Cellular phone based web authentication system using 3-D encryption technique under stochastic framework

This paper presents an approach to a user authentication system for web applications using JME enabled cellular phone as an authentication token. Most of the existing web based user authentication systems use user IDs and passwords to authenticate users. However, since its inception, the internet has been the witness to increasing number of attacks resulting sensitive information like user IDs, passwords and credit card details being stolen from the users´ computer by a technique known as ´masquerading´. The most common attacks include phishing, spoofing, key-loggers and spy-wares with the aim of impersonating the user. Even if the authentication systems manage to protect communication channels with encryption methods and digital signatures, the information can directly be stolen from the user´s Computer Terminal. To provide users with all round protection against all such attacks, we propose a user authentication system the components of which are a Computer Terminal and a JME enabled cellular phone using parallel network channel along with segmentation and clustering. An encryption algorithm is used that takes the random challenge from the web server received via SMS in the cellular phone and encrypts it using the seed value and the login password. Then, the cipher text is returned to the server via an SMS from the cellular phone which in turn verifies the authenticity of the user from the server.