A new One-time Password Method

AbstractOne-Time Passwords (OTP) can provide complete protection of the login-time authentication mechanism against replay attacks. In this paper, we propose TSOTP: a new effective simple OTP method that generates a unique passcode for each use. The calculation uses both time stamps and sequence numbers. A two-factor authentication prototype for mobile phones using this method has been developed and has been used in practice for a year

Password Cracking and Countermeasures in Computer Security: A Survey

With the rapid development of internet technologies, social networks, and other related areas, user authentication becomes more and more important to protect the data of the users. Password authentication is one of the widely used methods to achieve authentication for legal users and defense against intruders. There have been many password cracking methods developed during the past years, and people have been designing the countermeasures against password cracking all the time. However, we find that the survey work on the password cracking research has not been done very much. This paper is mainly to give a brief review of the password cracking methods, import technologies of password cracking, and the countermeasures against password cracking that are usually designed at two stages including the password design stage (e.g. user education, dynamic password, use of tokens, computer generations) and after the design (e.g. reactive password checking, proactive password checking, password encryption, access control). The main objective of this work is offering the abecedarian IT security professionals and the common audiences with some knowledge about the computer security and password cracking, and promoting the development of this area.Comment: add copyright to the tables to the original authors, add acknowledgement to helpe

A Review on Noisy Password, Voiceprint Biometric and One-Time-Password

AbstractIn this paper, we review the Noisy password, Voiceprint biometric and One-Time-Password. The most common method used for authentication is static passwords. The traditional passwords are vulnerable to dictionary attacks, shoulder surfing and eves dropping. The noisy passwords can be used as an alternative to the static password. The noisy password attempts to mitigate above mentioned problems. The biometric technique like fingerprints, palm-vein scan, etc. can be used for personal recognition. But as compared to other biometric, Voiceprint requires less implementation cost. E-commerce application uses One-Time-Password to perform E-transaction. Hence it becomes necessary to provide security while transmitting the OTP

Graphical One-Time Password (GOTPass): A usability evaluation

Journal has two ISSNs: 1939-3555 (Print), 1939-3547 (Online)Complying with a security policy often requires users to create long and complex passwords to protect their accounts. However, remembering such passwords is difficult for many and may lead to insecure practices, such as choosing weak passwords or writing them down. In addition, they are vulnerable to various types of attacks, such as shoulder surfing, replay, and keylogger attacks (Gupta, Sahni, Sabbu, Varma, & Gangashetty, 2012) One-Time Passwords (OTPs) aim to overcome such problems (Gupta et al., 2012); however, most implemented OTP techniques require special hardware, which not only adds cost, but there are also issues regarding its availability (Brostoff, Inglesant, & Sasse, 2010). In contrast, the use of graphical passwords is an alternative authentication mechanism designed to aid memorability and ease of use, often forming part of a multifactor authentication process. This article is complementary to the earlier work that introduced and evaluated the security of the new hybrid user-authentication approach: Graphical One-Time Password (GOTPass) (Alsaiari et al., 2015). The scheme aims to combine the usability of recognition-based and draw-based graphical passwords with the security of OTP. The article presents the results of an empirical user study that investigates the usability features of the proposed approach, as well as pretest and posttest questionnaires. The experiment was conducted during three separate sessions, which took place over five weeks, to measure the efficiency, effectiveness, memorability, and user satisfaction of the new scheme. The results showed that users were able to easily create and enter their credentials as well as remember them over time. Participants carried out a total of 1,302 login attempts with a 93% success rate and an average login time of 24.5s

PALPAS - PAsswordLess PAssword Synchronization

Tools that synchronize passwords over several user devices typically store the encrypted passwords in a central online database. For encryption, a low-entropy, password-based key is used. Such a database may be subject to unauthorized access which can lead to the disclosure of all passwords by an offline brute-force attack. In this paper, we present PALPAS, a secure and user-friendly tool that synchronizes passwords between user devices without storing information about them centrally. The idea of PALPAS is to generate a password from a high entropy secret shared by all devices and a random salt value for each service. Only the salt values are stored on a server but not the secret. The salt enables the user devices to generate the same password but is statistically independent of the password. In order for PALPAS to generate passwords according to different password policies, we also present a mechanism that automatically retrieves and processes the password requirements of services. PALPAS users need to only memorize a single password and the setup of PALPAS on a further device demands only a one-time transfer of few static data.Comment: An extended abstract of this work appears in the proceedings of ARES 201

One Time Password Scheme Via Secret Sharing Techniques

Many organizations today are seeking to improve security by implementing multi-factor authentication, i.e. authentication requiring more than one independent mechanism to prove one\u27s identity. One-time passwords in the form of hardware tokens in combination with conventional passwords have emerged as the predominant means in high security environments to satisfy the independent identification criteria for strong authentication. However, current popular public one-time passwords solutions such as HOTP, mOTP, TOTP, and S/Key depend on the computational complexity of breaking encryption or hash functions for security. This thesis will present an efficient and information-theoretically secure one-time password system called Shamir-OTP that is based upon secret sharing techniques

One-Time Password Implementation on Lego Mindstorms NXT

One of the factors that affect the security of a network or system is user authentication and unfortunately at times it can be said not safe anymore. Brute force attacks on password systems are dominant (static) potential to penetrate network security or user authentication system. One way to overcome these drawbacks is to use the One Time Password (OTP) algorithm. OTP is a password security system using dynamic passwords. The password will be valid only for a session only, and so want to get into the next session, the password will be changed to the sequence/combination in accordance with certain rules or randomly determined by the user. In this research, author will be analyzed how the reliability of the OTP algorithm by applying it to a LEGO Mindstorm robot. The robot will be designed into a system where the user will be safe to enter the default password then the system will change the password every session. The results of the questionnaire showed that 81% users feel more secure, but more 60% said difficult to do because the user must perform the calculations in advance to enter the password

Enhancement of a simple user authentication scheme for grid computing

Grid computing means a multiple independent computing, because it is composed of resource nodes not located within a single administrative domain. The goal of grid is to only provide secure grid service resources to legal users. Even though grid computing is more than just a technology to abet high performance computing, it is still have some issues to concerns and cares. One of the issues is security issues. Authentication is important part in grid security. Other process in grid are depends on authentication. The aim of this project is to enhance the method of password based authentication scheme and to get better password based authentication scheme in grid computing environment through its time complexity. In this project, the study is done on the existing grid security infrastructure and existing password based authentication scheme. Password Enable Certificate Free Grid Security Infrastructure (PECF-GSI) and A Simple User Authentication Scheme has been selected as the reference for the enhanced authentication scheme. Comparative study and pre-lab testing on A Simple User Authentication Scheme and PECF-GSI has been done in the research methodology. Finally, the enhanced authentication scheme has been designed, developed and tested based on four time complexity notations that are time for modular multiplication, time for multiplication of a number and an elliptic curve point, time for hashing operation and time for inversion. This project has achieved the aim, the scope and the objectives of the project by showing a good performance in terms of time complexity