Communications of the ACM
An Efficient and Secure Multi-Server Password Authentication Scheme using Smart Cards
CW '04 Proceedings of the 2004 International Conference on Cyberworlds
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Design and evaluation of a shoulder-surfing resistant graphical password scheme
Proceedings of the working conference on Advanced visual interfaces
Déjà Vu: a user study using images for authentication
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
The design and analysis of graphical passwords
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
VIP: a visual approach to user authentication
Proceedings of the Working Conference on Advanced Visual Interfaces
Efficient multi-server password authenticated key agreement using smart cards
IEEE Transactions on Consumer Electronics
A remote password authentication scheme for multiserver architecture using neural networks
IEEE Transactions on Neural Networks
Hi-index | 0.00 |
Two Factor authentication mechanisms are considered to be secure for authenticating a user in Internet based environment. As the number of services provided online is day by day increasing, users intending to use various online services are also increasing. With each service requiring the user to register separately, the overhead of remembering many ID/password pairs has lead to the problem of memorability. To address this, researchers have proposed mechanisms for multi-server environment where in the user needs to register with a single registration centre using one ID/password pair and thereby access all the services registered through that server. But, as these mechanisms employ textual passwords, they suffer from many inherent drawbacks. In this paper we propose a two factor password authenticated key agreement mechanism using graphical password where in the user needs to recognize his secret image presented to him as challenge. The protocol is designed such that there is no need of maintaining a password table at server for verification. In addition, the protocol provides secure low computation mutual authentication and session key agreement. The proposed protocol is computationally efficient and is expected to be secure against ID theft, Insider attack, Replay attack, Shoulder surfing attack, Reconnaissance attack, Server spoofing attack and guessing attack.