Virtual password using random linear functions for on-line services, ATM machines, and pervasive computing

Authors:
Ming Lei;Yang Xiao;Susan V. Vrbsky;Chung-Chih Li
Affiliations:
Department of Computer Science, The University of Alabama, Box 870290, Tuscaloosa, AL 35487, USA;Department of Computer Science, The University of Alabama, Box 870290, Tuscaloosa, AL 35487, USA;Department of Computer Science, The University of Alabama, Box 870290, Tuscaloosa, AL 35487, USA;School of Information Technology, Illinois State University, Normal, IL 61790, USA
Venue:
Computer Communications
Year:
2008

Citing 10
Cited 2

On secure and pseudonymous client-relationships with multiple servers

ACM Transactions on Information and System Security (TISSEC)
Cryptography: Theory and Practice

Cryptography: Theory and Practice
SPINS: security protocols for sensor networks

Wireless Networks
How to Make Personalized Web Browising Simple, Secure, and Anonymous

FC '97 Proceedings of the First International Conference on Financial Cryptography
Spam attacks: p2p to the rescue

Proceedings of the 13th international World Wide Web conference on Alternate track papers & posters
A PIN-entry method resilient against shoulder surfing

Proceedings of the 11th ACM conference on Computer and communications security
Design and evaluation of a shoulder-surfing resistant graphical password scheme

Proceedings of the working conference on Advanced visual interfaces
Stronger password authentication using browser extensions

SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Security co-existence of wireless sensor networks and RFID for pervasive computing

Computer Communications
A lightweight secure protocol for wireless sensor networks

Computer Communications

Cryptanalysis of the convex hull click human identification protocol

ISC'10 Proceedings of the 13th international conference on Information security
A review of GENI authentication and access control mechanisms

International Journal of Security and Networks

Quantified Score

Hi-index	0.24

Visualization

Abstract

People enjoy the convenience of on-line services, Automated Teller Machines (ATMs), and pervasive computing, but online environments, ATMs, and pervasive computing may bring many risks. In this paper, we discuss how to prevent users' passwords from being stolen by adversaries. We propose a virtual password concept involving a small amount of human computing to secure users' passwords in on-line environments, ATMs, and pervasive computing. We adopt user-determined randomized linear generation functions to secure users' passwords based on the fact that a server has more information than any adversary does. We analyze how the proposed schemes defend against phishing, key logger, and shoulder-surfing attacks. To the best of our knowledge, our virtual password mechanism is the first one which is able to defend against all three attacks together.