Skip to main content
SpringerLink
Log in

Multi-factor Authentication Scheme Using Mobile App and Camera

  • Conference paper
  • First Online:
Advances in Communication and Computational Technology (ICACCT 2019)

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 668))

Abstract

Phishing attacks are one of the most serious threats faced by the users on the internet the attackers try to steal sensitive information such as login details, credit card details, etc. by deceiving the users to enter sensitive information on the phishing websites and thus leading to huge financial losses. Many schemes have been proposed to detect phishing attacks but the amount of such attacks has not decreased. New attacks like Active Man-In-The-Middle (MITM) phishing attacks have emerged which include Real-Time Man-In-The-Middle (RT MITM) and Controlled Relay Man-In-The-Middle (CR MITM) phishing attacks. These attacks allow the attackers to obtain the users’ account details and relay them in real-time. Similarly, the attacker can lure the user to enter details on a spoofed app and thus gain access to the user’s account. The existing popular authentication schemes fail to address these attacks. In this paper, we propose a novel user authentication scheme that enables the user to log into his/her account without memorizing any password or any other authentication token. In the proposed scheme, the user has to scan a dynamically generated QR-code using the smartphone app and then verify the image, captured by the webcam and sent it on the smartphone via push notification. Thus, the complete authentication procedure requires minimal user involvement and implements automatically. We have implemented and evaluated the proposed scheme in terms of usability, deployability, and security parameters and the results depict that the proposed authentication scheme performs well and can be used as a secure user authentication scheme.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Lastdrager E (2014) Achieving a consensual definition of phishing based on systematic review of the literature. Crime Sci 3:9

    Article  Google Scholar 

  2. Abdelhamid N (2007) Multi-label rules for phishing classification. Appl Comput Inform 11:29–46

    Article  Google Scholar 

  3. Banday MT, Qadri JA (2011) Phishing—a growing threat to e-commerce. arXiv preprint arXiv: 1112.5732

    Google Scholar 

  4. Badra M, El-Sawda S, Hajjeh I (2007) Phishing attacks and solutions. In: Proceedings of the 3rd international conference on mobile multimedia communications, p 42

    Google Scholar 

  5. Mohammad RM, Thabtah FT, McCluskey L (2015) Tutorial and critical analysis of phishing websites methods. Comput Sci Rev 17:1–24

    Article  MathSciNet  Google Scholar 

  6. Jagatic TN, Johnson NA, Jakobsson M, Menczer F (2007) Social phishing. Commun ACM 50:94–100

    Article  Google Scholar 

  7. EMC (2019) RSA monthly fraud report dec 2018 @ ONLINE (Feb). https://www.rsa.com/content/dam/premium/en/e-book/rsa-fraud-report-q4-2018.pdf

  8. (APWG), A.P.W.G.: Phishing activity trends report 2018 @ONLINE. https://www.antiphishing.org/resources/apwg-reports/

  9. (APWG), A.P.W.G.: Phishing activity trends report 2017 @ONLINE. https://www.antiphishing.org/resources/apwg-reports/

  10. Google (2015) Stronger security for your Google account @ ONLINE (Oct). https://www.google.com/landing/2step

  11. SAASPASS (2019) Multifactor authentication @ ONLINE (Jan). https://saaspass.com/

  12. Varshney G, Misra M, Atrey P (2018) Secure authentication scheme to thwart RT MITM, CR MITM and malicious browser extension based phishing attacks. J Inf Secur Appl 42:1–17. https://doi.org/10.1016/j.jisa.2018.07.001, http://www.sciencedirect.com/science/article/pii/S2214212618300140

  13. Kim SH, Choi D, Jin SH, Lee SH (2013) Geo-location based qr-code authentication scheme to defeat active real-time phishing attack. In: Proceedings of the 2013 ACM workshop on digital identity management. ACM, pp 51–62

    Google Scholar 

  14. Mukhopadhyay S, Argles D (2011) Ananti-phishing mechanism for single sign-on based on qr-code. In: 2011 international conference on information society (i-Society). IEEE, pp 505–508

    Google Scholar 

  15. Dodson B, Sengupta D, Boneh D, Lam MS (2010) Secure, consumer-friendly web authentication and payments with a phone. In: International conference on mobile computing, applications, and services. Springer, pp 17–38

    Google Scholar 

  16. Dodson B, Boneh D, Lam MSL (2012) Method and system for making digital payments. https://patents.google.com/patent/US20130185210A1/en

  17. Bakdi I (2013) Method, devices, and system for authentication with respect to a server. https://patents.google.com/patent/EP3053317A1/en

  18. Venkat R, Qiao Y, Vazquez H (2013) Sight codes for website authentication. https://patents.google.com/patent/US9887992B1/en

  19. Nunn JW, Mathews C (2014) System and method for authenticating a computer session on a mobile device using a two dimensional barcode. https://patents.google.com/patent/US9203824

  20. Leung CM (2009) Depress phishing by captcha with OTP. In: 2009 3rd international conference on anti-counterfeiting, security, and identification in communication. IEEE, pp 187–192

    Google Scholar 

  21. Yubico (2019) Your key to a safer internet @ ONLINE (Jan). https://www.yubico.com/

  22. Varshney G, Misra M (2017) Push notification based login using BLE devices. In: 2017 2nd international conferences on information technology, information systems and electrical engineering (ICITISEE), pp 479–484 (Nov). https://doi.org/10.1109/ICITISEE.2017.8285554

  23. Xie M, Li Y, Yoshigoe K, Seker R, Bian J (2015) Camauth: Securing web authentication with camera. In: 2015 IEEE 16th international symposium on high assurance systems engineering. IEEE, pp. 232–239

    Google Scholar 

  24. Lastpass (2019) Lastpass remembers all your passwords, so you don’t have to @ONLINE (Jan). https://www.lastpass.com/

  25. Ross B, Jackson C, Miyake N, Boneh D, Mitchell JC (2005) Stronger password authentication using browser extensions. In: Usenix security, Baltimore, MD, USA, pp 17–32

    Google Scholar 

  26. Tricipher (2019) White paper preventing man in the middle phishing attacks with multi-factor authentication @ONLINE (Jan). https://www.globaltrustit/documents/press/phishing/PhishingSolutionWhitepaper.pdf

  27. Yahoo (2016) Yahoo sign in @ ONLINE. https://login.yahoo.com/

  28. Beal V (2019) RSA secure id @ ONLINE (Jan 2019). https://www.webopedia.com/TERM/R/rsa_secure_id.html/

  29. Zhu BB, Yan J, Bao G, Yang M, Xu N (2014) Captcha as graphical passwords A new security primitive based on hard AI problems. IEEE Trans Inf Foren Secur 9(6):891–904

    Article  Google Scholar 

  30. Bonneau J, Preibusch SR (2010) The password thicket: technical and market failures in human authentication on the web. In: WEIS, pp 1–48

    Google Scholar 

  31. Bonneau J, Herley C, Van Oorschot PC, Stajano F (2012) The quest to replace passwords: a framework for comparative evaluation of web authentication schemes. In: 2012 IEEE symposium on security and privacy. IEEE, pp 553–567

    Google Scholar 

  32. Android Developers (2016) Android keystore system @ ONLINE (Mar). http://developer.android.com/training/articles/keystore.html

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Indian Institute of Technology Roorkee, Roorkee, Uttarakhand, India

    Sajal Jindal & Manoj Misra

Authors
  1. Sajal Jindal
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Manoj Misra
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sajal Jindal .

Editor information

Editors and Affiliations

  1. Department of Mathematics and Computer Science, University of Maryland Eastern Shore, Princess Anne, MD, USA

    Gurdeep Singh Hura

  2. Department of Master of Computer Applications, National Institute of Technology Kurukshetra, Kurukshetra, Haryana, India

    Ashutosh Kumar Singh

  3. Department of Information Science and Technology, Multimedia University, Jalan Ayer Keroh Lama, Melaka, Malaysia

    Lau Siong Hoe

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Jindal, S., Misra, M. (2021). Multi-factor Authentication Scheme Using Mobile App and Camera. In: Hura, G.S., Singh, A.K., Siong Hoe, L. (eds) Advances in Communication and Computational Technology. ICACCT 2019. Lecture Notes in Electrical Engineering, vol 668. Springer, Singapore. https://doi.org/10.1007/978-981-15-5341-7_60

Download citation

  • DOI: https://doi.org/10.1007/978-981-15-5341-7_60

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-15-5340-0

  • Online ISBN: 978-981-15-5341-7

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation