Int. J. of Information Privacy, Security and Integrity   »   2017 Vol.3, No.2

 

 

Title: A secure one time password protocol schema

 

Authors: Nawaf Aljohani; Joseph Shelton; Kaushik Roy

 

Addresses:
Department of Computer Science, Institute of Public Administration, Riyadh, KSA, Saudi Arabia
Department of Computer Science, North Carolina A&T State University, Greensboro, USA
Department of Computer Science, North Carolina A&T State University, Greensboro, USA

 

Abstract: Since the invention of the internet, text-based passwords have been utilised to authenticate users. This method is the most prevalent form of authentication but it has many drawbacks. An alternative password protocol is necessary to overcome the drawbacks in the traditional password system. This research proposes a novel password protocol that overcomes most password attacks. This research highlights many password attacks and shows how the proposed protocol mitigates them. Instead of a single static password being used to authenticate an individual, passwords are created based on the user's input in three password boxes and the proposed protocol reorders the textboxes randomly. A hacker can capture a password generated by login requests, but password attacks will be mitigated due to the non-deterministic random order in each login request. The proposed password protocol architecture makes any captured data worthless.

 

Keywords: text-based passwords; password schema; password-based authentication; static password; keyloggers; observe attack; guessing attack; intercepting network; non-deterministic.

 

DOI: 10.1504/IJIPSI.2017.10009577

 

Int. J. of Information Privacy, Security and Integrity, 2017 Vol.3, No.2, pp.75 - 95

 

Submission date: 09 Nov 2016
Date of acceptance: 05 Jun 2017
Available online: 07 Dec 2017

 

 

Editors Full text accessAccess for SubscribersPurchase this articleComment on this article