CFP last date
20 January 2025
Reseach Article

M-Pass: Web Authentication Protocol Resistant to Malware and Phishing

by Ajinkya S. Yadav, A. K. Gupta
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 92 - Number 6
Year of Publication: 2014
Authors: Ajinkya S. Yadav, A. K. Gupta
10.5120/16010-4744

Ajinkya S. Yadav, A. K. Gupta . M-Pass: Web Authentication Protocol Resistant to Malware and Phishing. International Journal of Computer Applications. 92, 6 ( April 2014), 1-5. DOI=10.5120/16010-4744

@article{ 10.5120/16010-4744,
author = { Ajinkya S. Yadav, A. K. Gupta },
title = { M-Pass: Web Authentication Protocol Resistant to Malware and Phishing },
journal = { International Journal of Computer Applications },
issue_date = { April 2014 },
volume = { 92 },
number = { 6 },
month = { April },
year = { 2014 },
issn = { 0975-8887 },
pages = { 1-5 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume92/number6/16010-4744/ },
doi = { 10.5120/16010-4744 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T22:13:32.755458+05:30
%A Ajinkya S. Yadav
%A A. K. Gupta
%T M-Pass: Web Authentication Protocol Resistant to Malware and Phishing
%J International Journal of Computer Applications
%@ 0975-8887
%V 92
%N 6
%P 1-5
%D 2014
%I Foundation of Computer Science (FCS), NY, USA
Abstract

In this digital world all information and data is kept safe by passwords. The simple and convenient format of password is in the form of text. But, text passwords are not always strong enough and under different vulnerabilities they are very easily stolen and changed. When a person creates a weak password or same password is reused in many sites it may be possible that others can acquire that password. If one password is stolen, then it is possible that it can be used for all the websites. This phenomenon is known as the Domino Effect. Another possible risky attacks are related to phishing, malware and key loggers etc. A protocol is designed which makes use of the user's customer's mobile i. e. cellular phone and SMS (short message service) to ensure protection against password stealing attacks. This user authentication protocol is named as m-Pass. The unique phone number is required which will be possessed by each participating website. The telecommunication service provider plays important role in the registration and the recovery phases. The main theme is to reduce the password reuse attack. It works with one time password technology, and results in reduction of the password validity time. The results show improvement in performance of the security.

References
  1. Hung-Min Sun, Yao-Hsin Chen, and Yue-Hsin Lin "oPass: A User Authentication Protocol Resistant to Password Stealing and Password Reuse Attack", in IEEE Transaction Vol 7, No. 2, April 2012.
  2. S. Gawand E. W. Felten, "Password management strategies for online accounts," in SOUPS '06: Proc. 2nd Symp. Usable Privacy. Security, New York, 2006, pp. 44–55, ACM.
  3. D. Florencio and C. Herley, "A large-scale study of web password habits," in WWW '07: Proc. 16th Int. Conf. World Wide Web, New York, 2007, pp. 657–666, ACM.
  4. B. Ives, K. R. Walsh, and H. Schneider, "The domino effect of password reuse," Commun. ACM, vol. 47, no. 4, pp. 75–78, 2004.
  5. S. Chiasson, A. Forget, E. Stobert, P. C. van Oorschot, and R. Biddle, "Multiple password interference in text passwords and click-based graphical passwords," in CCS '09: Proc. 16th ACM Conf. Computer Communications Security, New York, 2009, pp. 500–511, ACM
  6. I. Jermyn, A. Mayer, F. Monrose, M. K. Reiter, and A. D. Rubin, "The design and analysis of graphical passwords," in SSYM'99: Proc. 8th Conf. USENIX Security Symp. , Berkeley, CA, 1999, pp. 1–1, USENIX Association.
  7. A. Perrig and D. Song, "Hash visualization: A new technique to improve real-world security," in Proc. Int. Workshop Cryptographic Techniques E-Commerce, Citeseer, 1999, pp. 131–138. .
  8. S. Wiedenbeck, J. Waters, J. -C. Birget, A. Brodskiy, and N. Memon, "Passpoints: Design and longitudinal evaluation of a graphical password system," Int. J. Human-Computer Studies, vol. 63, no. 1–2, pp. 102–127, 2005. .
  9. Mohammad Mannan, University of Toronto, Canada, and P. C. van Oorschot, Carleton University, Canada "Leveraging Personal Devices for Stronger Password Authentication from Untrusted Computers"
  10. S. Wiedenbeck, J. Waters, L. Sobrado, and J. -C. Birget, "Design and evaluation of a shoulder-surfing resistant graphical password scheme," in AVI '06: Proc. Working Conf. Advanced Visual Interfaces, New York, 2006, pp. 177–184, ACM.
Index Terms

Computer Science
Information Sciences

Keywords

Network Security m-Pass Phishing authentication