Abstract
Cloud computing is a remarkable model for permitting on-demand network access to an elastic collection of configurable adaptive resources and features including storage, software, infrastructure, and platform. However, there are major concerns about security-related issues. A very critical security function is user authentication using passwords. Although many flaws have been discovered in password-based authentication, it remains the most convenient approach that people continue to utilize. Several schemes have been proposed to strengthen its effectiveness such as salted hashes, one-time password (OTP), single-sign-on (SSO) and multi-factor authentication (MFA). This study proposes a new authentication mechanism by combining user's password and modified characters of CAPTCHA to generate a passkey. The modification of the CAPTCHA depends on a secret agreed upon between the cloud provider and the user to employ different characters for some characters in the CAPTCHA. This scheme prevents various attacks including short-password attack, dictionary attack, keylogger, phishing, and social engineering. Moreover, it can resolve the issue of password guessing and the use of a single password for different cloud providers.
Original language | English |
---|---|
Title of host publication | ICIT 2017 - 8th International Conference on Information Technology, Proceedings |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Pages | 405-411 |
Number of pages | 7 |
ISBN (Electronic) | 9781509063321 |
DOIs | |
State | Published - 20 Oct 2017 |
Publication series
Name | ICIT 2017 - 8th International Conference on Information Technology, Proceedings |
---|
Bibliographical note
Publisher Copyright:© 2017 IEEE.
Keywords
- CAPTCHA
- authentication
- cloud computing
- dictionary attack
- phishing
- social engineering
ASJC Scopus subject areas
- Information Systems
- Health Informatics
- Information Systems and Management
- Computer Networks and Communications
- Computer Science Applications