Enhancing security of one-time password using Elliptic Curve Cryptography with biometrics for e-commerce applications

Abstract

Security of one-time password (OTP) is essential because nowadays most of the e-commerce transactions are performed with the help of this mechanism. OTP is used to counter replay attack/eavesdropping. Replay attack or eavesdropping is one type of attacks on network-connected computing environment or isolated computing environment. For achieving 112 bits of security level, Rivest Shamir and Adleman (RSA) algorithm needs key size of 2048 bits, while Elliptic Curve Cryptography (ECC) needs key size of 224-255 bits. Another issue with most of the existing implementation of security models is storage of secret keys. Cryptographic keys are often kept in en-secured way that can either be guessed/social-engineered or obtained through brute force attacks. This becomes a weak link and leads integrity issues of sensitive data in a security model. To overcome the above problem, biometrics is combined with cryptography for developing strong security model. This paper suggests an enhanced security model of OTP system using ECC with palm-vein biometrie. This model also suggests better security with lesser key size than other prevalent public key crypto-model. The cryptographic keys are also not required to memorize or keep anywhere, these keys are generated as and when needed.