TSPass: A Dynamic User Authentication Scheme Based On Time and Space
File version
Author(s)
Wu, Xin-Wen
Tang, Kun
Griffith University Author(s)
Primary Supervisor
Other Supervisors
Editor(s)
Date
Size
File type(s)
Location
License
Abstract
On-line service providers and their users have suffered from various sophisticated attacks on user authentication. There is a strong desire to develop and implement more secure authentication schemes to protect web services against security threats. Intensive work has been done trying to improve upon traditional password authentication, resulting in two-factor authentication, session key exchanging schemes and time dynamic password schemes. However, these schemes have been proved not effective, due to their security design or additional overheads. In this paper, we proposed a secure dynamic user authentication scheme. Unlike the traditional password authentication (where a static password is used) or two-factor authentication (which requires the user's password and another pieces of time-dynamic authentication information), our proposed authentication scheme will be based on a dynamic one-time password (OTP), which is generated by the user's password, the authenticating time, as well as a unique property that represents the user's location at the moment of authentication (for example, the MAC address of the machine that the user uses for authentication). Compared with traditional OTPs which are only time-dynamic, the proposed scheme is based on both time and space (location). It is thus called TSPass. As we will analyze, our TSPass authentication improves upon two-factor authentication and other currently known authentication schemes, and effectively protect user's account against various attacks (including phishing attack, reply attack, and perfect-man-in-the-middle attack). Our testing and simulation work show that the proposed authentication is efficient and user friendly.
Journal Title
International Journal of Computer Science and Network Security
Conference Title
Book Title
Edition
Volume
12
Issue
10
Thesis Type
Degree Program
School
Publisher link
DOI
Patent number
Funder(s)
Grant identifier(s)
Rights Statement
Rights Statement
Item Access Status
Note
Access the data
Related item(s)
Subject
Data Format not elsewhere classified
Computation Theory and Mathematics