Title :
Seed-based authentication
Author :
Nassar, Nader ; Li-Chiou Chen
Author_Institution :
Sch. of Comput. Sci. & Inf. Syst., Pace Univ., New York, NY, USA
Abstract :
Although web user authentication via username/password is widely used, this approach has many drawbacks. For example, users have to memorize textual passwords and to change the passwords frequently. Most importantly many users save their passwords in plain text that can potentially be exploited later. In this paper we proposed a new method for web applications to enhance user authentication that is less dependent on end users´ memory. This new method incorporates Pseudo Random Numbers that are generated by a seed stemmed from a root file, such as an image file, managed by the user and shared with the authentication server. The Pseudo Random Numbers, generated upon user login, are then served as one-time passwords for server authentication. We described our design, implementation and experiments that tested the randomness of these one-time passwords in a real world scenario. We also discussed how the proposed scheme can withstand common attacks such as replay attacks, dictionary attacks, and the denial-of-service attacks.
Keywords :
Internet; message authentication; Web user authentication; denial-of-service attacks; dictionary attacks; end user memory; image file; one-time passwords; pseudorandom numbers; replay attacks; root file; seed-based authentication; server authentication; textual passwords; user login; username; Authentication; Dictionaries; Force; Generators; Servers; Uniform resource locators; authentication; information security; one-time password; pseudo random numbers;
Conference_Titel :
Collaboration Technologies and Systems (CTS), 2015 International Conference on
Conference_Location :
Atlanta, GA
Print_ISBN :
978-1-4673-7647-1
DOI :
10.1109/CTS.2015.7210447
