Title :
Protecting password piracy using authentication protocol
Author :
Subhashini, K. ; Bhuvaneswari, M.S.
Author_Institution :
Dept. of Comput. Sci. & Eng., Sivakasi Anna Univ., Chennai, India
Abstract :
For past few decades, the text password is the primary means of user authentication in websites. The users select their passwords on their own. The password based authentication resist against brute force attacks and dictionary attacks. But the user passwords are prone to be stolen and can be compromised to attacks and vulnerabilities. First, the user reuses the password for several websites as it is difficult to remember several passwords. This lead to the loss of sensitive information and hackers can easily intrude into user accounts. If one of the websites password is compromised then the intruder can gain access to more websites. Second, the users may enter the passwords into untrusted systems may lead to password thief threat. The adversaries can launch several password attacks such as phishing, key loggers and malware. In this paper, an authentication protocol is proposed which requires a user´s cellphone, an untrusted system, a telecommunication provider and a web server. It comprises of three phases: Registration phase, Login phase and Recovery phase. Here users have to remember only a long-term password for login to all websites.
Keywords :
Web sites; data privacy; protocols; user interfaces; Web server; Web site; authentication protocol; brute force attack; dictionary attack; key loggers attack; login phase; malware attack; password piracy protection; phishing attack; recovery phase; registration phase; telecommunication provider; text password; untrusted system; user authentication; user cellphone; Authentication; Browsers; Cryptography; Protocols; Servers; Smart phones;
Conference_Titel :
Information Communication and Embedded Systems (ICICES), 2013 International Conference on
Conference_Location :
Chennai
Print_ISBN :
978-1-4673-5786-9
DOI :
10.1109/ICICES.2013.6508342
