325 330


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

325 330

  1. 1. ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology Volume 1, Issue 4, June 2012 Security Built On Dynamic Reusable Passwords On Online PurchaseRajeswari.P C.RajendraM.tech(CS) Head Of Tha DepartmentRaji.0534@gmail.comAudishankara College of Engineering Audishankara College of Engineering and Technology. and Technology. .Abstract:Internet is providing different types ofapplications to the user. Based on the user requirementinternet is growing longer in the day-to-day life for the E- Introduction:transaction process internet is the main source for all Now a days most of the people using theapplications when increasing of the E-transaction usage internet because internet providing the morein the internet as well as fraud is also increasing, for the services to the customer for e.g., Net Banking, E-E-transaction mostly we are using smart cards only. To Transaction, Online applications etc.., Authentication is more required for internetprotect our bank details and to avoid unauthorized providing services because there is noperson usage we can use TWO FACTOR AUTHENTICATION authentication at that time unauthorized persons ismechanism. one is USER KNOWS and another one is THEY also easy to access the authorized persons profileHAVE TO KNOW almost all banking systems are satisfied for this one authentication is required for internetwith this system because based on the initial providing services The internet providing thepassword(SEED) we can get number of multiple one time username,password options these are unique one.Based on these username and password easy topasswords(OTP) to the mobile phone. through the login and transaction that particular websiteprocess of OTP generation mobile phone is working as a through our smart cards. In this process we aresoftware token the different number of multiple OTPs facing one problem that is..,are coming through by the SMS to the mobile phone.IN PREOBLM:the paper we can mainly focus on decrease the usage offraud in the internet by using the otp through TWO An unauthorized person that to who knows ourFACTOR AUTHENTICATION mechanism details like username and password also they are having our smart card at that time they can easily login to that website and easy to purchase throughKey Words: Public key Encryption ,Hashing Technique, that our smart card to over come this problem ,InOTP Configuration, One Way Functions ,Psuedo random the proposed one,we are describing the TWOoutput. FACTOR AUTHENTICATION mechanism.[1 325 All Rights Reserved © 2012 IJARCET
  2. 2. ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology Volume 1, Issue 4, June 2012 SOLUTION: Two factor authentication gives a session or transaction.Otp is emphasizes that eachprotection for E_Transaction process by the name time the user tries to log on, the algorithm producesitself it describes that TWO FACTOR pseudorandom output generator thus improving theAUTHENTICATION that is,for authentication it security.provides two factors,one is,already the USERKNOWS,another one is,They HAVE TO KNOW. PUBLIC KEY ENCRYPTION: Needham and Schroeder[5]described a means for authenticating signatures using public keyThe first password is getting from the banking encryption First A’s is a secret key and B’s is a publicsystem.where we get the second one,that is also keyprovided by the banking system only.how to get thesecond one is,number of second multiple passwords Notation: AB:{{PASSWORD}ASK}BPK.are coming from the initial sedd [2]to the mobilephone through the sms.the use of the sms systemsthe user knows password is a static password. The sending message is USER A to USER B,which has been doubly encrypted.The receiver B is read the message by applying the A’s secret key thenWHY WE NEED MOBILE PHONE: decrypting the encrypted text.In a world of permanent and uncompromised keys this technique provides a fool proof authentication mechanism.[7] An authentication scheme using the mobilephone as an aurhentication token because in thisone, GSM method is used already the people had HASHING:learned that how to use the GMS method in themobile phone and also In the proposed solution The OTP generation is more secure. A secret key isdoes not require any extra hardware device installed used together with the challenge.The secret key isin the mobile phone at the user side.Parallely, the shared between the server and the client. Themobile phone is working as a hardware token simple password exponential key exchange protocoldevice,to the E-transaction process.[3] is used for exchange the key.To exchange the keys we are using the simple password exponential key exchange protocol this is more securable.[5] this is also used for an hacker that means who is able toLITERATURE SURVEY: read and modify all the messages between the client and server that person cannot learn the shared key The idea of an OTP was first suggested by and cannot make more than one guess for theleslie lamport*4+ in the early 1980’s. otp means that password in each interaction with a party that knowsone time password this is valid for a single login it.[6] 326 All Rights Reserved © 2012 IJARCET
  3. 3. ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology Volume 1, Issue 4, June 2012 The SPEKE required only two messages likeThe keyexchange is generating a large andrandomlyselected prime p anditcomputes g = hash(s)2 mod p OTP generation:In this one ‘s’ is for ,displaying the short OTP in thebrowser after registration Then the server computes, The OTP is generated from a hash of a concatenation of the challenge and the secret key Ks = g a modp OTP=hash(challenge||secretkey)In the above equation ‘a’ stands for to generaterandom number It sends servlet to MIDLET is p andks through the sms after receiving the sms from theservlet server,the MIDLETgeneratesthe Kc = gb modp g = hash(s)2 mod pMIDLET generates the random number it sends toservlet server kc to the AS and computes The secretkey is, K = (Ks)b mod p. Fig:proceducre for OTP processAfter receiving the secret key kc MIDLET computesthe IMPLIMENTATION: K = (Kc)a mod p For security purpose the proposed system is consists are of three parts (1)In the client’s mobile phone software is installed, (2)Server software, (3)The GSM modem is connected to the sever. 327 All Rights Reserved © 2012 IJARCET
  4. 4. ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology Volume 1, Issue 4, June 2012Majorly,the system will have two modes ofoperations like connection-less Authenticationsystem and SmS-Based System.OUR APPROCH: Three recognized Authentication factors areexisting today: (i)What you know(e.g.,Password) (ii)What you have(e.g.,Token) (iii)Whatyouare(e.g.,biometrics) In this one,we are extended the Lamport’s . Fig: Mobile Registrationidea along with some modifications because toproduce forwardness and infiniteness. Why weproduce these two because to avoiding the use ofpublic key encryption.In this one,we integreate the LOGIN REQUEST:lamort’s idea using two different one way hash When the user enters into the websitefunctions,h1(.)--this is seed updating and h2(.)--this through the username and the password.Afteris for OTP generation entering the knows password the server compares OTP(A,B)=h2^B(h1^A(initial password)) this password and generates the one time password that will be sent to the user’smobile device .The user then enters the OTPauthentication code fromthemobile devices and a 4 to 8 digit pin ontoMOBILE REGISTRATION: the webpage that I waiting for user input to comlete the transaction.[8] User wants Two different hash functionsh1(.) and h2(.) and initial seed ‘sint’ these threefactors are installed ontheir mobile phones theservice provider is shared this information.Theseed OTP ALGORITHM:is shared the unique parameters of the host and the To protecting the our smart cards, we areuer,because it notifies that whatis the international requested the server to generating the OTP.how itsmobile equipment identity and who is the generates it should be hard for hacking and hard tointernational mobile subscriber identity and guess and retrieve for unauthorized persons. Tomention the registration date of the mobile phone satisfy these factors the server generates the OTP.[9]also username and pin. 328 All Rights Reserved © 2012 IJARCET
  5. 5. ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology Volume 1, Issue 4, June 2012 mobile phone and it will be stored in the server’s database for each client.IMEI NUMBER: IMEI stands for International MobileEquipment Identity this is unique for every IMSI NUMBER:individual customer. This is accessible for each IMSI stands for International Mobile Subscriber Identity this is single unique number associated With all GSM and universal mobiletelecommunications system network mobile phone users.USERNAME: Format of the OTP(e.g..,name,number,nume The username is not needed because in the ric,alpha)IMEI NUMBER it gives all the details of the cutosmerbut why we are specifying that is the username is CONCLUSION:integrated with the pin this Is used for to protect thedetails of the customer from unauthorized persons Now-a-days single factor authenticationwhen the authorized mobile is lost. e.g..,password are easy to guess and easy to hacking for hackers because password are likenames,age arePIN: easily discovered by automated password collecting programs for this one, recently introduced the TWO The data of the username and password are FACTOR AUTHENTICATION based on OTP. This is fortogether so,there is no problem once the mobile to meet the demand of organizations for providingphone is lost because the OTP cannot be generated stronger authentication options to its user.In Thecorrectly without knowing the user’s the PIN. TWO FACTOR AUTHENTICATION for each and every account of the customer they want hardware token.MINUTE: are carry their mobiles at all the times so,in the The OTP for each every minute it must mobile phone we can install all wanted tokens likebe unique this is valid for only one minute time. software and hardware. This is helpful for both client and organization.FUNCTIONALITIES:  CONFIGURATION OF OTP: Configure the This paper mainly focuses on discovering of OTP characteristics through the policy TWO FACTOR AUTHENTICATION method using editor and attributes of this are, mobile phones. This is somewhat easy solution Length of the OTP because there is no need to take extra hardware to Restricted time the mobile phones. In this one, does not require any Outgoing message template extra burden on the customer and organization Delivery channel also.This solution is mainly used for internet Number of tries are restricted 329 All Rights Reserved © 2012 IJARCET
  6. 6. ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology Volume 1, Issue 4, June 2012providing services like E-Transactions, online [2] S.HAllsteinsen, I.Jorsta, D-v.,Thanh,”Using Theapplications, net banking ,Infranet etc.., mobilebphone as a security token for unified authentication”, Sysyems and Networks CommunicationThe customers are more attracted for this TWO In:internationalconference on Systems and NetworksFACTOR AUTHENTICATION solution because this is Communications,2007,p.68-74more securable. The OTP algorithm provides somefactorsbecause to secure the user profile [3] S.M.Siddique,M.Amir,”GMSecurity Issues and ChallengesSoftwareEngineering”,Artificialintelligence,Net working and Parallel/Ditributed Computing,2006. SNPDIn the proosed system we are implementing TWO 2006. 7th ACIS International Conference on digital Objectoptions these two are using a free and fast access Identifier,pp.413-418.i.e..,Connection-Less Authentication system andSMS-BASED Authentication System in this one,Connection-Less Authentication system are more *4+ L.Lamport, “password Authentication With Insecureexpensive based on SMS-Based Authentication Communication”,system because in the Connection-Less In:comm.:ACM,vol.24,no.11,1981,pp.770-772.Authentication system there is no connectionbetween client and the server.The server generates [5] Jablon, D., Strong Password-only Authnticated Keythe OTP and it sends to the user’s mobile phone, but Exchange.Computer Communication Review, ACMSMS-Based Authentication System is somewhat less SIGCOMM, 1996.vol.26 (no.5).cost solution. In the future developments includes [6] Recorla,e., RFC 2631 Diffie-Hellman Key Agreementanother factor other than the factors i.e.., Somebody method.1999.You know, that is based on the notation vouching. [7] Authntication ofignatures using public keybencryption Kellogg S.Booth university of water 100,Canada.REFERENCES: [8] AcceessMatrix TM UAS Future Proof Universal Authntication Server.[1] Mohamed Hamdy Eldefrawy, Khaled Alghathbar,Muhammad Khurram khan “OTP-Based Two-FactorAuthentication Using Mobile Phones” In international [9] Fadi Aloul,SyedZahidi Wassim El-Hajj “Two-Factorconference on information technology”2011. Authentication Using Mobile phones”. 330 All Rights Reserved © 2012 IJARCET