期刊名称:International Journal of Computer Trends and Technology
电子版ISSN:2231-2803
出版年度:2014
卷号:7
期号:2
DOI:10.14445/22312803/IJCTT-V7P133
出版社:Seventh Sense Research Group
摘要:Text password is the most popular form of user authentication on websites due to its convenience and simplicity. However, users’ passwords are prone to be stolen and compromised under different threats and vulnerabilities. Firstly, users often select weak passwords and reuse the same passwords across different websites. Routinely reusing passwords causes a domino effect; when an adversary compromises one password, she will exploit it to gain access to more websites. Second, typing passwords into untrusted computers suffers password thief threat. An adversary can launch several password stealing attacks to snatch passwords, such as phishing, key loggers and malware. In this paper, we design a user authentication protocol named oPass which leverages a user’s cell phone and short message service to thwart password stealing and password reuse attacks. oPass only requires each participating website possesses a unique phone number, and involves a telecommunication service provider in registration and recovery phases. Through oPass, users only need to remember a longterm password for login on all websites. After evaluating the oPass prototype, we believe oPass is efficient and affordable compared with the conventional web authentication mechanisms. This paper provides a novel design and implementation of this OPass Security Model.
关键词:Authentication; User Password; Stealing; Reuse Attacks; Design Implementation; OPass Model
