A novel OTP based tripartite authentication scheme

S. A. Lone, A. H. Mir
{"title":"A novel OTP based tripartite authentication scheme","authors":"S. A. Lone, A. H. Mir","doi":"10.1108/ijpcc-04-2021-0097","DOIUrl":null,"url":null,"abstract":"\nPurpose\nBecause of the continued use of mobile, cloud and the internet of things, the possibility of data breaches is on the increase. A secure authentication and authorization strategy is a must for many of today’s applications. Authentication schemes based on knowledge and tokens, although widely used, lead to most security breaches. While providing various advantages, biometrics are also subject to security threats. Using multiple factors together for authentication provides more certainty about a user’s identity; thus, leading to a more reliable, effective and more difficult for an adversary to intrude. This study aims to propose a novel, secure and highly stable multi-factor one-time password (OTP) authentication solution for mobile environments, which uses all three authentication factors for user authentication.\n\n\nDesign/methodology/approach\nThe proposed authentication scheme is implemented as a challenge-response authentication where three factors (username, device number and fingerprint) are used as a secret key between the client and the server. The current scheme adopts application-based authentication and guarantees data confidentiality and improved security because of the integration of biometrics with other factors and each time new challenge value by the server to client for OTP generation.\n\n\nFindings\nThe proposed authentication scheme is implemented on real android-based mobile devices, tested on real users; experimental results show that the proposed authentication scheme attains improved performance. Furthermore, usability evaluation proves that proposed authentication is effective, efficient and convenient for users in mobile environments.\n\n\nOriginality/value\nThe proposed authentication scheme can be adapted as an effective authentication scheme to accessing critical information using android smartphones.\n","PeriodicalId":210948,"journal":{"name":"Int. J. Pervasive Comput. Commun.","volume":"77 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-08-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Int. J. Pervasive Comput. Commun.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1108/ijpcc-04-2021-0097","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 4

Abstract

Purpose Because of the continued use of mobile, cloud and the internet of things, the possibility of data breaches is on the increase. A secure authentication and authorization strategy is a must for many of today’s applications. Authentication schemes based on knowledge and tokens, although widely used, lead to most security breaches. While providing various advantages, biometrics are also subject to security threats. Using multiple factors together for authentication provides more certainty about a user’s identity; thus, leading to a more reliable, effective and more difficult for an adversary to intrude. This study aims to propose a novel, secure and highly stable multi-factor one-time password (OTP) authentication solution for mobile environments, which uses all three authentication factors for user authentication. Design/methodology/approach The proposed authentication scheme is implemented as a challenge-response authentication where three factors (username, device number and fingerprint) are used as a secret key between the client and the server. The current scheme adopts application-based authentication and guarantees data confidentiality and improved security because of the integration of biometrics with other factors and each time new challenge value by the server to client for OTP generation. Findings The proposed authentication scheme is implemented on real android-based mobile devices, tested on real users; experimental results show that the proposed authentication scheme attains improved performance. Furthermore, usability evaluation proves that proposed authentication is effective, efficient and convenient for users in mobile environments. Originality/value The proposed authentication scheme can be adapted as an effective authentication scheme to accessing critical information using android smartphones.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
一种新的基于OTP的三方认证方案
由于移动、云和物联网的持续使用,数据泄露的可能性正在增加。对于当今的许多应用程序来说,安全的身份验证和授权策略是必须的。基于知识和令牌的身份验证方案虽然被广泛使用,但会导致大多数安全漏洞。生物识别技术在提供各种优势的同时,也面临着安全威胁。同时使用多个因素进行身份验证可以更确定用户的身份;因此,导致更可靠,有效和更难以入侵的对手。本研究旨在提出一种新颖、安全且高度稳定的移动环境多因素一次性密码(OTP)认证解决方案,该方案使用所有三种认证因素进行用户认证。设计/方法/方法所提出的身份验证方案被实现为一个质询-响应身份验证,其中三个因素(用户名、设备号和指纹)被用作客户端和服务器之间的密钥。目前的方案采用基于应用程序的身份验证,由于生物特征与其他因素的融合以及每次服务器向客户端生成新的挑战值,保证了数据的保密性,提高了安全性。所提出的认证方案在真实的基于android的移动设备上实现,并对真实用户进行了测试;实验结果表明,该认证方案取得了较好的性能。此外,可用性评估证明了所提出的认证方法对移动环境下的用户是有效、高效和方便的。原创性/价值提出的认证方案可以作为使用android智能手机访问关键信息的有效认证方案。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Designing obstacle's map of an unknown place using autonomous drone navigation and web services Contact tracing and mobility pattern detection during pandemics - a trajectory cluster based approach The relative importance of click-through rates (CTR) versus watch time for YouTube views Guest editorial: Hyperscale computing for edge of things and pervasive intelligence A framework for measuring the adoption factors in digital mobile payments in the COVID-19 era
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1