Open Access  Subscription or Fee Access

Traditional login based Password Schemes are vulnerable to several attacks. So image based passwords are introduced where it is also suffers from shoulder surfing attack. In order to overcome these attacks we are using steganography which combines both the text based password and also image as a password. In this method the carrier file is used as a password. In this the user selects an Image and writes a pin no into the image using steganography and it is encrypted, and then made Hash. The hash is used as a password and the pin number hidden in the image is also used as a password. Whenever the user login, the user is provided with a One Time Password (OTP), this OTP is sent directly to the user mobile. When the user forgot the pin number he uses his image password to retrieve the pin number. The pin number is directly mailed to the users registered Email ID. The user can retrieve the image if it was lost or damaged or modified using his pin number. This paper provides a study of how a mobile phone is adopted as security token. It starts with discussing the necessity of multi-factor authentication and the use of mobile phone as security token to generate OTP with the help of hashing algorithms. Even though hash functions are carefully designed to satisfy the required security properties, they are still vulnerable to collision attacks.

Authentication, Graphical Password, Improved Hashing, One-Time-Password, Steganography, Token Number.

S. Arun Kumar, Multi Factor Authentication using Improved Integrated Algorithm, In ICCCE 2012

R. Rivest, The MD5 Message-Digest Algorithm. RFC 1321, IETF, April 1992.

X. Y. Wang. The Collision attack on SHA-0.In Chinese, to appear on www.infosec.edu.cn, 1997.

E. Biham, R. Chen, A. Joux, P. Carribault, W. Jalby and C. Lemuet.Collisions in SHA-0 and Reduced SHA-1.Advances in Cryptology–Eurocrypt’05, pp.36-57, May 2005.

M. Dobsicek, “Extended steganographic system”, 8th International Student Conference on Electrical Engineering, FEE CTU 2004, Poster..

B den Boer and A. Bosselaers, Collisions for the Compression Function of MD5. EUROCRYPT 1993, pp293– 304.

X. Wang, Y. Yin, H. Yu, Finding Collisions in the Full SHA-1. In Advances in Cryptology - CRYPTO '05,2005.

Nameer N. EL-Emam, “Hiding a large amount of data with high security using steganography algorithm”,Journal of Computer Science, Page(s): 223 – 232, April 2007.

M. Bellare, T. Kohno, Hash Function Balance and its Impact on Birthday Attacks. Advances in Cryptology-EUROCRYPT 04. Springer-Verlag, C. Cachin and J. Camenisch eds., 2004.

Emmanouel Kellini and Konstantinos Papapanagiotou, Using Steganography to Improve Hash Functions’ Collision Resistance.

W. Bender, D. Gruhl, N. Morimoto, & A. Lu, “Techniques for datahiding”, IBM Systems Journal, Vol 35, 1996