A Novel Dynamic Randomized Secret Key Model Based on One-Time Password Authentication

Authors

  • Amanapu Yaswanth Department of Computer Science and Engineering. GITAM (Deemed to be University), Visakhapatnam, Andhra Pradesh, India
  • Konala Thammi Reddy Department of Computer Science and Engineering, GITAM (Deemed to be University),Visakhapatnam, Andhra Pradesh, India

Keywords:

OTP, Traditional OTP, Hash, Password

Abstract

The quick improvement of the Internet encourages our lives in numerous viewpoints. Increasingly more business will be done through the Internet. Under such conditions, enough consideration must be given to data security, of which character verification is one significant issue. As per the rising advancement of smartphone devices, usage increased more and more. Like (Internet Mobile), IM banking will be progressively helpful, viable, and convenient through the new versatile correspondence frameworks. The security danger of web banking has expanded quickly as a general society regularly utilizes web-banking administrations. Among the different security methods, One Time Password (OTP) is used as a grounded strategy for authorizing security, and it is currently used in web banking administrations. With the continuous advancement of hacking innovations, it is essential to furnish clients with an ensured foundation that verifies their assets against unlawful access by authorizing control systems. There is a chance of getting OTP on the user side, so we must provide a secure channel to share the OTP from the server with its clients. In this way, the proposed model introduced with  a novel concept is put forth that is more secure than the current online payment system that uses OTP. This method combines OTP with the secret key. The secret key is generated using Several different encryption techniques are used to produce the secret key at random. The Transaction password is created using a secure key and the RSA method. To prevent it from being communicated over an unsecured network and resulting in a fraudulent transaction, a copy of this password is kept on the server and is created at the user side using a mobile application. By checking the authentication code, the model finally achieves the goal of security authentication. Experiments show that OTP and Secret Key are more effective and guarantee the security feature.

Downloads

Download data is not yet available.

References

Mulliner, C., Borgaonkar, R., Stewin, P., Seifert, JP. (2013). SMS-Based One-Time Passwords: Attacks and Defense. In: Rieck, K., Stewin, P., Seifert, JP. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2013. Lecture Notes in Computer Science, vol 7967. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39235-1_

Prakash, M. V., Infant, P. A., & Shobana, S. J. (2010). Eliminating vulnerable attacks using one-time password and passtext–analytical study of blended schema. Universal Journal of Computer Science and Engineering Technology, 1(2), 133-140.

S. Plaga, M. Niethammer, N. Wiedermann and A. Borisov, "Adding Channel Binding for an Out-of-Band OTP Authentication Protocol in an Industrial Use-Case," 2018 1st International Conference on Data Intelligence and Security (ICDIS), South Padre Island, TX, 2018

Kushwaha, Prashant, et al. "A Brief Survey of Challenge–Response Authentication Mechanisms." ICT Analysis and Applications: Proceedings of ICT4SD 2020, Volume 2 (2021): 573-581.

J. Thomas and R. H. Goudar, "Multilevel Authentication using QR code-based watermarking with mobile OTP and Hadamard transformation," 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI), Bangalore, 2018.

S. Nivetha, N. E. Elizabeth, T. P. Padmasha and I. Gohulalakshmi, "Secure authentication process in smart cards," 2016 10th International Conference on Intelligent Systems and Control (ISCO), Coimbatore, 2016.

T. Kansuwan and T. Chomsiri, "Authentication Model using the Bundled CAPTCHA OTP Instead of Traditional Password," 2019 Joint International Conference on Digital Arts, Media and Technology with ECTI Northern Section Conference on Electrical, Electronics, Computer, and Telecommunications Engineering (ECTI DAMT-NCON), Nan, Thailand, 2019, pp. 5-8.

E. Erdem and M. T. Sandıkkaya, "OTPaaS—One Time Password as a Service," in IEEE Transactions on Information Forensics and Security, vol. 14, no. 3, pp. 743-756, March 2019.

ShanmugaPriya, S., A. Valarmathi, and D. Yuvaraj. "The personal authentication service and security enhancement for an optimal strong password." Concurrency and Computation: Practice and Experience 31.14 (2019): e5009.

B. Maciej, E. F. Imed and M. Kurkowski, "Multifactor Authentication Protocol in a Mobile Environment," in IEEE Access, vol. 7, pp. 157185-157199, 2019.

Kim, Hyunki, et al. "Analysis of vulnerabilities that can occur when generating the one-time password." Applied Sciences 10.8 (2020): 2961.

Sri Sumanth, K., et al. "Pragmatic Reform to Ameliorate Insider Data Theft Detection." Confidential Computing: Hardware-Based Memory Protection. Singapore: Springer Nature Singapore, 2022. 137-148.

B. Bekmezci, Ç. Eriş and P. S. Bölük, "A multi-layered approach to securing enterprise applications by using TLS, two-factor authentication and single sign-on," 2018 26th Signal Processing and Communications Applications Conference (SIU), Izmir, 2018.

Bairwa, Amit Kumar, and Sandeep Joshi. "Mutual authentication of nodes using session token with fingerprint and MAC address validation." Egyptian Informatics Journal 22.4 (2021): 479-491.

Abikoye, Oluwakemi Christiana, et al. "A novel technique to prevent SQL injection and cross-site scripting attacks using Knuth-Morris-Pratt string match algorithm." EURASIP Journal on Information Security 2020.1 (2020): 1-14.

APRIANSYAH, YOGI. Implementing One Time Password (OTP) for Login Security on Web-Based Systems. Diss. The University of Technology Yogyakarta, 2022.

Cho, Tae-Ho, and Garam-Moe Jeon. "A method for detecting man-in-the-middle attacks using time synchronization one-time password in interlock protocol based internet of things." Journal of Applied and Physical Sciences 2.2 (2016): 37-41.

Bojjagani, Sriramulu, DR Denslin Brabin, and PV Venkateswara Rao. "PhishPreventer: a secure authentication protocol for preventing phishing attacks in a mobile environment with formal verification." Procedia Computer Science 171 (2020): 1110-1119

Ayankoya, Folasade, and Blaise Ohwo. "Brute-force attack prevention in cloud computing using one-time password and cryptographic hash function." International Journal of Computer Science and Information Security (IJCSIS) 17.2 (2019): 7-19.

Taufiq, Muhammad, and Dion Ogi. "Implementing One-Time Password Mutual Authentication Scheme on Sharing Renewed Finite Random Sub-Passwords Using Raspberry Pi as a Room Access Control to Prevent Replay Attack." 2018 International Conference on Electrical Engineering and Informatics (ICELTICs). IEEE, 2018.

Azrour, Mourade, et al. "Internet of Things security: challenges and key issues." Security and Communication Networks 2021 (2021): 1-11.

Papaioannou, Maria, et al. "A survey on quantitative risk estimation approaches for secure and usable user authentication on smartphones." Sensors 23.6 (2023): 2979.

Mahdad, Ahmed Tanvir, Mohammed Jubur, and Nitesh Saxena. "Analyzing the Security of OTP 2FA in the Face of Malicious Terminals." Information and Communications Security: 23rd International Conference, ICICS 2021, Chongqing, China, November 19-21, 2021, Proceedings, Part I 23. Springer International Publishing, 2021.

Manjula, B. Vishnuvardhanand B., and R. Lakshman Naik. "Pre-Authorization And Post-Authorization Techniques For Detecting And Preventing The Session Hijacking." International Journal of Future Generation Communication and Networking 14.1 (2021): 359-371.

Binitie, Amaka Patience, Nneamaka Christiana Anujeonye, and Peace Oguguo Ezzeh. "Security against Shoulder Surfing Attack Adaptable to Feature Phones using USSD Technology.

Janani, S., Dilip, R., Talukdar, S. B., Talukdar, V. B., Mishra, K. N., & Dhabliya, D. (2023). IoT and machine learning in smart city healthcare systems. Handbook of research on data-driven mathematical modeling in smart cities (pp. 262-279) doi:10.4018/978-1-6684-6408-3.ch014 Retrieved from www.scopus.com

Rambabu, B. ., Vikranth, B. ., Anupkanth, S. ., Samya, B. ., & Satyanarayana, N. . (2023). Spread Spectrum based QoS aware Energy Efficient Clustering Algorithm for Wireless Sensor Networks . International Journal on Recent and Innovation Trends in Computing and Communication, 11(1), 154–160. https://doi.org/10.17762/ijritcc.v11i1.6085

Downloads

Published

16.07.2023

How to Cite

Yaswanth, A. ., & Reddy, K. T. . (2023). A Novel Dynamic Randomized Secret Key Model Based on One-Time Password Authentication . International Journal of Intelligent Systems and Applications in Engineering, 11(3), 850–858. Retrieved from https://ijisae.org/index.php/IJISAE/article/view/3341

Issue

Vol. 11 No. 3 (2023)

Section

Research Article

License

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.

IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.