ECCO Mnemonic Authentication: Two-Factor Authentication Method with Ease-of-Use

Full Text (PDF, 475KB), PP.11-18

Views: 0 Downloads: 0

Author(s)

Saman Gerami Moghaddam 1,* Amin Nasiri 1 Mohsen Sharifi 1

1. Computer Engineering Department Iran University of Science and Technology Tehran, Iran

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2014.07.02

Received: 5 Jan. 2014 / Revised: 2 Mar. 2014 / Accepted: 11 Apr. 2014 / Published: 8 Jun. 2014

Index Terms

Security, authentication, identification, privacy, cache-based, mnemonic

Abstract

Not very long ago, organizations used to identify their customers by means of one-factor authentication mechanisms. In today's world, however, these mechanisms cannot overcome the new security threats at least when it comes to high risk situations. Hence, identity providers have introduced varieties of two-factor authentication mechanisms. It may be argued that users may experience difficulties at time of authentication in systems that use two-factor authentication mechanisms for example because they may be forced to carry extra devices to be authenticated more accurately. This is however the tradeoff between ease-of-use and having a secure system that may be decided by the users and not the security providers. In this paper we present a new two-factor authentication mechanism that secures systems and at the same time is easier to use. We have used mnemonic features and the cache concept to achieve ease-of-use and security, respectively. Also, we have tested our method with almost 6500 users in real world using The Mechanical Turk Developer Sandbox.

Cite This Paper

Saman Gerami Moghaddam, Amin Nasiri, Mohsen Sharifi, "ECCO Mnemonic Authentication—Two-Factor Authentication Method with Ease-of-Use", International Journal of Computer Network and Information Security(IJCNIS), vol.6, no.7, pp.11-18, 2014. DOI:10.5815/ijcnis.2014.07.02

Reference

[1]Markus Jakobsson, Saman Gerami Moghaddam and Mohsen Sharifi, "Mobile Authentication", Book Chapter in: Computer Science, Springer, 2012
[2]K. AltinKemer, and T. Wang, “Cost and benefit analysis of authentication systems”, journal decision support systems, vol. 51, issue 3, June 2011.
[3]D. Florêncio, and C. Herley, “A large scale study of web password habits”, the 16th interna-tional conference on World Wide Web, New York 2007.
[4]B. Ives,K. R. Walsh, and H. Schneider,” The domino effect of password reuse”, communications of the ACM, 2004.
[5]Y. Bang, D. Lee, Y. Bae, and J. Ahn, "Improving information security management: an analysis of ID-Password usage and a new login vulnerability measure", international journal of information management, February 2012.
[6]Chaudhari,S, Rawat, A, "Design, Implementation and Analysis of Multi-Layer, Multi-Factor Authentication (MFA) Setup for Webmail Access in Multi-Trust Networks", IEEE 10th ACIS International Conferences on Software.
[7]A. Sabzevar, and P. Sousa, "Improving the Security of Mobile-Phone Access to Remote Personal Computers", International Journal of Software and Data Technologies, Springer, 2009.
[8]P. Eckersley, "How Unique is Your Web Browser?" 10th International Conference on Privacy Enhancing Technologies, Springer-Verlag Berlin, Heidelberg, 2010.
[9]L. Gong, J. Pan, B. Liu, and S. Zhao, “A novel one-time password mutual authentication scheme on sharing renewed finite random sub-passwords” journal of computer and system sciences, vol. 79, issue 1, February 2013.
[10]D. Pavlovic and C. Meadows, "Deriving Authentication for Pervasive Security"; ACM Proceeding of the ISTPS, Texas, USA, 12-16 Juan, 2008.
[11]D. Thanh, I. Jorstad, and T. Jonvik, "Strong Authentication with Mobile Phone as Security Token", IEEE 6th International Conference on Mobile Adhoc and Sensor Systems, Norway, 12-15 November, 2009.
[12]K. L. Vu, R. W. Proctor, A. Bhargav-Spantzel, B. Tai, J. Cook, and E. Schultz, "Improving password security and memorability to protect personal and organization information", international journal of human-computer studies, volume 65, issue 8, August 2007.
[13]K. P. L. Vu, J. Cook,, A. Bhargav, and R. W. Proctor, “Short-term and longterm retention of passwords generated by first-letter and entire-word mnemonic methods”, the 5th annual security conference, April 2006.
[14]M. Jakobsson, L. Yang, and S. Wetzel, "Quantifying the security of preference-based authentication”, the 4th ACM workshop on digital identity management, Virginia, USA, October 2008.
[15]M. Jakobsson, Shi E and Golle P, “Implicit Authentication for Mobile Devices”, 4th USENIX Workshop on Hot Topics in Security, Montreal, Canada, August 2009.
[16]M. Jakobsson, "Web Camouflage: Protecting Your Clients from Browser-Sniffing Attacks", IEEE Symposium on Security and Privacy, California, USA, 2007.
[17]A. Juels, M. Jakobsson and T. N. Jagatic, "Cache Cookie for Browser Authentication", IEEE Symposium on Security and Privacy, California, USA, 2006.