TSPass: A Dynamic User Authentication Scheme Based On Time and Space
On-line service providers and their users have suffered from various sophisticated attacks on user authentication. There is a strong desire to develop and implement more secure authentication schemes to protect web services against security threats. Intensive work has been done trying to improve upon traditional password authentication, resulting in two-factor authentication, session key exchanging schemes and time dynamic password schemes. However, these schemes have been proved not effective, due to their security design or additional overheads. In this paper, we proposed a secure dynamic user authentication scheme. Unlike the traditional password authentication (where a static password is used) or two-factor authentication (which requires the user's password and another pieces of time-dynamic authentication information), our proposed authentication scheme will be based on a dynamic one-time password (OTP), which is generated by the user's password, the authenticating time, as well as a unique property that represents the user's location at the moment of authentication (for example, the MAC address of the machine that the user uses for authentication). Compared with traditional OTPs which are only time-dynamic, the proposed scheme is based on both time and space (location). It is thus called TSPass. As we will analyze, our TSPass authentication improves upon two-factor authentication and other currently known authentication schemes, and effectively protect user's account against various attacks (including phishing attack, reply attack, and perfect-man-in-the-middle attack). Our testing and simulation work show that the proposed authentication is efficient and user friendly.
International Journal of Computer Science and Network Security
Data Format not elsewhere classified