A more secure scheme for CAPTCHA-based authentication in cloud environment
| Title | A more secure scheme for CAPTCHA-based authentication in cloud environment |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Althamary, I. A., El-Alfy, E. S. M. |
| Conference Name | 2017 8th International Conference on Information Technology (ICIT) |
| Publisher | IEEE |
| ISBN Number | 978-1-5090-6332-1 |
| Keywords | authentication, authentication mechanism, authorisation, CAPTCHA, CAPTCHA-based authentication, captchas, cloud computing, cloud environment, cloud provider, cloud providers, composability, Computer crime, configurable adaptive resources, critical security function, cryptography, Dictionaries, dictionary attack, elastic collection, Handheld computers, Human Behavior, human beings, human factors, information technology, message authentication, modified characters, on-demand network access, passkey, password guessing, password-based authentication, phishing, pubcrawl, salted hashes, secure scheme, security-related issues, short-password attack, single password, Social Engineering, user authentication |
| Abstract | Cloud computing is a remarkable model for permitting on-demand network access to an elastic collection of configurable adaptive resources and features including storage, software, infrastructure, and platform. However, there are major concerns about security-related issues. A very critical security function is user authentication using passwords. Although many flaws have been discovered in password-based authentication, it remains the most convenient approach that people continue to utilize. Several schemes have been proposed to strengthen its effectiveness such as salted hashes, one-time password (OTP), single-sign-on (SSO) and multi-factor authentication (MFA). This study proposes a new authentication mechanism by combining user's password and modified characters of CAPTCHA to generate a passkey. The modification of the CAPTCHA depends on a secret agreed upon between the cloud provider and the user to employ different characters for some characters in the CAPTCHA. This scheme prevents various attacks including short-password attack, dictionary attack, keylogger, phishing, and social engineering. Moreover, it can resolve the issue of password guessing and the use of a single password for different cloud providers. |
| URL | https://ieeexplore.ieee.org/document/8080034 |
| DOI | 10.1109/ICITECH.2017.8080034 |
| Citation Key | althamary_more_2017 |
- Phishing
- human beings
- Human Factors
- information technology
- message authentication
- modified characters
- on-demand network access
- passkey
- password guessing
- password-based authentication
- Human behavior
- pubcrawl
- salted hashes
- secure scheme
- security-related issues
- short-password attack
- single password
- social engineering
- user authentication
- composability
- authentication mechanism
- authorisation
- CAPTCHA
- CAPTCHA-based authentication
- captchas
- Cloud Computing
- cloud environment
- cloud provider
- cloud providers
- authentication
- Computer crime
- configurable adaptive resources
- critical security function
- Cryptography
- Dictionaries
- dictionary attack
- elastic collection
- Handheld computers