A Secure and Practical Authentication Scheme Using Personal Devices

Abdulrahman Alhothaily, Chunqiang Hu*, Arwa Alrawais, Tianyi Song, Xiuzhen Cheng, Dechang Chen

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

27 Scopus citations


Authentication plays a critical role in securing any online banking system, and many banks and various services have long relied on username/password combos to verify users. Memorizing usernames and passwords for a lot of accounts becomes a cumbersome and inefficient task. Furthermore, legacy authentication methods have failed over and over, and they are not immune against a wide variety of attacks that can be launched against users, networks, or authentication servers. Over the years, data breach reports emphasize that attackers have created numerous high-tech techniques to steal users' credentials, which can pose a serious threat. In this paper, we propose an efficient and practical user authentication scheme using personal devices that utilize different cryptographic primitives, such as encryption, digital signature, and hashing. The technique benefits from the widespread usage of ubiquitous computing and various intelligent portable and wearable devices that can enable users to execute a secure authentication protocol. Our proposed scheme does not require an authentication server to maintain static username and password tables for identifying and verifying the legitimacy of the login users. It not only is secure against password-related attacks, but also can resist replay attacks, shoulder-surfing attacks, phishing attacks, and data breach incidents.

Original languageEnglish
Article number7954590
Pages (from-to)11677-11687
Number of pages11
JournalIEEE Access
StatePublished - 2017
Externally publishedYes


  • Security
  • access control
  • authentication
  • one-time username


Dive into the research topics of 'A Secure and Practical Authentication Scheme Using Personal Devices'. Together they form a unique fingerprint.

Cite this