The week's pick
Random Articles
Reseach Article
M-Pass: Web Authentication Protocol Resistant to Malware and Phishing
| International Journal of Computer Applications |
| Foundation of Computer Science (FCS), NY, USA |
| Volume 92 - Number 6 |
| Year of Publication: 2014 |
| Authors: Ajinkya S. Yadav, A. K. Gupta |
10.5120/16010-4744
|
Ajinkya S. Yadav, A. K. Gupta . M-Pass: Web Authentication Protocol Resistant to Malware and Phishing. International Journal of Computer Applications. 92, 6 ( April 2014), 1-5. DOI=10.5120/16010-4744
Abstract
In this digital world all information and data is kept safe by passwords. The simple and convenient format of password is in the form of text. But, text passwords are not always strong enough and under different vulnerabilities they are very easily stolen and changed. When a person creates a weak password or same password is reused in many sites it may be possible that others can acquire that password. If one password is stolen, then it is possible that it can be used for all the websites. This phenomenon is known as the Domino Effect. Another possible risky attacks are related to phishing, malware and key loggers etc. A protocol is designed which makes use of the user's customer's mobile i. e. cellular phone and SMS (short message service) to ensure protection against password stealing attacks. This user authentication protocol is named as m-Pass. The unique phone number is required which will be possessed by each participating website. The telecommunication service provider plays important role in the registration and the recovery phases. The main theme is to reduce the password reuse attack. It works with one time password technology, and results in reduction of the password validity time. The results show improvement in performance of the security.
References
- Hung-Min Sun, Yao-Hsin Chen, and Yue-Hsin Lin "oPass: A User Authentication Protocol Resistant to Password Stealing and Password Reuse Attack", in IEEE Transaction Vol 7, No. 2, April 2012.
- S. Gawand E. W. Felten, "Password management strategies for online accounts," in SOUPS '06: Proc. 2nd Symp. Usable Privacy. Security, New York, 2006, pp. 44–55, ACM.
- D. Florencio and C. Herley, "A large-scale study of web password habits," in WWW '07: Proc. 16th Int. Conf. World Wide Web, New York, 2007, pp. 657–666, ACM.
- B. Ives, K. R. Walsh, and H. Schneider, "The domino effect of password reuse," Commun. ACM, vol. 47, no. 4, pp. 75–78, 2004.
- S. Chiasson, A. Forget, E. Stobert, P. C. van Oorschot, and R. Biddle, "Multiple password interference in text passwords and click-based graphical passwords," in CCS '09: Proc. 16th ACM Conf. Computer Communications Security, New York, 2009, pp. 500–511, ACM
- I. Jermyn, A. Mayer, F. Monrose, M. K. Reiter, and A. D. Rubin, "The design and analysis of graphical passwords," in SSYM'99: Proc. 8th Conf. USENIX Security Symp. , Berkeley, CA, 1999, pp. 1–1, USENIX Association.
- A. Perrig and D. Song, "Hash visualization: A new technique to improve real-world security," in Proc. Int. Workshop Cryptographic Techniques E-Commerce, Citeseer, 1999, pp. 131–138. .
- S. Wiedenbeck, J. Waters, J. -C. Birget, A. Brodskiy, and N. Memon, "Passpoints: Design and longitudinal evaluation of a graphical password system," Int. J. Human-Computer Studies, vol. 63, no. 1–2, pp. 102–127, 2005. .
- Mohammad Mannan, University of Toronto, Canada, and P. C. van Oorschot, Carleton University, Canada "Leveraging Personal Devices for Stronger Password Authentication from Untrusted Computers"
- S. Wiedenbeck, J. Waters, L. Sobrado, and J. -C. Birget, "Design and evaluation of a shoulder-surfing resistant graphical password scheme," in AVI '06: Proc. Working Conf. Advanced Visual Interfaces, New York, 2006, pp. 177–184, ACM.
Index Terms
Keywords