M2U2: Multifactor Mobile Based Unique User Authentication Mechanism

  • Rachit Bhalla
  • N. JeyanthiEmail author
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 940)


Identifying and validating the user is a major concern in a heterogeneous network domain. Conventional algorithms and mechanisms could authenticate the users/messages, but with certain vulnerabilities. This paper analyzes the vulnerabilities and downsides of some present-day authentication mechanisms that are being used and proposes an authentication mechanism that cannot be bypassed easily. The proposed mechanism incorporates multi-factor authentication and validates the user based on a username, a password, a security question which is sent to the user via Short-Message-Service (SMS), and a security pin (if necessary). List of security questions posed to the end-user makes the proposed mechanism stronger and protect the system from security breaches by an unknown user to guess the answer.


Security Multi-factor authentication Confidentiality One-Time Password (OTP) Short-Message-Service (SMS) Security question Security pin 


  1. 1.
    Kaur, N., Devgan, M., Bhushan, S.: Robust login authentication using time-based OTP through secure tunnel. In: 3rd International Conference on Computing for Sustainable Global Development, New Delhi, India (2016)Google Scholar
  2. 2.
    Tzemos, I., Fournaris, A.P., Sklavos, N.: Security and efficiency analysis of one time password techniques. In: Proceedings of the 20th Pan-Hellenic Conference on Informatics, p. 67. ACM (2016)Google Scholar
  3. 3.
    Mulliner, C., Borgaonkar, R., Stewin, P., Seifert, J.P.: SMS-based one-time passwords: attacks and defense. In: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, 18 July 2013, pp. 150–159. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  4. 4.
    Yoo, C., Kang, B.T., Kim, H.K.: Case study of the vulnerability of OTP implemented in internet banking systems of South Korea. Multimed. Tools Appl. 74(10), 3289–3303 (2015)CrossRefGoogle Scholar
  5. 5.
    Apvrille, A.: Zeus in the Mobile (Zitmo): Online Banking’s Two Factor Authentication Defeated (2010)Google Scholar
  6. 6.
    F-Secure: Threat Description: Trojan: Android/Cruse wind (2011).
  7. 7.
    Maslennikov, D.: ZeuS in the Mobile is Back. Secure List Blog, February 2011Google Scholar
  8. 8.
    Klein, A.: The song remains the same: man in the mobile attacks single out android, July 2012.
  9. 9.
    Abdullayeva, F., Imamverdiyev, Y., Musayev, V., Wayman, J.: Analysis of security vulnerabilities in biometric systems (2006)Google Scholar
  10. 10.
    Kowtko, M.A.: Biometric authentication for older adults. In: 2014 IEEE Long Island Systems, Applications and Technology Conference (LISAT), pp. 1–6. IEEE (2014)Google Scholar
  11. 11.
    Ashibani, Y., Kauling, D., Mahmoud, Q.H.: A context-aware authentication framework for smart homes. In: IEEE 30th Canadian Conference on Electrical and Computer Engineering, Windsor, ON, Canada (2017)Google Scholar
  12. 12.
    Mock, K., Weaver, J., Milton, M.: Poster: real-time continuous iris recognition for authentication using an eye tracker. In: Proceedings of the 2012 ACM Conference on Computer Communication & Security, pp. 1007–1009 (2012)Google Scholar
  13. 13.
    Tsai, P.W., Khan, M.K., Pan, J.S., Liao, B.Y.: Interactive artificial bee colony supported passive continuous authentication system. IEEE Syst. J. 8(2), 395–405 (2014)CrossRefGoogle Scholar
  14. 14.
    Agrawal, H., Thakur, A., Slathia, R., Jeyanthi, N.: User authentication scheme in cloud computing. Int. J. Appl. Eng. Res. 10(8), 20767–20778 (2015)Google Scholar
  15. 15.
    Jeyanthi, N., Shabeeb, H., Thandeeswaran, R., Durai, M.A.S.: RESCUE: three phase authentication to detect and prevent DDoS attacks in cloud computing environment. Int. J. Eng. Trans. B: Appl. 27(8), 1137–1146 (2014)Google Scholar
  16. 16.
    Thandeeswaran, R., Mcheick, H., Hemant, A., Ajay, T., Jeyanthi, N., Rajan, S.: An efficient and secure biometric authentication scheme for M-Commerce. Int. J. Civ. Eng. Technol. 8(12), 429–437 (2017)Google Scholar
  17. 17.
    Rawat, A., Singh, A.K., Jithin, J., Jeyanthi, N., Thandeeswaran, R.: RSJ approach for user authentication. In: International Conference on Advances in Information Communication Technology & Computing, Bikaner. ACM, 12–13 August 2016Google Scholar
  18. 18.
    Kumari, J., Jeyanthi, N.: Two way authentication system in Internet of Things (IoT) for impersonation attacks. In: IEEE Sponsored International Conference on Engineering and Technology (ICET16), Coimbatore, India, 16–17 December 2016Google Scholar
  19. 19.
    Jeyanthi, N., Gundu, S.: Backup key generation model for one-time password security protocol. In: 14th International Conference on Science, Engineering and Technology, Vellore, India, IOP Conference Proceedings (2017)Google Scholar
  20. 20.
    Tiwari, A., Sanyal, S., Abraham, A., Knapskog, S.J., Sanyal, S.: A multifactor security protocol for wireless payment-secure web authentication using mobile devices. In: Guimaraes, N., Isaias, P. (eds.) International Conference on Applied Computing 2007, Salamanca, Spain, pp. 160—167 (2007). ISBN 978-972-8924-30-0Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.School of Information Technology and EngineeringVITVelloreIndia

Personalised recommendations