A Secure One-Time Password Authentication Scheme Using Image Texture Features
The internet is a big giant in the today’s world playing the backbone for information and communication technologies. Most of the network application needs a very reliable and one-way authentication process to ensure system resources are securely accessed
- PDF / 1,202,988 Bytes
- 12 Pages / 439.37 x 666.142 pts Page_size
- 75 Downloads / 193 Views
3
School of Medical Science and Technology, Indian Institute of Technology, Kharagpur, India [email protected] 2 Department of Information Technology, DIT University, Dehradun, India Department of E & TC, Marathwada Mitra Mandal’s College of Engineering, Pune, India
Abstract. The internet is a big giant in the today’s world playing the backbone for information and communication technologies. Most of the network application needs a very reliable and one-way authentication process to ensure system resources are securely accessed by authorised users over the Internet. Password-based authentication is the most common mechanism and is easy to implement for authentication purpose. However, such general scheme will be vulnerable to attackers to steal the static credential combination with ease using eavesdropping, brute forcing, password replay, etc. One-time password (OTP) is the promising solutions to overcome from such attacks. It generates the different unique passwords each time for the user login into the system. This paper proposes a novel method of OTP authentication using image features. Here the system calculates different features from randomly selected areas of an image and applies symmetric key cryptography to generate the random OTP for the user. The proposed approach is convenient and computationally less expensive offering high-level security. Keywords: One-time password extraction Encryption
Texture feature
Authentication
Feature
1 Introduction The password based authentication is a most frequently used authentication protocol in today’s era. Since its induction till recent, the password-based authentication has not been toppled by any other approach. The superiority of a network system depends on upon a number of attacks resisted. The attack may be from inside the system or from outside external entity [1]. This paper deals with the prevention of external attacks using one-time password (OTP) approach. OTP system helps in preventing a replay of password attack. S/Keys is one of the most popular examples of OTP authentication. Here, the user will select one seed value (k) and a random number (N) for computing the hash value. © Springer Nature Singapore Pte Ltd. 2016 P. Mueller et al. (Eds.): SSCC 2016, CCIS 625, pp. 283–294, 2016. DOI: 10.1007/978-981-10-2738-3_24
284
M. Maity et al.
Client and server both share a one-way hash function among themselves. The client uses the hash function and applies total N number of times on k to get the final hash value. The server only stores the final hash value and next attempt sequence number (n < N) for a particular user. When a user tries to log in with his login information, the server will send the sequence number to client and client apply (N-n) time hash function on the seed value k. The generated hash value will be sent to the server for validation. The server also applies the hash function to the user’s hash value and matches with the stored hash value. If both values match, then server authenticates the user successfully and upd
Data Loading...