Visual Authentication Using QR Code to Prevent Keylogging
Citation
R Divya , S Muthukumarasamy "Visual Authentication Using QR Code to Prevent Keylogging", International Journal of Engineering Trends and Technology (IJETT), V20(3),149-154 Feb 2015. ISSN:2231-5381. www.ijettjournal.org. published by seventh sense research group
Abstract
Keylogging is an activity of capturing users’ keyboard strokes and records the activity of a computer user in a covert manner using keylogger hardware and software. The keyloggers secretly monitors and log all keystrokes. Unlike other malicious programs, keyloggers do not cause any threat to system. But it can be used to intercept passwords and other confidential information entered via the keyboard by considering various rootkits residing in PCs (Personnel Computers) that breaches the security. Cyber criminals can get user names, email passwords, PIN codes, account numbers, email addresses, passwords to online gaming accounts, e-payment systems, etc. As a result, it impersonates a user during authentication in financial transactions. To prevent keylogging, the strict authentication is required. The QR code can be used to design the visual authentication protocols to achieve high usability and security. The two authentication protocols are Time based One-Time-Password protocol and Password-based authentication protocol. Through accurate analysis, the protocols are proved to be robust to several authentication attacks. And also by deploying these two protocols in real-world applications especially in online transactions, the strict security requirements can be satisfied.
References
[1] BS ISO/IEC 18004:2006. Information Technology. Automatic Identification and Data Capture Techniques. ISO/IEC, 2006.
[2] D. Boneh and X. Boyen. Short signatures without random oracles. In Proc. of EUROCRYPT, pages 56–73, 2004.
[3] C.-H. O. Chen, C.-W. Chen, C. Kuo, Y.-H. Lai, J. M. McCune, A. Studer, A. Perrig, B.-Y. Yang, and T.-C. Wu. Gangs: gather, authenticate ’n group securely. In J. J. Garcia-Luna-Aceves, R. Sivakumar, and P. Steenkiste, editors, MOBICOM, pages 92–103. ACM, 2008.
[4] N. Doraswamy and D. Harkins. IPSec: the new security standard for the Internet, intranets, and virtual private networks. Prentice Hall, 2003.
[5] M. Farb, M. Burman, G. Chandok, J. McCune, and A. Perrig. Safeslinger: An easy-to-use and secure approach for human trust establishment. Technical report, CMU, 2011.
[6] H. Gao, X. Guo, X. Chen, L. Wang, and X. Liu. Yagp: Yet another graphical password strategy. In Proc. of ACM ACSAC, pages 121–129,2008.
[7] S. Goldwasser, S. Micali, and R. L. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal, 1988.
[8] S. Goldwasser, S. Micali, and R. L. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal, 1988.
[9] E. Hayashi, R. Dhamija, N. Christin, and A. Perrig. Use your illusion: secure authentication usable anywhere. In Proc. of ACM SOUPS, 2008.
[10] A. Hiltgen, T. Kramp, and T. Weigold. Secure internet banking authentication. IEEE Security and Privacy, 4:21–29, March 2006.
[11] N. Hopper and M. Blum. Secure human identification protocols. In Proc. of ASIACRYPT, 2001.
[12] J. Katz and Y. Lindell. Introduction to modern cryptography. CRC Press, 2008.
[13] M. Kumar, T. Garfinkel, D. Boneh, and T. Winograd. Reducing shoulder surfing by using gaze-based password entry. In Proc. of ACM SOUPS, pages 13–19, 2007.
[14] Y.-H. Lin, A. Studer, Y.-H. Chen, H.-C. Hsiao, E. L.-H. Kuo, J. M. McCune, K.-H. Wang, M. N. Krohn, A. Perrig, B.-Y. Yang, H.-M. Sun, P.-L. Lin, and J. Lee. Spate: Small-group pki-less authenticated trust establishment. IEEE Trans. Mob. Comput., 9(12):1666–1681, 2010.
[15] J. M. McCune, A. Perrig, and M. K. Reiter. Seeing-is-believing: Using camera phones for human-verifiable authentication. In Proc. of IEEE Symposium on Security and Privacy, pages 110–124, 2005
Keywords
keylogging; phishing; pharming; session hijacking; QR code; authentication; malicious code; attack; android; visualization