A novel dynamic user authentication scheme

Network based businesses including on-line financial services have suffered from various attacks on user authentication. There is a strong desire to develop and implement more secure authentication schemes to protect businesses and clients against security threats. Intensive work has been done in this area, to improve on traditional password authentication, such as two-factor authentication, session key exchanging scheme, and dynamic password scheme. However, these schemes have been proved not effective, due to their security design or additional overheads. In this paper, we proposed a secure dynamic user authentication scheme. Unlike the traditional password authentication (where a static password is used) or two-factor authentication (where two pieces of authentication information are required), our proposed authentication scheme will use a dynamic one-time password (OTP), based on user´s password, the authenticating time, as well as a unique property that the user possesses at the moment of authentication (that is, “something the user has”, for example, the MAC address of the machine that the user uses for authentication). As we will analyze, the proposed authentication improves upon two-factor authentication and other currently known authentication schemes, and effectively protect user´s account against various attack (such as phishing attack, reply attack, and perfect-man-in-the-middle attack). Our testing and simulation work will show that the proposed authentication is efficient and user friendly.