Life (Online) (2006), http://www.itu.int/
One-time password, Wikipedia 2011 (2011), http://en.wikipedia.org/wiki/One-timepassword
Chiasson, S., Forget, A., Stobert, E., van Oorschot, P.C., Biddle, R.: Multiple password interference in text passwords and click-based graphical passwords3. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009, pp. 500–511. ACM, New York (2009)
Dhamija, R., Tygar, J.D., Hearst, M.: Why phishing works. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI 2006, pp. 581–590. ACM, New York (2006)
Florencio, D., Herley, C.: A large-scale study of web password habits. In: Proceedings of the 16th International Conference on World Wide Web, WWW 2007, pp. 657–666. ACM, New York (2007)
Gaw, S., Felten, E.W.: Password management strategies for online accounts. In: Proceedings of the 2nd Symposium on Usable Privacy and Security, SOUP 2006, pp. 44–55. ACM, New York (2006)
Halderman, J.A., Waters, B., Felten, E.W.: A convenient method for securely managing passwords. In: Proceedings of the 14th International Conference on World Wide Web, WWW 2005, pp. 471–479. ACM, New York (2005)
Holz, T., Engelberth, M., Freiling, F.: Learning more about the underground economy: A case-study of keyloggers and dropzones. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 1–18. Springer, Heidelberg (2009)
Ives, B., Walsh, K.R., Schneider, H.: The domino effect of password reuse. Commun. ACM 47(4), 75–78 (2004)
Jermyn, I., Mayer, A., Monrose, F., Reiter, M.K., Rubin, A.D.: The design and analysis of graphical passwords. In: Proceedings of the 8th Conference on USENIX Security Symposium, SSYM 1999, vol. 8, p. 1. USENIX Association, Berkeley (1999)
Karlof, C., Shankar, U., Tygar, J.D., Wagner, D.: Dynamic pharming attacks and locked same-origin policies for web browsers. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2007, pp. 58–71. ACM, New York (2007)
O’Gorman, L.: Comparing passwords, tokens, and biometrics for user authentication. Proceedings of the IEEE 91(12), 2021–2040 (2003)
Perrig, A., Song, D.: Hash visualization: a new technique to improve real-world security. In: International Workshop on Cryptographic Techniques and E-Commerce, pp. 131–138 (1999)
Pinkas, B., Sander, T.: Securing passwords against dictionary attacks. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, pp. 161–170. ACM, New York (2002)
Provos, N., Mcnamee, D., Mavrommatis, P., Wang, K., Modadugu, N.: The ghost in the browser: Analysis of web-based malware. In: Proceedings of the 1st Conference Workshop on Hot Topics in Understanding Botnets, HotBot 2007, p. 4. USENIX Association, Berkeley (2007)
Sax, U., Kohane, I.S., Mandl, K.D.: Wireless technology infrastructures for authentication of patients: PKI that rings. Journal of the American Medical Informatics Association 12(3), 263–268 (2005)
Thorpe, J., van Oorschot, P.: Towards secure design choices for implementing graphical passwords. In: 20th Annual Computer Security Applications Conference, pp. 50–60 (2004)
Wiedenbeck, S., Waters, J., Birget, J.C., Brodskiy, A., Memon, N.: Passpoints: Design and longitudinal evaluation of a graphical password system. Int. J. Hum.-Comput. Stud. 63(1-2), 102–127 (2005)
Wiedenbeck, S., Waters, J., Sobrado, L., Birget, J.C.: Design and evaluation of a shoulder-surfing resistant graphical password scheme. In: Proceedings of the Working Conference on Advanced Visual Interfaces, AVI 2006, pp. 177–184. ACM, New York (2006)
Yee, K, P., Sitaker, K.: Passpet: Convenient password management and phishing protection. In: Proceedings of the 2nd Symposium on Usable Privacy Security, SOUPS 2006, pp. 32–43. ACM, New York (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Fan, CI., Wu, CN., Weng, CY., Lin, CY. (2013). Active One-Time Password Mechanism for User Authentication. In: Park, J.J.(.H., Arabnia, H.R., Kim, C., Shi, W., Gil, JM. (eds) Grid and Pervasive Computing. GPC 2013. Lecture Notes in Computer Science, vol 7861. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38027-3_49
Download citation
DOI: https://doi.org/10.1007/978-3-642-38027-3_49
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38026-6
Online ISBN: 978-3-642-38027-3
eBook Packages: Computer ScienceComputer Science (R0)