TY - JOUR
T1 - A Secure and Practical Authentication Scheme Using Personal Devices
AU - Alhothaily, Abdulrahman
AU - Hu, Chunqiang
AU - Alrawais, Arwa
AU - Song, Tianyi
AU - Cheng, Xiuzhen
AU - Chen, Dechang
N1 - Publisher Copyright:
© 2013 IEEE.
PY - 2017
Y1 - 2017
N2 - Authentication plays a critical role in securing any online banking system, and many banks and various services have long relied on username/password combos to verify users. Memorizing usernames and passwords for a lot of accounts becomes a cumbersome and inefficient task. Furthermore, legacy authentication methods have failed over and over, and they are not immune against a wide variety of attacks that can be launched against users, networks, or authentication servers. Over the years, data breach reports emphasize that attackers have created numerous high-tech techniques to steal users' credentials, which can pose a serious threat. In this paper, we propose an efficient and practical user authentication scheme using personal devices that utilize different cryptographic primitives, such as encryption, digital signature, and hashing. The technique benefits from the widespread usage of ubiquitous computing and various intelligent portable and wearable devices that can enable users to execute a secure authentication protocol. Our proposed scheme does not require an authentication server to maintain static username and password tables for identifying and verifying the legitimacy of the login users. It not only is secure against password-related attacks, but also can resist replay attacks, shoulder-surfing attacks, phishing attacks, and data breach incidents.
AB - Authentication plays a critical role in securing any online banking system, and many banks and various services have long relied on username/password combos to verify users. Memorizing usernames and passwords for a lot of accounts becomes a cumbersome and inefficient task. Furthermore, legacy authentication methods have failed over and over, and they are not immune against a wide variety of attacks that can be launched against users, networks, or authentication servers. Over the years, data breach reports emphasize that attackers have created numerous high-tech techniques to steal users' credentials, which can pose a serious threat. In this paper, we propose an efficient and practical user authentication scheme using personal devices that utilize different cryptographic primitives, such as encryption, digital signature, and hashing. The technique benefits from the widespread usage of ubiquitous computing and various intelligent portable and wearable devices that can enable users to execute a secure authentication protocol. Our proposed scheme does not require an authentication server to maintain static username and password tables for identifying and verifying the legitimacy of the login users. It not only is secure against password-related attacks, but also can resist replay attacks, shoulder-surfing attacks, phishing attacks, and data breach incidents.
KW - Security
KW - access control
KW - authentication
KW - one-time username
UR - http://www.scopus.com/inward/record.url?scp=85021840703&partnerID=8YFLogxK
U2 - 10.1109/ACCESS.2017.2717862
DO - 10.1109/ACCESS.2017.2717862
M3 - Article
AN - SCOPUS:85021840703
SN - 2169-3536
VL - 5
SP - 11677
EP - 11687
JO - IEEE Access
JF - IEEE Access
M1 - 7954590
ER -