Miss. Shweta Kamble,Miss. Pooja Kendre,Miss. Ayesha Siddiqua,Mr. Deshpande G. R

DOI: https://doi.org/10.48175/ijarsct-14204

2023-12-11

Abstract:This paper proposes an authentication system that combines One-Time Password (OTP) and Quick Response (QR) code technologies to enhance security and user experience. The system generates an OTP and a unique QR code for each authentication attempt, which can be scanned using a mobile device to complete the authentication process. The QR code contains encrypted information about the user's identity and the OTP, which is verified by the server. The proposed system provides a secure, convenient, and efficient method for user authentication, which is crucial in today's digital world. An e-authentication system that uses OTP and QR code technology is a secure and efficient method for authenticating users in online transactions. This system combines the benefits of OTP and QR code technology to provide a two-factor authentication mechanism that is convenient for users and effective in preventing unauthorized access. This system aims to address the vulnerabilities of traditional username and password authentication by providing an additional layer of security through two-factor authentication. the system aims to prevent unauthorized access to online services and transactions. The system aims to provide a userfriendly and convenient authentication method that can be easily integrated into existing online platforms. It protect sensitive information and ensure that only authorized users can access online services and transactions

English Else

Priya Pankaj Kumar, Om Prakash, Sudhir Kumar

DOI: https://doi.org/10.52783/tjjpt.v44.i3.2616

2023-11-30

Abstract:In order to improve security and user experience, this article suggests an authentication system that combines Quick Response (QR) code technology with One-Time Password (OTP) technology. Each time an authentication attempt is made, the system generates a unique QR code and an OTP that must be scanned with a mobile device in order to complete the authentication process. Encrypted data, validated by the server, including the user's identity and the OTP included in the QR code. An effective, user-friendly, and secure way of user identification is provided by the suggested system, which is essential in the modern digital world. An effective and safe way to authenticate consumers in online transactions is through an e-authentication system that makes use of OTP and QR code technologies. This method offers a straightforward two-factor authentication technique that effectively blocks illegal access by combining the advantages of OTP and QR code technology.

Yijie Li,Yi-Chao Chen,Xiaoyu Ji,Hao Pan,Lanqing Yang,Guangtao Xue,Jiadi Yu

DOI: https://doi.org/10.1145/3372224.3418165

2020-01-01

Abstract:Quick response (QR) codes have been widely used in mobile applications, due to its convenience and the pervasive built-in cameras on smartphones. Recently, however, QR codes have been reported suffering attacks for being sniffed just before the QR code is scanned, which lead to financial loss. In this study, we propose ScreenID, for enhancing the QR code security by identifying its authenticity, which embeds a QR code with information of unique screen fingerprint - PWM frequency. PWM frequencies are adjusted to different values by screen manufacturers, therefore can successfully differentiate screens. To improve the estimation accuracy of PWM frequency, ScreenID incorporates a model for the interaction between the camera and screen in the temporal and spatial domains. Extensive experiments demonstrate that ScreenID can differentiate screens of different models, types and manufacturers and thus improve the security of QR codes.

N. M. Ausheva,

DOI: https://doi.org/10.31673/2412-9070.2023.053537

2023-01-01

Connectivity

Abstract:In today's world, technologies are developing at a rapid pace. It is very difficult to imagine a sphere of human life where digital data is not used, for example, banking operations, distance learning, utility payments, online messaging have become commonplace for us. However, on the other hand, the question arose of how to ensure the reliability and confidentiality of this data. One of the methods was authentication when entering the system, that is, entering a login and password to identify the user. To date, this method is not reliable and quite vulnerable, because most users have started using the same passwords for login, or simply ignore their reliability and use rather primitive ones. As a result of such actions, more and more confidential user data is at risk of being acquired by unauthorized criminals. The idea to develop a two-factor authentication system using a QR code arose as a result of the urgency of this problem and the imperfection of existing software products. The basis will be the generation of a unique code that will be available only for a short period of time, which will be enough for the user to enter the system. This technology will allow dynamically changing the set of numbers required for authentication. If an attacker takes possession of it, he will not be able to use it, because it will change in the system in a fairly quick period of time. The article discusses the implementation of the two-factor authentication algorithm using a QR code, which has a simple appearance, but can store a large amount of data. Also, regardless of how much information the QR code contains, the data is displayed immediately after reading it. This provides an increased level of protection when the user enters the system and prevents unauthorized access to confidential data by cybercriminals. An approach using TOTP (Time-based One-time password) is also proposed, which will generate a one-time code based on a secret key. The main feature is the use of time as one of the parameters to generate a dynamic 6-digit password required for logging into the system. Also, its generation will be carried out automatically every 30 seconds, thus creating conditions for making its theft and unauthorized use impossible.

English Else

Young Sil Lee,Nack Hyun Kim,Hyotaek Lim,HeungKuk Jo,Hoon Jae Lee

DOI: https://doi.org/10.1109/iccit.2010.5711134

2010-11-01

Abstract:As a high-speed internet infrastructure is being developed and people are informationized, the financial tasks are also engaged in internet field. However, the existing internet banking system was exposed to the danger of hacking. Recently, the personal information has been leaked by a high-degree method such as Phishing or Pharming beyond snatching a user's ID and Password. Seeing that most of examples which happened in the domestic financial agencies were caused by the appropriation of ID or Password belonging to others, a safe user confirmation system gets much more essential. In this paper, we propose a new Online Banking Authentication system. This authentication system used Mobile OTP with the combination of QR-code which is a variant of the 2D barcode.

Mengjun Xie,Yanyan Li,Kenji Yoshigoe,Remzi Seker,Jiang Bian

DOI: https://doi.org/10.1109/hase.2015.41

2015-01-01

Abstract:Frequent outbreak of password database leaks and server breaches in recent years manifests the aggravated security problems of web authentication using only password. Two-factor authentication, despite being more secure and strongly promoted, has not been widely applied to web authentication. Leveraging the unprecedented popularity of both personal mobile devices (e.g., Smartphones) and barcode scans through camera, we explore a new horizon in the design space of two-factor authentication. In this paper, we present CamAuth, a web authentication scheme that exploits pervasive mobile devices and digital cameras to counter various password attacks including man-in-the-middle and phishing attacks. In CamAuth, a mobile device is used as the second authentication factor to vouch for the identity of a use who is performing a web login from a PC. The device communicates directly with the PC through the secure visible light communication channels, which incurs no cellular cost and is immune to radio frequency attacks. CamAuth employs public-key cryptography to ensure the security of authentication process. We implemented a prototype system of CamAuth that consists of an Android application, a Chrome browser extension, and a Java-based web server. Our evaluation results indicate that CamAuth is a viable scheme for enhancing the security of web authentication.

Fei Xu,Sheng Han,Ying Wang,Jian Zhang,Yong Li

DOI: https://doi.org/10.1109/cscloud.2015.24

2015-01-01

Abstract:This paper proposes an asymmetric key based authentication framework, QRToken, for easy - to - use login to websites, SSH servers, etc., QRToken authentication use client - side locally stored RSA private key to encrypt identification information as well as other parameters, and prese nt a QR code in the form of a small two - dimensional picture that encodes the encrypted information. User takes a picture of the QR code with the cell phone camera and sends it as a cryptographic response to the server to complete the authentication process. We believe the simple act of scanning QR code for authentication brings ease in management and enhances user experience. Our framework supports QRToken both as a software application and as a hardware device. It can also be made available to every websit e with our SDK package installed, due to the use of asymmetric - key mechanism. We also illustrate how to combine both software and hardware based approach as a two - factor authentication mechanism to further strengthen security.

Maliheh Shirvanian,Shashank Agrawal

DOI: https://doi.org/10.1145/3485832.3485910

2021-12-06

Abstract:We propose a two-factor authentication (2FA) mechanism called 2D-2FA to address security and usability issues in existing methods. 2D-2FA has three distinguishing features: First, after a user enters a username and password on a login terminal, a unique identifier is displayed to her. She inputs the same identifier on her registered 2FA device, which ensures appropriate engagement in the authentication process. Second, a one-time PIN is computed on the device and automatically transferred to the server. Thus, the PIN can have very high entropy, making guessing attacks infeasible. Third, the identifier is also incorporated into the PIN computation, which renders concurrent attacks ineffective. Third-party services such as push-notification providers and 2FA service providers, do not need to be trusted for the security of the system. The choice of identifiers depends on the device form factor and the context. Users could choose to draw patterns, capture QR codes, etc. We provide a proof of concept implementation, and evaluate performance, accuracy, and usability of the system. We show that the system offers a lower error rate (about half) and better efficiency (2-3 times faster) compared to the commonly used PIN-2FA. Our study indicates a high level of usability with a SUS of 75, and a high perception of efficiency, security, accuracy, and adoptability.

Chahil Choudhary,Adil Husain Rather,Inam ul Haq

DOI: https://doi.org/10.1109/ICCSAI59793.2023.10421294

2023-11-23

Abstract:Quick Response code model plays an important role in mobile security and payments market. All QR code looks similar but technology behind these makes it unique. For the transactions security there always has been a concern in information security. So, to handle this a new system is introduced which is achieved by cryptographic QR code algorithm which is dynamic and makes it even more secure and its unique ability makes it even more secure. Dynamic QR codes have emerged as a pivotal technology in the realm of payments, revolutionizing the way transactions are conducted. Proposed model and working architecture of the system shows that system has achieved the desired output. The performance of system hardware has more efficiency than traditional algorithms and compared it to some other algorithm the processing time is less and execution speed is fast which makes it even more secure and reliable. As the technology evolves and matures, it is poised to further transform the way we conduct financial transactions, paving the way for a more secure, efficient, and inclusive payment ecosystem.

Computer Science

M. Bala Krishna,Arpit Dugar

DOI: https://doi.org/10.1007/s11277-016-3374-x

IF: 2.017

2016-08-01

Wireless Personal Communications

Abstract:AbstractCounterfeiting is one of the biggest challenges for the authenticity of genuine products. An estimated average of 8–9 % trade consists of counterfeit goods that create a loss of revenue. To combat this situation, the product manufacturers use hologram and barcodes. The issue of genuine product remains the primary challenge in the market. With emerging trends in mobile and wireless technology, Quick Response (QR) codes provide a robust technique to fight the practice of counterfeiting the products. Apart from being used extensively in marketing and information transfer applications, the QR codes and encrypted QR codes are primarily used in security and privacy applications. Many web applications use QR codes for secure login where the user need not remember his/her login ID and password. The encrypted unique user ID is verified at the server using QR codes. Our proposed approach uses QR codes based on 2-dimensional codes (such as 19 Aztec, Data Matrix, etc.) to authenticate the product. This approach simplifies the size of QR code, and minimizes the complexity of encoding and decoding in QR code.

telecommunications

Hossen Asiful Mustafa,Hasan Muhammad Kafi

DOI: https://doi.org/10.48550/arXiv.1711.01198

2017-11-03

Abstract:Password security can no longer provide enough security in the area of remote user authentication. Considering this security drawback, researchers are trying to find solution with multifactor remote user authentication system. Recently, three factor remote user authentication using biometric and smart card has drawn a considerable attention of the researchers. However, most of the current proposed schemes have security flaws. They are vulnerable to attacks like user impersonation attack, server masquerading attack, password guessing attack, insider attack, denial of service attack, forgery attack, etc. Also, most of them are unable to provide mutual authentication, session key agreement and password, or smart card recovery system. Considering these drawbacks, we propose a secure three factor user authentication scheme using biometric and smart card. Through security analysis, we show that our proposed scheme can overcome drawbacks of existing systems and ensure high security in remote user authentication.

Cryptography and Security

Muhammad Abid Khan,Akhtar Raza,Kamran Ahsan,Sana Irshad

DOI: https://doi.org/10.22581/muet1982.2697

2024-04-05

Mehran University Research Journal of Engineering and Technology

Abstract:Mobile payment is rising attention worldwide to pay for items from sender to receiver. QR (Quick Response) code technology relies on scan-and-pay techniques, does not require specific hardware, and allows a sender to easily scan the destination address of the payment directly from the receiver’s smartphone. Existing QR (Quick Response) Code-based payment solutions require full internet connectivity for transactions. Sometimes, the user does not have internet for mobile payment. To resolve this issue an innovative hybrid method is proposed which uses web and mobile-based applications for E-payment and transactions using QR (Quick Response) Code in a partially connected environment. Online senders can pay by scanning the QR code provided by the offline receiver. A prototype of the proposed model has been developed as Cloud Sarafa System (CSS) which offers a flexible solution. A Prototype of the proposed model tested via use cases and test cases. Data was collected from 350 participants to evaluate the performance report against the prototype of the proposed model which endorsed positive.

Kalpesh Adhatrao,Aditya Gaykar,Rohit Jha,Vipul Honrao

DOI: https://doi.org/10.48550/arXiv.1310.4000

2013-10-15

Cryptography and Security

Abstract:The emerging threats to user privacy over the internet are increasing at an alarming rate. Signing in from an unreliable terminal into a web account may result in compromising private details of a user such as username and password, by means of keylogger software. Such software are capable of recording keystrokes secretly, via covert channels without the knowledge of the user. In this paper we propose a secure method for signing in using Quick Response (QR) codes with mobile authentication. Through this method, the user can securely sign-in into a web account by authenticating the user session on an unreliable terminal browser, using a mobile device.

Hussain Alsalem,Faisal Alotaibi,Mohsen Bamardouf,Ibrahim Abukhamseen,Hussain AlGallaf,Yosef Aljwaid,Sghaier Chaabani,Abdulrahman Alharby,Hussain Alattas,Abdulrahman Almuhaidib

DOI: https://doi.org/10.5121/ijci.2023.120511

2023-08-12

International Journal on Cybernetics & Informatics

Abstract:Laboratories in colleges are used to give lectures to students, but what about after working hours? Students can get many benefits from these labs after working hours. For example, students can study and do their homework after working hours. In this project, we have proposed a new technique to control the access of these laboratories. Our idea is to use an encrypted QR code with an TOTP authentication that will be connected to LAN network to guarantee that each student enter can only use a single PC. Each student will have his own encrypted QR code that differs from other students. The TOTP code will be sent to student’s university email. The encryption method used encrypted method used AES encryption to encrypt the data inside the QR code to guarantee the confidentiality, integrity, non-repudiation, and authenticity of the date.

English Else

Mohamed Hamdy Eldefrawy,Khaled Alghathbar,Muhammad Khurram Khan

DOI: https://doi.org/10.1109/itng.2011.64

2011-04-01

Abstract:Two-factor authentication (2FA) provides improved protection, since users are prompted to provide something they know and something they have. This method delivers a higher level of authentication assurance, which is essential for online banking security. Many banking systems have satisfied the 2FA requirements by sending a One Time Password (OTP), something possessed, through an SMS to the user's phone device. Unfortunately, international roaming and SMS costs and delays put restrictions on this system reliability. This paper presents a novel two-factor authentication scheme whereby a user's device produces multiples OTPs from an initial seed using the proposed production scheme. The initial seed is produced by the communications partners' unique parameters. Applying the many from one function to a certain seed removes the requirement of sending SMS-based OTPs to users, and reduces the restrictions caused by the SMS system.

Jack Sturgess,Ivan Martinovic

2024-09-24

Abstract:Cashless payment systems offer many benefits over cash, but also have some drawbacks. Fake terminals, skimming, wireless connectivity, and relay attacks are persistent problems. Attempts to overcome one problem often lead to another - for example, some systems use QR codes to avoid skimming and connexion issues, but QR codes can be stolen at distance and relayed. In this paper, we propose a novel mobile payment scheme based on biometric identification that provides mutual authentication to protect the user from rogue terminals. Our scheme imposes only minimal requirements on terminal hardware, does not depend on wireless connectivity between the user and the verifier during the authentication phase, and does not require the user to trust the terminal until it has authenticated itself to the user. We show that our scheme is resistant against phishing, replay, relay, and presentation attacks.

Cryptography and Security

Ayu Tiwari,Sudip Sanyal,Ajith Abraham,Svein Johan Knapskog,Sugata Sanyal

DOI: https://doi.org/10.48550/arXiv.1111.3010

2011-11-13

Abstract:Previous Web access authentication systems often use either the Web or the Mobile channel individually to confirm the claimed identity of the remote user. This paper proposes a new protocol using multifactor authentication system that is both secure and highly usable. It uses a novel approach based on Transaction Identification Code and SMS to enforce extra security level with the traditional Login/password system. The system provides a highly secure environment that is simple to use and deploy, that does not require any change in infrastructure or protocol of wireless networks. This Protocol for Wireless Payment is extended to provide two way authentications.

Cryptography and Security

Zhi Guan,Hu Xiong,Suke Li,Zhong Chen

DOI: https://doi.org/10.1109/ISPA.2011.63

2011-01-01

Abstract:People's increasingly relying on web applications to manage their digital assets makes web authentication a critical security issue. As most websites today still authenticate a user with only username and password, the authentication credentials can be easily compromised in a vulnerable browsing environment without the owner's notice. Considering the browsing in mobile devices is more secure than personal computers, in this paper we explore the One-Time Password web application running inside mobile browsers as a second authentication factor for high value websites in hostile browsing environments. We discuss the security and efficiency of this authentication method from both theory and practice. An implementation with performance evaluation is also provided to prove our concept.

Maysaa Abd Ulkareem Naser,Eman Talib Jasim,Haider M. Al-Mashhadi

DOI: https://doi.org/10.12928/telkomnika.v18i4.14339

2020-08-01

TELKOMNIKA (Telecommunication Computing Electronics and Control)

Abstract:Important paper-based documents Exposed to forgery such as: official certificates, birth, marriage, death certificates, selling and buying documents and other legal documents is more and more serious and sophisticated. With the purposes of fraud, appropriation of property, job application and assignment in order to swindle public authorities, this forgery has led to material loss, belief deterioration as well as social instability. There are many techniques has been proposed to overcome this issues such as: ink stamps, live signatures, documented the transaction in third party like the court or notary. In this paper, it’s proposed a feasible solution for forgery prevention for paper-based documents using cloud computing application. With the application of Quick Response bidirectional barcode and the usage of hash algorithm. The study aims at developing an electronic verification system for official and issued books (documents, endorsements, and other official books) to/from different sections of the Institute using QR technology.

English Else

Sneha Shukla,Gaurav Varshney,Shreya Singh,Swati Goel

2024-06-13

Abstract:Despite being more secure and strongly promoted, two-factor (2FA) or multi-factor (MFA) schemes either fail to protect against recent phishing threats such as real-time MITM, controls/relay MITM, malicious browser extension-based phishing attacks, and/or need the users to purchase and carry other hardware for additional account protection. Leveraging the unprecedented popularity of NFC and BLE-enabled smartphones, we explore a new horizon for designing an MFA scheme. This paper introduces an advanced authentication method for user verification that utilizes the user's real-time facial biometric identity, which serves as an inherent factor, together with BLE- NFC-enabled mobile devices, which operate as an ownership factor. We have implemented a prototype authentication system on a BLE-NFC-enabled Android device, and initial threat modeling suggests that it is safe against known phishing attacks. The scheme has been compared with other popular schemes using the Bonneau et al. assessment framework in terms of usability, deployability, and security.

Cryptography and Security