A more secure scheme for CAPTCHA-based authentication in cloud environment

Ibrahim A. Althamary, El Sayed M. El-Alfy

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

10 Scopus citations

Abstract

Cloud computing is a remarkable model for permitting on-demand network access to an elastic collection of configurable adaptive resources and features including storage, software, infrastructure, and platform. However, there are major concerns about security-related issues. A very critical security function is user authentication using passwords. Although many flaws have been discovered in password-based authentication, it remains the most convenient approach that people continue to utilize. Several schemes have been proposed to strengthen its effectiveness such as salted hashes, one-time password (OTP), single-sign-on (SSO) and multi-factor authentication (MFA). This study proposes a new authentication mechanism by combining user's password and modified characters of CAPTCHA to generate a passkey. The modification of the CAPTCHA depends on a secret agreed upon between the cloud provider and the user to employ different characters for some characters in the CAPTCHA. This scheme prevents various attacks including short-password attack, dictionary attack, keylogger, phishing, and social engineering. Moreover, it can resolve the issue of password guessing and the use of a single password for different cloud providers.

Original languageEnglish
Title of host publicationICIT 2017 - 8th International Conference on Information Technology, Proceedings
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages405-411
Number of pages7
ISBN (Electronic)9781509063321
DOIs
StatePublished - 20 Oct 2017

Publication series

NameICIT 2017 - 8th International Conference on Information Technology, Proceedings

Bibliographical note

Publisher Copyright:
© 2017 IEEE.

Keywords

  • CAPTCHA
  • authentication
  • cloud computing
  • dictionary attack
  • phishing
  • social engineering

ASJC Scopus subject areas

  • Information Systems
  • Health Informatics
  • Information Systems and Management
  • Computer Networks and Communications
  • Computer Science Applications

Fingerprint

Dive into the research topics of 'A more secure scheme for CAPTCHA-based authentication in cloud environment'. Together they form a unique fingerprint.

Cite this