Abstract
Identifying and validating the user is a major concern in a heterogeneous network domain. Conventional algorithms and mechanisms could authenticate the users/messages, but with certain vulnerabilities. This paper analyzes the vulnerabilities and downsides of some present-day authentication mechanisms that are being used and proposes an authentication mechanism that cannot be bypassed easily. The proposed mechanism incorporates multi-factor authentication and validates the user based on a username, a password, a security question which is sent to the user via Short-Message-Service (SMS), and a security pin (if necessary). List of security questions posed to the end-user makes the proposed mechanism stronger and protect the system from security breaches by an unknown user to guess the answer.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Kaur, N., Devgan, M., Bhushan, S.: Robust login authentication using time-based OTP through secure tunnel. In: 3rd International Conference on Computing for Sustainable Global Development, New Delhi, India (2016)
Tzemos, I., Fournaris, A.P., Sklavos, N.: Security and efficiency analysis of one time password techniques. In: Proceedings of the 20th Pan-Hellenic Conference on Informatics, p. 67. ACM (2016)
Mulliner, C., Borgaonkar, R., Stewin, P., Seifert, J.P.: SMS-based one-time passwords: attacks and defense. In: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, 18 July 2013, pp. 150–159. Springer, Heidelberg (2013)
Yoo, C., Kang, B.T., Kim, H.K.: Case study of the vulnerability of OTP implemented in internet banking systems of South Korea. Multimed. Tools Appl. 74(10), 3289–3303 (2015)
Apvrille, A.: Zeus in the Mobile (Zitmo): Online Banking’s Two Factor Authentication Defeated (2010)
F-Secure: Threat Description: Trojan: Android/Cruse wind (2011). http://www.f-secure.com/v-descs/trojan_android_crusewind.shtml
Maslennikov, D.: ZeuS in the Mobile is Back. Secure List Blog, February 2011
Klein, A.: The song remains the same: man in the mobile attacks single out android, July 2012. http://www.trusteer.com/blog/song-remains-same-man-mobile-attacks-single-out-android
Abdullayeva, F., Imamverdiyev, Y., Musayev, V., Wayman, J.: Analysis of security vulnerabilities in biometric systems (2006)
Kowtko, M.A.: Biometric authentication for older adults. In: 2014 IEEE Long Island Systems, Applications and Technology Conference (LISAT), pp. 1–6. IEEE (2014)
Ashibani, Y., Kauling, D., Mahmoud, Q.H.: A context-aware authentication framework for smart homes. In: IEEE 30th Canadian Conference on Electrical and Computer Engineering, Windsor, ON, Canada (2017)
Mock, K., Weaver, J., Milton, M.: Poster: real-time continuous iris recognition for authentication using an eye tracker. In: Proceedings of the 2012 ACM Conference on Computer Communication & Security, pp. 1007–1009 (2012)
Tsai, P.W., Khan, M.K., Pan, J.S., Liao, B.Y.: Interactive artificial bee colony supported passive continuous authentication system. IEEE Syst. J. 8(2), 395–405 (2014)
Agrawal, H., Thakur, A., Slathia, R., Jeyanthi, N.: User authentication scheme in cloud computing. Int. J. Appl. Eng. Res. 10(8), 20767–20778 (2015)
Jeyanthi, N., Shabeeb, H., Thandeeswaran, R., Durai, M.A.S.: RESCUE: three phase authentication to detect and prevent DDoS attacks in cloud computing environment. Int. J. Eng. Trans. B: Appl. 27(8), 1137–1146 (2014)
Thandeeswaran, R., Mcheick, H., Hemant, A., Ajay, T., Jeyanthi, N., Rajan, S.: An efficient and secure biometric authentication scheme for M-Commerce. Int. J. Civ. Eng. Technol. 8(12), 429–437 (2017)
Rawat, A., Singh, A.K., Jithin, J., Jeyanthi, N., Thandeeswaran, R.: RSJ approach for user authentication. In: International Conference on Advances in Information Communication Technology & Computing, Bikaner. ACM, 12–13 August 2016
Kumari, J., Jeyanthi, N.: Two way authentication system in Internet of Things (IoT) for impersonation attacks. In: IEEE Sponsored International Conference on Engineering and Technology (ICET16), Coimbatore, India, 16–17 December 2016
Jeyanthi, N., Gundu, S.: Backup key generation model for one-time password security protocol. In: 14th International Conference on Science, Engineering and Technology, Vellore, India, IOP Conference Proceedings (2017)
Tiwari, A., Sanyal, S., Abraham, A., Knapskog, S.J., Sanyal, S.: A multifactor security protocol for wireless payment-secure web authentication using mobile devices. In: Guimaraes, N., Isaias, P. (eds.) International Conference on Applied Computing 2007, Salamanca, Spain, pp. 160—167 (2007). ISBN 978-972-8924-30-0
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Bhalla, R., Jeyanthi, N. (2020). M2U2: Multifactor Mobile Based Unique User Authentication Mechanism. In: Abraham, A., Cherukuri, A.K., Melin, P., Gandhi, N. (eds) Intelligent Systems Design and Applications. ISDA 2018 2018. Advances in Intelligent Systems and Computing, vol 940. Springer, Cham. https://doi.org/10.1007/978-3-030-16657-1_42
Download citation
DOI: https://doi.org/10.1007/978-3-030-16657-1_42
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-16656-4
Online ISBN: 978-3-030-16657-1
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)