TSPass: A Dynamic User Authentication Scheme Based On Time and Space

No Thumbnail Available
File version
Author(s)
Ren, Xuguang
Wu, Xin-Wen
Tang, Kun
Griffith University Author(s)
Primary Supervisor
Other Supervisors
Editor(s)
Date
2012
Size
File type(s)
Location
License
Abstract

On-line service providers and their users have suffered from various sophisticated attacks on user authentication. There is a strong desire to develop and implement more secure authentication schemes to protect web services against security threats. Intensive work has been done trying to improve upon traditional password authentication, resulting in two-factor authentication, session key exchanging schemes and time dynamic password schemes. However, these schemes have been proved not effective, due to their security design or additional overheads. In this paper, we proposed a secure dynamic user authentication scheme. Unlike the traditional password authentication (where a static password is used) or two-factor authentication (which requires the user's password and another pieces of time-dynamic authentication information), our proposed authentication scheme will be based on a dynamic one-time password (OTP), which is generated by the user's password, the authenticating time, as well as a unique property that represents the user's location at the moment of authentication (for example, the MAC address of the machine that the user uses for authentication). Compared with traditional OTPs which are only time-dynamic, the proposed scheme is based on both time and space (location). It is thus called TSPass. As we will analyze, our TSPass authentication improves upon two-factor authentication and other currently known authentication schemes, and effectively protect user's account against various attacks (including phishing attack, reply attack, and perfect-man-in-the-middle attack). Our testing and simulation work show that the proposed authentication is efficient and user friendly.

Journal Title

International Journal of Computer Science and Network Security

Conference Title
Book Title
Edition
Volume

12

Issue

10

Thesis Type
Degree Program
School
DOI
Patent number
Funder(s)
Grant identifier(s)
Rights Statement
Rights Statement
Item Access Status
Note
Access the data
Related item(s)
Subject

Data Format not elsewhere classified

Computation Theory and Mathematics

Persistent link to this record
Citation
Collections