Abstract
Traditional methods of authentication are subject to a wide variety of attacks. There is a high demand to deploy necessary mechanisms while authenticating a user to safeguard him/her and the system from the vulnerable attacks. In this paper, a novel one time Quick Response (QR) code based solution has been proposed to counter various types of security breach during the authentication process. The QR code will facilitate context-based authentication. Some information is stored within the QR code which changes for each authentication of the user. Using this information the user needs to derive a one-time password corresponding to his/her actual password. The proposed scheme can be well and easily adapted in various existing and new systems. The experiment and analysis shows that it is more efficient than the existing algorithms in countering security threats.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Shah, A.T., Parihar, V.R.: Overview and an approach for QR-code based messaging and file sharing on android platform in view of security. In: International Conference on Computing Methodologies and Communication (ICCMC), Erode, India. IEEE (2017)
Kayem, A.V.: Graphical passwords - a discussion. In: 30th International Conference on Advanced Information Networking and Applications Workshops (WAINA), Crans-Montana, Switzerland. IEEE (2016)
Malek, B., Orozco, M., Saddik, A.E.: Novel shoulder-surfing resistant haptic-based graphical password. In: Proceedings of the EuroHaptics 2006 Conference, Paris, France (2006)
Borkotoky, C., Galgate, S., Nimbekar, S.B.: Human computer interaction harnessing P300 potential brain waves for authentication of individuals. In: Proceedings of the 1st Bangalore Annual Compute Conference (COMPUTE 2008), Bangalore, India. ACM (2008)
Mulliner, C., Borgaonkar, R., Stewin, P., Seifert, J.-P.: SMS-based one-time passwords: attacks and defense. In: Rieck, K., Stewin, P., Seifert, J.-P. (eds.) DIMVA 2013. LNCS, vol. 7967, pp. 150–159. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39235-1_9
Conde-Lagoa, D., Costa-Montenegro, E., González-Castaño, F.J., Gil-Castiñeira, F.: Secure eTickets based on QR-codes with user-encrypted content. In: Digest of Technical Papers International Conference on Consumer Electronics (ICCE), Las Vegas, NV, USA. IEEE (2010)
Gupta, D.: A new approach of authentication in graphical systems using ASCII submission of values. In: 13th International Wireless Communications and Mobile Computing Conference (IWCMC), Valencia, Spain. IEEE (2017)
Shin, D.H., Jung, J., Chang, B.H.: The psychology behind QR codes: user experience perspective. Comput. Hum. Behav. 28(4), 1417–1426 (2012)
Shangfu, G., Jun, L., Yizhen, S.: Design and implementation of anti-screenshot virtual keyboard applied in online banking. In: International Conference on E-Business and E-Government (ICEE), Guangzhou, China, Guangzhou, China. IEEE (2010)
Brainard, J., et al.: Fourth-factor authentication: somebody you know. In: 13th ACM Conference on Computer and Communications Security, Virginia, USA. ACM (2006)
Xu, W., Tian, J., Cao, Y., Wang, S.: Challenge-response authentication using in-air handwriting style verification. IEEE Trans. Dependable Secure Comput. 17(1), 51–64 (2020)
Rouillard, J.: Contextual QR codes. In: Proceedings of the Third International Multi-Conference on Computing in the Global Information Technology (ICCGI 2008), Athens, Greece. IEEE (2008)
Bicakci, K., Baykal, N.: Infinite length hash chains and their applications. In: Eleventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, Pittsburgh, USA. IEEE (2002)
Saranya, K., Reminaa, R.S., Subhitsha, S.: Modern applications of QR-code for security. In: 2nd IEEE International Conference on Engineering and Technology (ICETECH), Coimbatore, India. IEEE (2016)
Lamport, L.: Password authentication with insecure communication. Commun. ACM 24(11), 770–772 (1981)
Eldefrawy, M., et al.: Mobile one-time passwords: two-factor authentication using mobile phones. J. Secur. Commun. Netw. 5(5), 508–516 (2012)
Potey, M.M., Dhote, C.A., Sharma, D.H.: Secure authentication for data protection in cloud computing using color schemes. In: International Conference on Computational Systems and Information Systems for Sustainable Solutions (CSITSS), Bangalore, India. IEEE (2016)
Kumar, M., Garfinkel, T., Boneh, D., Winograd, T.: Reducing shoulder-surfing by using gaze based password entry. In: SOUPS 2007 - Proceedings of the 3rd Symposium on Usable Privacy and Security. ACM, Pittsburgh, Pennsylvania, USA (2007)
Haller, N.: The S/KEY one-time password system. In: ISOC Symposium on Network and Distributed System Security, San Diego, CA, USA (1994)
Malutan, R., Grosan, C.: Web authentication methods using single sign on method and virtual keyboard. In: Conference Grid, Cloud and High Performance Computing in Science (ROLCG), Cluj-Napoca, Romania. IEEE (2015)
Wiedenbeck, S., Waters, J, Sobrado, L, Birget, J.C.: Design and evaluation of a shoulder-surfing resistant graphical password scheme. In: Proceedings of Advanced Visual Interface (AVI 2006), Venezia, Italy. ACM (2006)
Suo, X., Zhu, Y, Owen, G.S.: Graphical passwords: a survey. In: Proceedings of the 21st Annual Computer Security Applications Conference, Tucson, AZ, USA. IEEE (2005)
Kao, Y.W., et al.: Physical access control based on QR code. In: International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, Beijing, China. IEEE (2011)
Singh, M., Garg, D.: Choosing best hashing strategies and hash functions. In: International Advance Computing Conference, Patiala, India. IEEE (2009)
Acknowledgement
This work is partially supported by the project entitled “QR code-based Multi-Factor Authentication Using Mobile OTP and Multi-dimensional Infinite Hash Chains” under RUSA 2.0 (Ref. No. R-11/668/19), Govt. of India.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Ethics declarations
All procedures performed in studies involving human participants were in accordance with the ethical standards. Informed consent was obtained from all individual participants included in the study.
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Mahansaria, D., Roy, U.K. (2020). Secure Authentication Using One Time Contextual QR Code. In: Thampi, S., Martinez Perez, G., Ko, R., Rawat, D. (eds) Security in Computing and Communications. SSCC 2019. Communications in Computer and Information Science, vol 1208. Springer, Singapore. https://doi.org/10.1007/978-981-15-4825-3_3
Download citation
DOI: https://doi.org/10.1007/978-981-15-4825-3_3
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-4824-6
Online ISBN: 978-981-15-4825-3
eBook Packages: Computer ScienceComputer Science (R0)