Academia.edu no longer supports Internet Explorer.
To browse Academia.edu and the wider internet faster and more securely, please take a few seconds to upgrade your browser.
Information technology users are increasingly dependent on mobile devices while computers are stationed in offices and cyber cafes. Most of these mobile devices like smartphones use location applications such as Google maps for reporting their locations. With computers in offices and cyber cafes, and people able to log in to other accounts in their mobile devices, it is likely that a trusted workmate who gets access to your authentication credentials i.e. user name and password to use them to access, interfere, or copy your work in your absence. With the mobile device able to report your location, security can be improved by integrating location based intelligence with password authentication. This technique works by comparing the location of a person’s mobile device and where the log in attempt is being made. If the two match then log in succeeds but if the two locations are different, log in does not succeed.
A secure network depends in part on user authentication and regrettably the authentication systems currently in use are not completely safe. However, the user is not the only party that needs to be authenticated to ensure the security of transactions on the Internet. Existing OTP mechanism cannot guarantee reuse of user's account by an adversary, re-use stolen user's device which is used in the process of authentication, and non-repudiation. This paper proposed mechanism of multi factor for secure electronic authentication. It intends to authenticate both of user and mobile device and guarantee non-repudiation, integrity of OTP from obtaining it by an adversary. The proposal can guarantee the user’s credentials by ensuring the user’s authenticity of identity and checking that the mobile device is in the right hands before sending the OTP to the user. This would require each user having a unique phone number and a unique mobile device (unique International Mobile Equipment Identity (IMEI)), in addition to an ID card number. By leveraging existing communication infrastructures, the mechanism would be able to guarantee the safety of electronic authentication, and to confirm that it demonstrates excellence in non-repudiation, authenticate user and mobile device which are used in the process of authentication, certification strength and also in comparison and analysis through experimenting with existing OTP mechanisms. https://sites.google.com/site/ijcsis/
International Journal of Wireless Communications and Mobile Computing, 2013
Mobile devices are becoming more pervasive and more advanced with respect to their processing power and memory size. Relying on the personalized and trusted nature of such devices, security features can be deployed on them in order to uniquely identify a user to a service provider. In this paper, we present a strong authentication mechanism that exploits the use of mobile devices to provide a two-aspect authentication system. Our approach uses a combination of onetime passwords, as the first authentication aspect, and credentials stored on a mobile device, as the second aspect, to offer a strong and secure authentication approach. By Adding an SMS-based mechanism is implemented as both a backup mechanism for retrieving the password and as a possible mean of synchronization. We also present an analysis of the security and usability of this mechanism. The security protocol is analyzed against an adversary model; this evaluation proves that our method is safe against various attacks, most importantly key logging, shoulder surfing, and phishing attacks. Our simulation result evaluation shows that, although our technique does add a layer of indirectness that lessens usability; participants were willing to trade-off that usability for enhanced security once they became aware of the potential threats when using an untrusted computer.
Abstract: Text based password is most commonly used user authentication .To log on to websites, users must memorize the selected password. Password based authentication can resist brute force and dictionary attacks, if they select a stronger password but users often select weak password for their convenience and remembrance. They reuse password in different sites for simplicity, it would make the attacker to find their passwords in different sites. These are caused by the negative impact of human behavior. Typing password on untrusted computers suffers from stealing of password i.e. shoulder surfing. Then researchers have designed graphical password which made attackers to find out the commonly selective areas (Hotspots). Some researchers have focused on three-factor authentication for reliability and depends on password, token, biometric. For this authentication, the user must input a password and provide a pass code generated by the token, and scan her biometric features (e.g., fingerprint). This is a comprehensive defense mechanism against password stealing attacks, but it requires high cost. Another user authentication is Opass, which uses a cell phone to enter the password. The password that is entered by the user is converted to a one-time password and in this system it provides more security by enabling a encryption for the converted one-time password. By using the cell phone and providing an encryption, the security can be increased. This would reduce the user from remembering from many passwords and thus reduce the password stealing. The user can then successfully enter to their website and enjoy the accessibility. This reduces the negative influence of human factors compared to previous schemes, and is the first user authentication protocol to prevent password stealing (i.e., phishing, keylogger, and malware) and also prevent password reuse attacks simultaneously. Index Terms: Password reuse attack, password stealing attack, user authentication, Hash function.
2011
Personal Computers now a day are widely used as workstations on many organizations networks. Hence, the securities of the workstations become an integral part of the overall security of the network. Consequently, any good access control solution should be designed in such a manner that key information cannot be retrieved without proper authentication. RFID can be used an alternative for providing extended user authentication. This study believes that the most secure methods include storing the access information on another secure device such as a smart card, or an RFID tag. Standard operations require that workstation to be configured in a way that involves interactive user authentication is instead of an automatic login where the password is stored on the workstation. Using an RFID system will insure that this requirement is kept intact. Many security systems fail not because of technical reasons, but because of the people who could protect a system were not following the basic sec...
MicroWave International Journal of Science and Technology Vol.6 No. 2014, 2014
Internet banking has become a new trend in the Nigerian banking system for a couple of years now. This has made financial transactions involving intra and interbank debit and credit transactions to be flexible and on the go. To this end, moving large sums of money between accounts is seen to be easier and faster with the added security of privacy. However, the introduction of internet banking has significant security concerns. Since a user is authenticated with nominal details such as username and password, there is the likelihood of identify spoofing, brute force and dictionary attacks. Most transactions for internet banking are done on websites that use the conventional hypertext transfer protocol (HTTP) for communications without deploying the added security layer of Secure Socket Layer/Transport Layer Security (SSL/TLS), which ensures the encryption of the packets transmitted between the client and the server. It is a well known fact that using HTTP transmits contents in the clear, which can be easily intercepted using man in the middle attacks. There is the need, therefore, to adopt a more secure means of transmitting transaction information of customers over the Internet such that the transmitting tunnel makes the contents unintelligible to a malicious user in the event of the interception of the transmitted data. The focus of this paper will be to discuss the various technologies deployed for enhancing the secure delivery of online-based transactions with emphasis on the Nigerian banking system. The paper will also adopt a user authentication method based on a two-factor authentication mechanism, which allows users to securely log into their online accounts using a two-factor authentication method.
Access to computer systems is most often based on the use of alphanumeric passwords. However, users have difficulty remembering a password that is long and random-appearing. Instead, they create short, simple, and insecure passwords. Today, most Internet applications still establish user authentication with traditional text depended passwords. From the long time there is research to design a secure and user-friendly password method for the security reasons. On the other hand, there are password manager programs which facilitate generating site-specific strong passwords from a single user password to eliminate the memory burden due to more than one password. On the other hand, there are studies exploring the operability of graphical passwords as a more secure and good user-friendly alternative. Image Code Password has been designed to try to make passwords more memorable and easier for people to use and, therefore, more secure. Using an image code as password, users selects on image code rather than type alphanumeric characters.
2007
The number of different identities and credentials used for authentication towards services on the Internet has increased beyond the manageable. Still, the most common authentication scheme is based on usernames and passwords. This is a weak authentication mechanism, which can be broken by eavesdropping on the network connection or by sloppy handling by the users (e.g. re-use of the same password for different services, writing down the passwords on paper etc.). Also, management of user credentials is a costly task for most companies, estimated by IDC to around 200-300 USD pr. user/year. Hence, better solutions for simplified, yet secure authentication, is required in the future. This paper proposes and describes an authentication scheme based on a One-Time Password (OTP) MIDlet running on a mobile phone for unified authentication towards any type of service on the Internet.
DergiPark (Istanbul University), 1997
Book chapter in Khalid Arar, Rania Sawalhi, Amaarah DeCuir and Tasneem Amatullah (eds.), Islamic-based Educational Leadership, Administration and Management: Challenging Expectations Through Global Critical Insights (London and New York: Routledge, 2023), pp. 247-264., 2023
Anthropologie & Santé, 15, 2017
Aplicaciones de la mecánica de fluidos, 2020
Review of Evolutionary Political Economy, 2024
Hungarian Review, 2014
International Journal of Chemical Studies, 2020
Metaphors in the Prophetic Literature of the Hebrew Bible and Beyond, 2023
Berkala Fisika Indonesia : Jurnal Ilmiah Fisika, Pembelajaran dan Aplikasinya, 2017
Asian-Australasian journal of animal sciences, 2013
bioRxiv (Cold Spring Harbor Laboratory), 2024
Journal of Molecular Evolution, 1992
EMERGENT TECHNOLOGIES: NEW MEDIA AND URBAN LIFE, 2020