ProcurePass: A User Authentication Protocol to Resist Password Stealing and Password Reuse Attack

2013 International Symposium on Computational and Business Intelligence Pub Date : 2013-08-24 DOI:10.1109/ISCBI.2013.14

Mariam M. Kassim, A. Sujitha

{"title":"ProcurePass: A User Authentication Protocol to Resist Password Stealing and Password Reuse Attack","authors":"Mariam M. Kassim, A. Sujitha","doi":"10.1109/ISCBI.2013.14","DOIUrl":null,"url":null,"abstract":"The most popular form of user authentication is the text password, which is the most convenient and the simplest. Users mostly choose weak passwords and reuse the same password across different websites and thus, a domino effect. i.e., when an adversary compromises one password, she exploits, gaining access to more websites. Also typing passwords into public computers (kiosks) suffers password thief threat, thereby the adversary can launch several password stealing attacks, such as phishing, key loggers and malware. Therefore user's passwords tend to be stolen and compromised under different threats and vulnerabilities. A user authentication protocol named Procure Pass, which benefits a user's cell phone and short message service to prevent password stealing and password reuse attacks. Procure Pass adopts the one-time password strategy, which free users from having to remember or type any passwords into conventional public computers for authentication. In case of users lose their cell phones, this still works by reissuing the SIM cards and long-term passwords.","PeriodicalId":311471,"journal":{"name":"2013 International Symposium on Computational and Business Intelligence","volume":"51 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 International Symposium on Computational and Business Intelligence","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISCBI.2013.14","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

Abstract

The most popular form of user authentication is the text password, which is the most convenient and the simplest. Users mostly choose weak passwords and reuse the same password across different websites and thus, a domino effect. i.e., when an adversary compromises one password, she exploits, gaining access to more websites. Also typing passwords into public computers (kiosks) suffers password thief threat, thereby the adversary can launch several password stealing attacks, such as phishing, key loggers and malware. Therefore user's passwords tend to be stolen and compromised under different threats and vulnerabilities. A user authentication protocol named Procure Pass, which benefits a user's cell phone and short message service to prevent password stealing and password reuse attacks. Procure Pass adopts the one-time password strategy, which free users from having to remember or type any passwords into conventional public computers for authentication. In case of users lose their cell phones, this still works by reissuing the SIM cards and long-term passwords.

查看原文本刊更多论文

procrepass:防止密码窃取和密码重用攻击的用户认证协议

最流行的用户认证形式是文本密码，它是最方便、最简单的。用户大多选择弱密码，并在不同的网站上重复使用相同的密码，从而产生多米诺骨牌效应。例如，当攻击者泄露一个密码时，她就会利用，获得访问更多网站的权限。此外，在公共计算机(信息亭)输入密码也会受到密码盗窃的威胁，因此对手可以发起多种密码窃取攻击，如网络钓鱼、密钥记录器和恶意软件。因此，在不同的威胁和漏洞下，用户的密码容易被窃取和泄露。用户认证协议“Pass”，有利于用户的手机和短信业务，防止密码窃取和密码重用攻击。“采购通”采用一次性密码策略，让使用者毋须记忆或输入任何密码到传统的公用电脑进行认证。如果用户丢失了手机，这仍然可以通过重新发放SIM卡和长期密码来工作。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2013 International Symposium on Computational and Business Intelligence

自引率

0.00%

发文量