Analysis of the authentication scheme based on the use of QR-code and webcam for Smart-Mobile devices-Reference-Cited by-同舟云学术

Analysis of the authentication scheme based on the use of QR-code and webcam for Smart-Mobile devices

Published:2020-09-28 Issue:47 Volume: Page:35-52
ISSN:2524-2601
Container-title:47
language:
Short-container-title:

Author:

Kot Oleksandr I.¹^ORCID,Svatovskiy Igor I.¹^ORCID

Affiliation:

1. V.N. Karazin Kharkiv National University, Kharkiv, Ukraine

Abstract

The paper analyzes the necessity and expediency of using the method of user authentication based on QR-code and webcam for Smart-Mobile devices. Phishing attacks are one of the most serious threats faced by Internet users. Existing authentication schemes are not able to provide an adequate protection from these attacks, as evidenced by statistics collected by the companies researching cybersecurity. Therefore, the task of developing a secure authentication scheme for users, which can effectively counteract various types of phishing attacks is very important. The paper proposes a new authentication scheme for users, which allows them to log in to their accounts without remembering passwords or presenting other authentication tokens. According to the messaging protocol in the proposed scheme, the user must scan the dynamically generated QR-code using a smartphone application, then take their own photo via the webcam, and send it to the smartphone via a message from the server. Thus, the full authentication procedure requires minimal user involvement and is performed automatically. The results of evaluation and practical testing show that the proposed authentication scheme is quite reliable and can be used as a secure user authentication scheme for Smart-Mobile devices. The proposed authentication protocol is not only able to cope with attacks such as Real Time Man-In-The-Middle and Controlled Relay Man-In-The-Middle, but can also protect users from the effects of malicious browser extensions and substitution of authentic applications by malicious variants. In addition, the proposed scheme does not require users to have any authentication tokens or credentials, as all they need is to scan the QR-code and verify the image taken by their own webcam. That makes the use of the proposed scheme more convenient and easy for users as compared to other known authentication schemes. Currently, the application of the proposed scheme requires the use of HTTPS websites for the exchange of all data involved. Thus, the proposed protocol can be implemented to manage cookies securely in order to prevent the interception of session data.

Publisher

V. N. Karazin Kharkiv National University

Subject

General Earth and Planetary Sciences,General Environmental Science

Reference24 articles.

1. E.E. Lastdrager. Achieving a consensual definition of phishing based on a systematic review of the literature, Crime Sci vol. 3, 2014, pp. 21-32, DOI:https://doi.org/10.1186/s40163-014-0009-y [in English]

2. А. Neda. Multi-label rules for phishing classification, Applied Computing and Informatics, vol. 11, 2015, pp. 29-46, DOI:https://doi.org/10.1016/j.aci.2014.07.002 [in English]

3. Banday M.T., Qadri J.A. Phishing - A Growing Threat to E-Commerce, The Business Review, vol. 12, 2011, pp. 76-83. [in English]

4. Badra M., El-Sawda S., Hajjeh I., “Phishing attacks and solutions”, in Proceedings of the 3rd International Conference on Mobile Multimedia Communications, MobiMedia 2007, Nafpaktos, Greece, August 27-29, 2007, pp. 42-43. [in English]

5. Rami M. M., Fadi T., Lee M., Tutorial and critical analysis of phishing websites methods, Computer Science Review, vol. 17, 2015, pp. 1-24, DOI:https://doi.org/10.1016/j.cosrev.2015.04.001 [in English]