Security Improvement of One-Time Password Using Crypto-Biometric Model

Conference paper
Part of the Smart Innovation, Systems and Technologies book series (SIST, volume 44)


In many e-commerce systems, to counter network eavesdropping/replay attack, OTP concept has been used. However if the OTP itself gets attacked and then there might be possibility of attacking the account of the legitimate client too. This paper proposes a model for improving the security of OTP using ECC with iris biometric for an e-commerce transaction. This model also offers improve security with shorter key length than the RSA and also avoids to remember the private keys as the private keys are generated dynamically as and when required.


One-time password (OTP) Elliptic curve cryptography (ECC) Biometrics Iris 


  1. 1.
    Bakshi, S., Mehrotra, H., Majhi, B.: Real-time iris segmentation based on image morphology. In: Proceedings of the International Conference on Communication, Computing and Security. ACM, pp. 335–338, (2011)Google Scholar
  2. 2.
    Daugman, J.: New methods in iris recognition. IEEE Trans. Syst. Man Cybern. Part B Cybern. 37(5), 1167–1175 (2007)Google Scholar
  3. 3.
    Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J. (eds.) Advances in Cryptology—EUROCRYPT, Lecture Notes in Computer Science, Springer Heidelberg, vol. 3027, pp. 523–540 (2004)Google Scholar
  4. 4.
    Gura, N., Patel, A., Wander, A., Eberle, H., Shantz, S.: Comparing elliptic curve cryptography and RSA on 8-bit cpus. In: Joye, M., Quisquater, J. (eds.) Cryptographic Hardware and Embedded Systems—CHES, Lecture Notes in Computer Science, Springer Heidelberg, vol. 3156, pp. 119–132 (2004)Google Scholar
  5. 5.
    Haller, N.: The s/key one-time password system. Network Working Group (1995)Google Scholar
  6. 6.
    Hao, F., Anderson, R., Daugman, J.: Combining crypto with biometrics effectively. IEEE Trans. Comput. 55(9), 1081–1088 (2006)CrossRefGoogle Scholar
  7. 7.
    Hollingsworth, K., Bowyer, K., Flynn, P.: The best bits in an iris code. IEEE Trans. Pattern Anal. Mach. Intell. 31(6), 964–973 (2009)CrossRefGoogle Scholar
  8. 8.
    Janbandhu, P.K., Siyal, M.Y.: Novel biometric digital signatures for internet-based applications. Inf. Manage. Comput. Secur. 9(5), 205–212 (2001)Google Scholar
  9. 9.
    Koblitz, N.: Elliptic curve cryptosystems. Math. Comput. 48(177), 203–209 (1987)MathSciNetCrossRefMATHGoogle Scholar
  10. 10.
    Mahto, D., Yadav, D.K.: Network security using ECC with Biometric. In: Singh, K., Awasthi, A.K. (eds.) QSHINE, LNICS-SITE, vol. 115, pp. 842–853. Springer, Heidelberg (2013)Google Scholar
  11. 11.
    Mahto, D., Yadav, D.K.: Enhancing security of one-time password using elliptic curve cryptography with biometrics for e-commerce applications. In: Proceedings of the Third International Conference on Computer, Communication, Control and Information Technology (C3IT), pp. 1–6. IEEE (2015)Google Scholar
  12. 12.
    Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H. (ed.) Advances in Cryptology CRYPTO 85 Proc., Lecture Notes in Computer Science, Springer Heidelberg, vol. 218, pp. 417–426 (1986)Google Scholar
  13. 13.
    Zhang, L., Sun, Z., Tan, T., Hu, S.: Robust biometric key extraction based on iris cryptosystem. In: Tistarelli, M., Nixon, M. (eds.) Advances in Biometrics, Lecture Notes in Computer Science, Springer Heidelberg, vol. 5558, pp. 1060–1069 (2009)Google Scholar

Copyright information

© Springer India 2016

Authors and Affiliations

  1. 1.Department of Computer ApplicationsNational Institute of TechnologyJamshedpurIndia

Personalised recommendations