By Topic

A user friendly password authenticated key agreement for web based services

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Misbahuddin, M. ; Centre for Dev. of Adv. Comput., Bangalore ; Premchand, P. ; Govardhan, A.

With an increase in number of services provided over internet, the demand for securing users sensitive data has also increased. Due to the simplicity of single factor (username/password) authentication mechanisms, most of the Web based services have been employing this mechanism. But these mechanisms are now not being considered secure enough for various reasons such as 1) There is a sharp increase in number of attacks on ID/password based mechanisms 2) Users registered with various no. of online services have to remember pairs of ID/passwords for their respective accounts. 2) Users are either choosing easy to remember passwords which are weak & are susceptible to dictionary attack, or are choosing hard to guess alphanumeric passwords which are hard to remember & which leads them to write it on paper. So, in order to provide secure and user friendly authentication, the security experts are strongly recommending the online financial service providers to deploy two factor authentication mechanisms to strengthen security without compromising user convenience. In this paper, we try to address above issues by proposing a user friendly two-factor based authentication mechanism which allows the user to freely choose easy to remember passwords based on a description of users personal images. At login, users recall & enter their password by seeing their pre-selected images. This approach helps a user maintain many accounts with different passwords conveniently. In addition, the scheme proposes a protocol for secure low computation mutual authentication and session key agreement. The proposed mechanism is user friendly and is resistant to several attacks.

Published in:

Innovations in Information Technology, 2008. IIT 2008. International Conference on

Date of Conference:

16-18 Dec. 2008