SlideShare a Scribd company logo

One time password generation using mathematical random function in sphere space for mid sized applications

E
EditorIJAERD

This document proposes a one-time password generation scheme using a mathematical random function in sphere space for mid-sized applications. It generates one-time passwords from a spherical random number space to produce thousands of unique passwords at once. The scheme was tested and shown to authenticate one user in seconds, 100 users in 28 seconds, and 1000 users in under 10 minutes. Future work could enhance the scheme with additional visual encoding techniques to further protect against botnets with image processing capabilities.

Engineering
1 of 5
Downloaded 26 times
1
2
3
4
5
Scientific Journal of Impact Factor (SJIF) : 3.134 International Journal of Advance Engineering and Research Development @IJAERD-2014, All rights Reserved 150 ISSN (Print) : 2348-6406 ISSN (Online): 2348-4470 One Time Password Generation Using Mathematical Random Function In Sphere Space For Mid-Sized Applications 1 Ishupreet Kaur, 2 Gargi Narula 1 Computer Science & Engineering Department, SVIET, Patiala, Punjab, 140601, India,kaurishupreet1@gmail.com 2 Computer Science & Engineering Department, SVIET, Patiala, Punjab, 140601, India,garginarula@gmail.com Abstract--The proposed vOTP scheme is designed by keeping the mid-sized online application requires the OTP scheme. The proposed one time password scheme is used to generate the one time password from the spherical space using random function from a larger spherical number space. This technique is useful to generate thousands of unique and unrepeatable OTPs at one point of time. The results have shown that the system can serve a large number of users every minute. The system is capable of serving one user in fraction of seconds, 100 users in 28 seconds and 1000 users in less than 10 minutes. Keywords—one time password, random function, sphere space, phishing attack , multiple ID generation attack. I. INTRODUCTION The One Time password is unique value which can be used for one transaction only. Once it is used it becomes outdated. One Time Password can be generated Time Based and Event Based. It is used to prevent our systemfrom unauthorized access and harmful attacks. Similarly, One Time Password can also be used to prevent against botnet attacks. Botnet attacks are the attacks in which the bot programs are installed on users system without its prior knowledge. This bot attack can be a snooping attack or a key logger attack. Now, whenever a OTP is used for authentication purpose, it can be a text or graphic based. Because we are using OTP against Botnet/Autobot, we will be using graphics based OTP. As bot programs which are available can detect the text-based passwords but they cannot recognize graphics. A text based OTP is generated using a random generator function which is later converted to graphics based password. One Time Password can be delivered to the user using many ways like mobile phone, e-mail, etc. The Basic Idea of this scheme is to generate a One Time Password for authentication purpose and each time the one time password generated should be unique. The one time password adds another layer of security to login process used widely over internet for authentication. One time password can be generated using spherical random function which has a large amount of number and can produce unique combinations. Spherical random function is capable of generating more unique combinations of integers than any other mathematical random function. Then the random is uniquely selected among the sphere matrix, which creates more unique passwords. Then the integer based password is converted into image hardens the security layer of the mobile/SMS based authentication environments. The visual form of OTP increase the security of the authentication process and protect passwords against interception attacks, the concept of one-time visual passwords (OTVP) is proposed. The OTVP concept takes advantage of the differences between computer encoding of data and the human visual perception of images. Here, we have taken a Client and Server based architecture. In this, a authentication request is made by client to server. And server will send a text based password to client. Further, the text based password is converted to graphic based password. If the recipient is actually a human being, then a human can recognize the graphic and get authenticated. But if it is a Autobot or botnet, then it cannot recognize the password received and authentication is failed. The graphics based password can be delivered to client using MMS, watsapp or email. Therefore, the given mechanism can be used for authentication purpose in online portals where Autobot are using users identification for login purpose without their consent. Then the bots can steal important information or can have financial gains. So it is better to use graphics based one time password to prevent from autobots or botnet problems. II. LITERATURE REVIEW R.R.Karthiga and associates have proposed an OTP generation technique to minimize the damage by phishing and spyware attacks. The OTP is used to authenticate the clients to protect the server from unauthorized access using the long-termpublic
International Journal of Advance Engineering and Research Development (IJAERD) Volume 1,Issue 8, August -2014, e-ISSN: 2348 - 4470 , print-ISSN:2348-6406 @IJAERD-2014, All rights Reserved 151 keys and digital certificates. Ahmad Alamgir Khan et al. have discussed the phishing attack used by cyber criminals to steal the user’s personal information, credit card or debit card information in detail. The authors have also proposed the security mechanism against phishing attacks. The proposed approach is based on the OTP retrieval using SMS or email systems., which are submitted by the users to the server and server reverts the decision logic after inspection. The OTP is used an encrypted token in very smart way to tackle the phishing attack problem. Andrew Y. Lindell et al have performed the comparison of two approaches of the OTP: time-based OTP and event-based OTP. They have provided the usability and security comparison of both of these one time password techniques. Both of the techniques compared under this comparison uses cryptographic mechanism. Mihai Ordean and his research associates have conducted the performance analysis of security and usability of authentication systems based on components. They have introduced the one-time visual authentication (OTVP) concept which in real is representing a novel approach to the security of authentication interfaces that combines one-time passwords (OTPs) with visual authentication interfaces III. EXPERIMENTAL DESIGN The major task of the proposed system is to create the one time password based on the random sphere value space to authenticate the users to avoid various cyber attacks like phishing attack. The one time password generation scheme must be able to produce a larger space of unique passwords so that it can be used to authenticate multiple users at one time without any duplicity. The OTP adds an extra security layer to protect the user login. The OTPs are widely used over internet for authentication.OTP generation is using values in the sphere space based random number generation system for large density users at once. Cubic random function provides the capability of larger number of random number combinations. The OTP generation initially generates the matrix of million values. The different numbers of values are randomly selected among the million values generated earlier and concatenates them to make an OTP. Then the complex number is converted into integer based password is converted into image using visual encoding makes it more secure and send it via mobile/SMS based authentication environments. Algorithm: OTP Generation Algorithm Step 1: Sphere Random Function to generate random number A. Initialization of the random number generator and calculate the angle of elevation in the sphere. Sphere contains values in open interval, , but not uniformly distributed. B. Creation of the angle of azimuth for each sphere point on the basis of uniformly distributed in the open interval, C. Compute radius value for each point based on open interval, not uniformly distributed. D. Rearrange and concatenate the random matrix values and return OTP. Step 2: Visual encoding A. Break OTP into list of characters B. Convert each character to ASCII value C. Fetch the visual code/encode for ASCII value for each character in the list D. Concatenate the visual encoding of all characters to form an image and Return vOTP Step 3: Client/Server Communication A. Server send the vOTP to client system using SMS or MMS or Other-App. B. Client submits the OTP to server on web portal C. Server verifies the replied OTP and return the decision logic IV. RESULT ANALYSIS
International Journal of Advance Engineering and Research Development (IJAERD) Volume 1,Issue 8, August -2014, e-ISSN: 2348 - 4470 , print-ISSN:2348-6406 @IJAERD-2014, All rights Reserved 152 The experimental design has been developed using MATLAB simulator and the results have been observed and analyzed deeply. The OTP generation procedure is using multi-level random value generation from the sphere, and further concatenated in uneven fashion to produce the unique one time password every-time. One time password generation process is flexible and unique to produce the unique one time passwords at one point of time to reduce the possibility of two users receiving the same password at one point of time. This random one time password generation framework can used with medium or smaller sized web or utility based portals. This sequence will be able to handle thousands to tens of thousands of users at one point of time. The uniqueness calculation has shown that this OTP framework is capable of handing flexible number of unique OTP at one point of time with minor changes in the program sequence. The framework simulation is designed to generate the one time password which is followed by visual encoding to produce one time image password (OTIP). OTIP is then forwarded to the client side, where client enters the password the OTP input box and submit the information to the server side. The server then verifies the original OTP with the generated OTP and returns the decision logic, which is further used to take the programmed action in the software architecture according to the decision logic. The OTP send by the Client to Server is compared with the OTP generated and saved at the Server. If the both the OTPs are same, then the OTP is verified and the access is granted. Rotation Size Time in Seconds 1 0.23 10 2.63 50 12.69 100 28.71 200 61.14 500 190.53 1000 505.43 Table 1: The Time (in seconds) to Rotations size comparison table Figure 1- The Server Graphical Interface
International Journal of Advance Engineering and Research Development (IJAERD) Volume 1,Issue 8, August -2014, e-ISSN: 2348 - 4470 , print-ISSN:2348-6406 @IJAERD-2014, All rights Reserved 153 Figure 2- Generate One Time Password Figure 3- Convert Integers into Image Based Password and forward to client Figure 4- The user retrieve the vOTP and submit the OTP to the server. Figure 8- The OTP Verification The OTP send by the Client to Server is compared with the OTP generated and saved at the Server. If the both the OTPs are same, then the OTP is verified and the access is granted.
International Journal of Advance Engineering and Research Development (IJAERD) Volume 1,Issue 8, August -2014, e-ISSN: 2348 - 4470 , print-ISSN:2348-6406 @IJAERD-2014, All rights Reserved 154 V. CONCLUSION AND FUTURE WORK The proposed vOTP scheme is a scheme is capable of producing a large number of unique word in one time space to facilitate its implementation with mid-sized user authentication applications. The proposed OTP scheme generates the password from the cubic value space using random number selection function from a larger possible numbers in the space. This technique is useful to produce thousands of unique OTPs at one point of time. The results have shown that the system can serve a large number of users every minute. The systemis capable of serving one user in fraction of seconds, 100 users in 28 seconds and 1000 users in less than 10 minutes. In future this scheme can be enhanced using the dizzy images scheme, which also protect against the botnets/autobots with image processing or optical character recognition capability. Also this scheme can be enhanced to produce alphanumeric passwords and can be used with existing or improved v isual encoding scheme. REFERENCES [1] R.R.Karthiga, 2013.“One-time Password: A Survey”, International Journal of Emerging Trends in Engineering and Development Issue 3, Vol.1, pp. 613-623. [2] Ahmad Alamgir Khan, 2013. “Preventing Phishing Attacks using One Time Password and User Machine Identification”, International Journal of Computer Applications (0975 – 8887) Volume 68– No.3. [3] Indu S., Sathya T.N., Saravana Kumar V., 2013“ A Stsnd-alone and SMS-Based approach for Authentication using Mobile Phone”, IEEE-International Conference on Information Communication and Embedded. [4] Andrew Y. Lindell, 2007.“Time versus Event Based One-Time Passwords”, Aladdin Knowledge Systems. [5] Soonduck Yoo1 , Seung-jung Shin1, Dae-hyun Ryu1, 2013. “An effective Two Factor Authentication Method using QR code”, ISA 2013, ASTL Vol. 21, pp. 106- 109, © SERSC 2013. [6] www.ietf.org [7] Bin Li, Shaohai Hu, Yunyan Liu, 2006.“A Practical One-Time Password Authentication Implement on Internet”, ICWMMN Proceedings. [8] Ping Wang, Lei Wu, Baber Aslam and Cliff C. Zou, 2009. “ A Systematic Study on Peer-To-Botnets”, International Conference on Computer Communications and Networks, 2009. ICCCN 2009. San Francisco, CA, IEEE. [9] Yu tao, Fan, Gui ping, Su, 2009.“Design of Two-Way One-Time-Password Authentication Scheme Based On True Random Numbers”, Second International Workshop on Computer Science and Engineering, pp. 611-614. [10] Jivika Govil, 2007. “Examining the Criminology of Bot Zoo”, IEEE. [11] Mihai Ordean, 2012. “Secure Authentication Using One Time Visual Password”, Ph.D. Dissertation, The technical university of Cluj-Napoca. [12] Jing Liu, Yang Xiao, Kaveh Ghaboosi, Hongmei Deng, and Jingyuan Zhang, 2009.” Botnet: Classification, Attacks, Detection, Tracing, and Preventive Measures”, Hindawi Publishing Corporation EURASIP Journal on Wireless Communications and Networking Volume 2009,11 pages doi:10.1155/2009/692654 [13] Julian B. Grizzard, Vikram Sharma, Chris Nunnery,and Brent Byung Hoon Kang, David Dagon, 2007, “Peer-To-Peer Botnets: Overview and Case Study”. HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets. USENIX Association Berkeley, CA, USA. [14] Abebe Tesfahun and D.Lalitha Bhaskari, 2013. “Botnet Detection and Countermeasures - A Survey”, International Journal of Emerging Trends & Technology in Computer Science (IJETTCS), Volume 2, Issue 4, ISSN 2278-6856. [15] Takasuke TSUJI, 2003. “A One-Time Password Authentication Method”, Kochi University of Technology. [16] Márk Jelasity, Vilmos Bilicki, 2009. “Towards Automated Detection of Peer-To-Peer Botnets: On the Limits of Local Approach”, Hungary, www.usenix.org [17] S. Behal, A. S. Brar, and K. Kumar, “Signature based Botnet Detection and Prevention”, ISCET, pp. 122-127, 2010.

More Related Content

PPTX
ToTP
FORMAEMPLEO
 
PDF
One-Time Password
Ata Ebrahimi
 
PPT
10 1 otp all
Mohammad Alyan
 
PPTX
SecureOTP: Total One-Time-Password Solution
Rafidah Ariffin
 
PPTX
One Time Password - A two factor authentication system
Swetha Kogatam
 
PPT
Cartes Asia Dem 2010 V2
Donald Malloy
 
PPTX
Two factor authentication presentation mcit
mmubashirkhan
 
PDF
The International Journal of Engineering and Science (The IJES)
theijes
 
ToTP
FORMAEMPLEO
 
One-Time Password
Ata Ebrahimi
 
10 1 otp all
Mohammad Alyan
 
SecureOTP: Total One-Time-Password Solution
Rafidah Ariffin
 
One Time Password - A two factor authentication system
Swetha Kogatam
 
Cartes Asia Dem 2010 V2
Donald Malloy
 
Two factor authentication presentation mcit
mmubashirkhan
 
The International Journal of Engineering and Science (The IJES)
theijes
 

What's hot (20)

PDF
Two-factor Authentication
PortalGuard dba PistolStar, Inc.
 
PDF
Cw4201656660
IJERA Editor
 
PDF
TWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDE
CTM360
 
PDF
Adding Two Factor Authentication to your App with Authy
Nick Malcolm
 
PDF
otp crid cards
Bayalagmaa Davaanyam
 
PDF
Authentication techniques
IGZ Software house
 
PDF
2 factor authentication 3 [compatibility mode]
Hai Nguyen
 
PDF
License Generator using MAC Address for Industrial Application
IRJET Journal
 
PDF
7317ijcis01
ijcisjournal
 
PDF
Why Two-Factor Authentication?
Fortytwo
 
PDF
Avoiding Two-factor Authentication? You're Not Alone
PortalGuard
 
PDF
A countermeasure for security intensification in cloud using CaPGP
IRJET Journal
 
PDF
3 reasons your business can't ignore Two-Factor Authentication
Fortytwo
 
PDF
A Survey on “Pass sequence acting as OTP using Login Indicator preventing Sho...
IRJET Journal
 
PDF
Security Analysis of Mobile Authentication Using QR-Codes
csandit
 
PDF
Two Factor Authentication and You
Chris Stone
 
PPT
Better watch your apps - MJ Keith
m j
 
PDF
An Enhanced Security System for Web Authentication
IJMER
 
PDF
Defcon 22-alex zacharis-nikolaos-tsagkarakis-po s-attacking-t
Priyanka Aash
 
PDF
Efficient Multi Server Authentication and Hybrid Authentication Method
IJCERT
 
Two-factor Authentication
PortalGuard dba PistolStar, Inc.
 
Cw4201656660
IJERA Editor
 
TWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDE
CTM360
 
Adding Two Factor Authentication to your App with Authy
Nick Malcolm
 
otp crid cards
Bayalagmaa Davaanyam
 
Authentication techniques
IGZ Software house
 
2 factor authentication 3 [compatibility mode]
Hai Nguyen
 
License Generator using MAC Address for Industrial Application
IRJET Journal
 
7317ijcis01
ijcisjournal
 
Why Two-Factor Authentication?
Fortytwo
 
Avoiding Two-factor Authentication? You're Not Alone
PortalGuard
 
A countermeasure for security intensification in cloud using CaPGP
IRJET Journal
 
3 reasons your business can't ignore Two-Factor Authentication
Fortytwo
 
A Survey on “Pass sequence acting as OTP using Login Indicator preventing Sho...
IRJET Journal
 
Security Analysis of Mobile Authentication Using QR-Codes
csandit
 
Two Factor Authentication and You
Chris Stone
 
Better watch your apps - MJ Keith
m j
 
An Enhanced Security System for Web Authentication
IJMER
 
Defcon 22-alex zacharis-nikolaos-tsagkarakis-po s-attacking-t
Priyanka Aash
 
Efficient Multi Server Authentication and Hybrid Authentication Method
IJCERT
 
Ad

Similar to One time password generation using mathematical random function in sphere space for mid sized applications (20)

PDF
GENERATION OF SECURE ONE-TIME PASSWORD BASED ON IMAGE AUTHENTICATION
cscpconf
 
PDF
E0962833
IOSR Journals
 
PDF
C0210014017
researchinventy
 
PDF
Kx3518741881
IJERA Editor
 
PDF
Two Factor Authentication Using Smartphone Generated One Time Password
IOSR Journals
 
PDF
Online applications using strong authentication with OTP grid cards
Bayalagmaa Davaanyam
 
PDF
Effectiveness of various user authentication techniques
IAEME Publication
 
PPTX
One time password(otp)
Anjali Agrawal
 
PDF
Creating OTP with free software
Giuseppe Paterno'
 
PDF
325 330
Editor IJARCET
 
PDF
International Journal of Computational Engineering Research(IJCER)
ijceronline
 
PDF
A secure communication in smart phones using two factor authentication
eSAT Journals
 
PDF
A secure communication in smart phones using two factor authentications
eSAT Publishing House
 
PDF
IRJET- Graphical user Authentication for an Alphanumeric OTP
IRJET Journal
 
PDF
IRJET- Multi sharing Data using OTP
IRJET Journal
 
PDF
Strong Authentication State of the Art 2012 / Sarajevo CSO
Sylvain Maret
 
PDF
Performance Evaluation of Password Authentication using Associative Neural Me...
ijait
 
PDF
Persuasive Cued Click Point Password with OTP
IJCSIS Research Publications
 
DOCX
PassBYOP: Bring Your Own Picture for Securing Graphical Passwords
Kamal Spring
 
PDF
Strong Authentication in Web Application #SCS III
Sylvain Maret
 
GENERATION OF SECURE ONE-TIME PASSWORD BASED ON IMAGE AUTHENTICATION
cscpconf
 
E0962833
IOSR Journals
 
C0210014017
researchinventy
 
Kx3518741881
IJERA Editor
 
Two Factor Authentication Using Smartphone Generated One Time Password
IOSR Journals
 
Online applications using strong authentication with OTP grid cards
Bayalagmaa Davaanyam
 
Effectiveness of various user authentication techniques
IAEME Publication
 
One time password(otp)
Anjali Agrawal
 
Creating OTP with free software
Giuseppe Paterno'
 
325 330
Editor IJARCET
 
International Journal of Computational Engineering Research(IJCER)
ijceronline
 
A secure communication in smart phones using two factor authentication
eSAT Journals
 
A secure communication in smart phones using two factor authentications
eSAT Publishing House
 
IRJET- Graphical user Authentication for an Alphanumeric OTP
IRJET Journal
 
IRJET- Multi sharing Data using OTP
IRJET Journal
 
Strong Authentication State of the Art 2012 / Sarajevo CSO
Sylvain Maret
 
Performance Evaluation of Password Authentication using Associative Neural Me...
ijait
 
Persuasive Cued Click Point Password with OTP
IJCSIS Research Publications
 
PassBYOP: Bring Your Own Picture for Securing Graphical Passwords
Kamal Spring
 
Strong Authentication in Web Application #SCS III
Sylvain Maret
 
Ad

More from EditorIJAERD (20)

PDF
Numerical simulation and_preliminary_experimental_verification_of_aisi_1040_f...
EditorIJAERD
 
PDF
Eco Friendly Extraction and Physico-Chemical Characteristics of Cissus Quadra...
EditorIJAERD
 
PDF
The sarcasm detection with the method of logistic regression
EditorIJAERD
 
PDF
Experimental study on the use of locally produced ester base fluids at the dr...
EditorIJAERD
 
PDF
Runoff modelling using hec hms for rural watershed
EditorIJAERD
 
PDF
Performance improvement of ofdm
EditorIJAERD
 
PDF
Soil health analysis for crop suggestions using machine learning
EditorIJAERD
 
PDF
Ik analysis for the hip simulator using the open sim simulator
EditorIJAERD
 
PDF
Trading outlier detection machine learning approach
EditorIJAERD
 
PDF
Experimental investigation of the effect of cold joint on strength and stiffn...
EditorIJAERD
 
PDF
Investigating willingness to pay for congestion pricing in peshawar universit...
EditorIJAERD
 
PDF
Capacity evaluation of masonry infill strengthened with wire containment mesh
EditorIJAERD
 
PDF
Design intervention to reduce muscular strength for using stone polishing mac...
EditorIJAERD
 
PDF
Screening and evaluation of medicinal properties of grape fruit varieties in ...
EditorIJAERD
 
PDF
Modification of airflow around a FSAE Race car using sidepods to increase the...
EditorIJAERD
 
PDF
Pneumatic Gear System
EditorIJAERD
 
PDF
An Assessment of Phase Change Materials for Domestic Applicatons
EditorIJAERD
 
PDF
Digital bus pass
EditorIJAERD
 
PDF
Remediation of heavy metals lead, cobalt and copper from industrail wastewate...
EditorIJAERD
 
PDF
Heart attack and alcohol detection sensor using internet of things
EditorIJAERD
 
Numerical simulation and_preliminary_experimental_verification_of_aisi_1040_f...
EditorIJAERD
 
Eco Friendly Extraction and Physico-Chemical Characteristics of Cissus Quadra...
EditorIJAERD
 
The sarcasm detection with the method of logistic regression
EditorIJAERD
 
Experimental study on the use of locally produced ester base fluids at the dr...
EditorIJAERD
 
Runoff modelling using hec hms for rural watershed
EditorIJAERD
 
Performance improvement of ofdm
EditorIJAERD
 
Soil health analysis for crop suggestions using machine learning
EditorIJAERD
 
Ik analysis for the hip simulator using the open sim simulator
EditorIJAERD
 
Trading outlier detection machine learning approach
EditorIJAERD
 
Experimental investigation of the effect of cold joint on strength and stiffn...
EditorIJAERD
 
Investigating willingness to pay for congestion pricing in peshawar universit...
EditorIJAERD
 
Capacity evaluation of masonry infill strengthened with wire containment mesh
EditorIJAERD
 
Design intervention to reduce muscular strength for using stone polishing mac...
EditorIJAERD
 
Screening and evaluation of medicinal properties of grape fruit varieties in ...
EditorIJAERD
 
Modification of airflow around a FSAE Race car using sidepods to increase the...
EditorIJAERD
 
Pneumatic Gear System
EditorIJAERD
 
An Assessment of Phase Change Materials for Domestic Applicatons
EditorIJAERD
 
Digital bus pass
EditorIJAERD
 
Remediation of heavy metals lead, cobalt and copper from industrail wastewate...
EditorIJAERD
 
Heart attack and alcohol detection sensor using internet of things
EditorIJAERD
 

Recently uploaded (20)

PPTX
CARTOGRAPHY AND GEOINFORMATION VISUALIZATION chapter1 NPTE (2).pptx
abhi1361yadav
 
PDF
SM_6th-Sem__Cse_Internet-of-Things.pdf IOT
smceramu
 
PPTX
KTU 2019 -S7-MCN 401 MODULE 2-VINAY.pptx
VinayB68
 
PPTX
Lecture Notes Electrical Wiring System Components
eedgecbhojpur
 
PDF
Mitigating Risks through Effective Management for Enhancing Organizational Pe...
IJAEMSJORNAL
 
PPTX
FINAL REVIEW FOR COPD DIANOSIS FOR PULMONARY DISEASE.pptx
rubeshbme
 
PDF
composite construction of structures.pdf
AinieButt1
 
PDF
TFEC-4-2020-Design-Guide-for-Timber-Roof-Trusses.pdf
AinieButt1
 
PPTX
IOT PPTs Week 10 Lecture Material.pptx of NPTEL Smart Cities contd
ssusera400e8
 
PPT
CRASH COURSE IN ALTERNATIVE PLUMBING CLASS
rene militante
 
PPTX
Foundation to blockchain - A guide to Blockchain Tech
Davies Chacko
 
PPTX
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
PDF
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
PDF
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
PDF
The CXO Playbook 2025 – Future-Ready Strategies for C-Suite Leaders Cerebrai...
Cerebraix Technologies
 
PPTX
CYBER-CRIMES AND SECURITY A guide to understanding
Davies Chacko
 
DOCX
573137875-Attendance-Management-System-original
AYUSHMANAV
 
PDF
Operating System & Kernel Study Guide-1 - converted.pdf
mranoninvisib16
 
PPTX
Sustainable Sites - Green Building Construction
mhdumerali
 
DOCX
ASol_English-Language-Literature-Set-1-27-02-2023-converted.docx
AYUSHMANAV
 
CARTOGRAPHY AND GEOINFORMATION VISUALIZATION chapter1 NPTE (2).pptx
abhi1361yadav
 
SM_6th-Sem__Cse_Internet-of-Things.pdf IOT
smceramu
 
KTU 2019 -S7-MCN 401 MODULE 2-VINAY.pptx
VinayB68
 
Lecture Notes Electrical Wiring System Components
eedgecbhojpur
 
Mitigating Risks through Effective Management for Enhancing Organizational Pe...
IJAEMSJORNAL
 
FINAL REVIEW FOR COPD DIANOSIS FOR PULMONARY DISEASE.pptx
rubeshbme
 
composite construction of structures.pdf
AinieButt1
 
TFEC-4-2020-Design-Guide-for-Timber-Roof-Trusses.pdf
AinieButt1
 
IOT PPTs Week 10 Lecture Material.pptx of NPTEL Smart Cities contd
ssusera400e8
 
CRASH COURSE IN ALTERNATIVE PLUMBING CLASS
rene militante
 
Foundation to blockchain - A guide to Blockchain Tech
Davies Chacko
 
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
The CXO Playbook 2025 – Future-Ready Strategies for C-Suite Leaders Cerebrai...
Cerebraix Technologies
 
CYBER-CRIMES AND SECURITY A guide to understanding
Davies Chacko
 
573137875-Attendance-Management-System-original
AYUSHMANAV
 
Operating System & Kernel Study Guide-1 - converted.pdf
mranoninvisib16
 
Sustainable Sites - Green Building Construction
mhdumerali
 
ASol_English-Language-Literature-Set-1-27-02-2023-converted.docx
AYUSHMANAV
 

One time password generation using mathematical random function in sphere space for mid sized applications

  • 1. Scientific Journal of Impact Factor (SJIF) : 3.134 International Journal of Advance Engineering and Research Development @IJAERD-2014, All rights Reserved 150 ISSN (Print) : 2348-6406 ISSN (Online): 2348-4470 One Time Password Generation Using Mathematical Random Function In Sphere Space For Mid-Sized Applications 1 Ishupreet Kaur, 2 Gargi Narula 1 Computer Science & Engineering Department, SVIET, Patiala, Punjab, 140601, India,kaurishupreet1@gmail.com 2 Computer Science & Engineering Department, SVIET, Patiala, Punjab, 140601, India,garginarula@gmail.com Abstract--The proposed vOTP scheme is designed by keeping the mid-sized online application requires the OTP scheme. The proposed one time password scheme is used to generate the one time password from the spherical space using random function from a larger spherical number space. This technique is useful to generate thousands of unique and unrepeatable OTPs at one point of time. The results have shown that the system can serve a large number of users every minute. The system is capable of serving one user in fraction of seconds, 100 users in 28 seconds and 1000 users in less than 10 minutes. Keywords—one time password, random function, sphere space, phishing attack , multiple ID generation attack. I. INTRODUCTION The One Time password is unique value which can be used for one transaction only. Once it is used it becomes outdated. One Time Password can be generated Time Based and Event Based. It is used to prevent our systemfrom unauthorized access and harmful attacks. Similarly, One Time Password can also be used to prevent against botnet attacks. Botnet attacks are the attacks in which the bot programs are installed on users system without its prior knowledge. This bot attack can be a snooping attack or a key logger attack. Now, whenever a OTP is used for authentication purpose, it can be a text or graphic based. Because we are using OTP against Botnet/Autobot, we will be using graphics based OTP. As bot programs which are available can detect the text-based passwords but they cannot recognize graphics. A text based OTP is generated using a random generator function which is later converted to graphics based password. One Time Password can be delivered to the user using many ways like mobile phone, e-mail, etc. The Basic Idea of this scheme is to generate a One Time Password for authentication purpose and each time the one time password generated should be unique. The one time password adds another layer of security to login process used widely over internet for authentication. One time password can be generated using spherical random function which has a large amount of number and can produce unique combinations. Spherical random function is capable of generating more unique combinations of integers than any other mathematical random function. Then the random is uniquely selected among the sphere matrix, which creates more unique passwords. Then the integer based password is converted into image hardens the security layer of the mobile/SMS based authentication environments. The visual form of OTP increase the security of the authentication process and protect passwords against interception attacks, the concept of one-time visual passwords (OTVP) is proposed. The OTVP concept takes advantage of the differences between computer encoding of data and the human visual perception of images. Here, we have taken a Client and Server based architecture. In this, a authentication request is made by client to server. And server will send a text based password to client. Further, the text based password is converted to graphic based password. If the recipient is actually a human being, then a human can recognize the graphic and get authenticated. But if it is a Autobot or botnet, then it cannot recognize the password received and authentication is failed. The graphics based password can be delivered to client using MMS, watsapp or email. Therefore, the given mechanism can be used for authentication purpose in online portals where Autobot are using users identification for login purpose without their consent. Then the bots can steal important information or can have financial gains. So it is better to use graphics based one time password to prevent from autobots or botnet problems. II. LITERATURE REVIEW R.R.Karthiga and associates have proposed an OTP generation technique to minimize the damage by phishing and spyware attacks. The OTP is used to authenticate the clients to protect the server from unauthorized access using the long-termpublic
  • 2. International Journal of Advance Engineering and Research Development (IJAERD) Volume 1,Issue 8, August -2014, e-ISSN: 2348 - 4470 , print-ISSN:2348-6406 @IJAERD-2014, All rights Reserved 151 keys and digital certificates. Ahmad Alamgir Khan et al. have discussed the phishing attack used by cyber criminals to steal the user’s personal information, credit card or debit card information in detail. The authors have also proposed the security mechanism against phishing attacks. The proposed approach is based on the OTP retrieval using SMS or email systems., which are submitted by the users to the server and server reverts the decision logic after inspection. The OTP is used an encrypted token in very smart way to tackle the phishing attack problem. Andrew Y. Lindell et al have performed the comparison of two approaches of the OTP: time-based OTP and event-based OTP. They have provided the usability and security comparison of both of these one time password techniques. Both of the techniques compared under this comparison uses cryptographic mechanism. Mihai Ordean and his research associates have conducted the performance analysis of security and usability of authentication systems based on components. They have introduced the one-time visual authentication (OTVP) concept which in real is representing a novel approach to the security of authentication interfaces that combines one-time passwords (OTPs) with visual authentication interfaces III. EXPERIMENTAL DESIGN The major task of the proposed system is to create the one time password based on the random sphere value space to authenticate the users to avoid various cyber attacks like phishing attack. The one time password generation scheme must be able to produce a larger space of unique passwords so that it can be used to authenticate multiple users at one time without any duplicity. The OTP adds an extra security layer to protect the user login. The OTPs are widely used over internet for authentication.OTP generation is using values in the sphere space based random number generation system for large density users at once. Cubic random function provides the capability of larger number of random number combinations. The OTP generation initially generates the matrix of million values. The different numbers of values are randomly selected among the million values generated earlier and concatenates them to make an OTP. Then the complex number is converted into integer based password is converted into image using visual encoding makes it more secure and send it via mobile/SMS based authentication environments. Algorithm: OTP Generation Algorithm Step 1: Sphere Random Function to generate random number A. Initialization of the random number generator and calculate the angle of elevation in the sphere. Sphere contains values in open interval, , but not uniformly distributed. B. Creation of the angle of azimuth for each sphere point on the basis of uniformly distributed in the open interval, C. Compute radius value for each point based on open interval, not uniformly distributed. D. Rearrange and concatenate the random matrix values and return OTP. Step 2: Visual encoding A. Break OTP into list of characters B. Convert each character to ASCII value C. Fetch the visual code/encode for ASCII value for each character in the list D. Concatenate the visual encoding of all characters to form an image and Return vOTP Step 3: Client/Server Communication A. Server send the vOTP to client system using SMS or MMS or Other-App. B. Client submits the OTP to server on web portal C. Server verifies the replied OTP and return the decision logic IV. RESULT ANALYSIS
  • 3. International Journal of Advance Engineering and Research Development (IJAERD) Volume 1,Issue 8, August -2014, e-ISSN: 2348 - 4470 , print-ISSN:2348-6406 @IJAERD-2014, All rights Reserved 152 The experimental design has been developed using MATLAB simulator and the results have been observed and analyzed deeply. The OTP generation procedure is using multi-level random value generation from the sphere, and further concatenated in uneven fashion to produce the unique one time password every-time. One time password generation process is flexible and unique to produce the unique one time passwords at one point of time to reduce the possibility of two users receiving the same password at one point of time. This random one time password generation framework can used with medium or smaller sized web or utility based portals. This sequence will be able to handle thousands to tens of thousands of users at one point of time. The uniqueness calculation has shown that this OTP framework is capable of handing flexible number of unique OTP at one point of time with minor changes in the program sequence. The framework simulation is designed to generate the one time password which is followed by visual encoding to produce one time image password (OTIP). OTIP is then forwarded to the client side, where client enters the password the OTP input box and submit the information to the server side. The server then verifies the original OTP with the generated OTP and returns the decision logic, which is further used to take the programmed action in the software architecture according to the decision logic. The OTP send by the Client to Server is compared with the OTP generated and saved at the Server. If the both the OTPs are same, then the OTP is verified and the access is granted. Rotation Size Time in Seconds 1 0.23 10 2.63 50 12.69 100 28.71 200 61.14 500 190.53 1000 505.43 Table 1: The Time (in seconds) to Rotations size comparison table Figure 1- The Server Graphical Interface
  • 4. International Journal of Advance Engineering and Research Development (IJAERD) Volume 1,Issue 8, August -2014, e-ISSN: 2348 - 4470 , print-ISSN:2348-6406 @IJAERD-2014, All rights Reserved 153 Figure 2- Generate One Time Password Figure 3- Convert Integers into Image Based Password and forward to client Figure 4- The user retrieve the vOTP and submit the OTP to the server. Figure 8- The OTP Verification The OTP send by the Client to Server is compared with the OTP generated and saved at the Server. If the both the OTPs are same, then the OTP is verified and the access is granted.
  • 5. International Journal of Advance Engineering and Research Development (IJAERD) Volume 1,Issue 8, August -2014, e-ISSN: 2348 - 4470 , print-ISSN:2348-6406 @IJAERD-2014, All rights Reserved 154 V. CONCLUSION AND FUTURE WORK The proposed vOTP scheme is a scheme is capable of producing a large number of unique word in one time space to facilitate its implementation with mid-sized user authentication applications. The proposed OTP scheme generates the password from the cubic value space using random number selection function from a larger possible numbers in the space. This technique is useful to produce thousands of unique OTPs at one point of time. The results have shown that the system can serve a large number of users every minute. The systemis capable of serving one user in fraction of seconds, 100 users in 28 seconds and 1000 users in less than 10 minutes. In future this scheme can be enhanced using the dizzy images scheme, which also protect against the botnets/autobots with image processing or optical character recognition capability. Also this scheme can be enhanced to produce alphanumeric passwords and can be used with existing or improved v isual encoding scheme. REFERENCES [1] R.R.Karthiga, 2013.“One-time Password: A Survey”, International Journal of Emerging Trends in Engineering and Development Issue 3, Vol.1, pp. 613-623. [2] Ahmad Alamgir Khan, 2013. “Preventing Phishing Attacks using One Time Password and User Machine Identification”, International Journal of Computer Applications (0975 – 8887) Volume 68– No.3. [3] Indu S., Sathya T.N., Saravana Kumar V., 2013“ A Stsnd-alone and SMS-Based approach for Authentication using Mobile Phone”, IEEE-International Conference on Information Communication and Embedded. [4] Andrew Y. Lindell, 2007.“Time versus Event Based One-Time Passwords”, Aladdin Knowledge Systems. [5] Soonduck Yoo1 , Seung-jung Shin1, Dae-hyun Ryu1, 2013. “An effective Two Factor Authentication Method using QR code”, ISA 2013, ASTL Vol. 21, pp. 106- 109, © SERSC 2013. [6] www.ietf.org [7] Bin Li, Shaohai Hu, Yunyan Liu, 2006.“A Practical One-Time Password Authentication Implement on Internet”, ICWMMN Proceedings. [8] Ping Wang, Lei Wu, Baber Aslam and Cliff C. Zou, 2009. “ A Systematic Study on Peer-To-Botnets”, International Conference on Computer Communications and Networks, 2009. ICCCN 2009. San Francisco, CA, IEEE. [9] Yu tao, Fan, Gui ping, Su, 2009.“Design of Two-Way One-Time-Password Authentication Scheme Based On True Random Numbers”, Second International Workshop on Computer Science and Engineering, pp. 611-614. [10] Jivika Govil, 2007. “Examining the Criminology of Bot Zoo”, IEEE. [11] Mihai Ordean, 2012. “Secure Authentication Using One Time Visual Password”, Ph.D. Dissertation, The technical university of Cluj-Napoca. [12] Jing Liu, Yang Xiao, Kaveh Ghaboosi, Hongmei Deng, and Jingyuan Zhang, 2009.” Botnet: Classification, Attacks, Detection, Tracing, and Preventive Measures”, Hindawi Publishing Corporation EURASIP Journal on Wireless Communications and Networking Volume 2009,11 pages doi:10.1155/2009/692654 [13] Julian B. Grizzard, Vikram Sharma, Chris Nunnery,and Brent Byung Hoon Kang, David Dagon, 2007, “Peer-To-Peer Botnets: Overview and Case Study”. HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets. USENIX Association Berkeley, CA, USA. [14] Abebe Tesfahun and D.Lalitha Bhaskari, 2013. “Botnet Detection and Countermeasures - A Survey”, International Journal of Emerging Trends & Technology in Computer Science (IJETTCS), Volume 2, Issue 4, ISSN 2278-6856. [15] Takasuke TSUJI, 2003. “A One-Time Password Authentication Method”, Kochi University of Technology. [16] Márk Jelasity, Vilmos Bilicki, 2009. “Towards Automated Detection of Peer-To-Peer Botnets: On the Limits of Local Approach”, Hungary, www.usenix.org [17] S. Behal, A. S. Brar, and K. Kumar, “Signature based Botnet Detection and Prevention”, ISCET, pp. 122-127, 2010.