International Journal of Open Information Technologies

Multi-factor authentication methods are used in every user authentication operation in cyberspace. The use of one-time passwords with multi-factor authentication is a more secure method than single-factor authentication when two authentication schemes perform at different levels. However, the current use of one-time passwords limits authentication of the device itself and not the user. Advances in technology have also led to an increase in cyber fraud using one-time passwords. Thus, there is a need to improve the level of security based on the use of one-time passwords. In this paper, we use mathematically proven properties of quantum cryptography and quantum entanglement to create quantum one-time passwords to authenticate users based on their biometric data. The paper describes the infrastructure of multi-factor authentication based on quantum algorithms required to implement the proposed model and provides a comparative analysis of the security of the proposed model against man-in-the-middle attacks.

. Mishra D, Kumar V, Mukhopadhyay S., Pairless Identity Based Authentication System for Cloud Computing. Berlin: Springer; https://doi.org/10.1007/978-3-642-38631-2_62

. Kumar V., Jangirala S. & Ahmad M., An Efficient Mutual Authentication Framework for Healthcare System in Cloud Computing. J Med Syst 42, 142 (2018). https://doi.org/10.1007/s10916-018-0987-5

. Kumar V., Ahmad M. & Kumari A., A Secure Elliptic Curve Cryptography Based Mutual Authentication Protocol for Cloud-assisted TMIS. Telematics and Informatics (2018). doi:10.1016/j.tele.2018.09.001

. Kumari S., Karuppiah M., Da, A.K. et al., A secure authentication scheme based on elliptic curve cryptography for IoT and cloud servers. J Supercomput 74, 6428–6453 (2018). https://doi.org/10.1007/s11227-017-2048-0

. Kumar V., Ahmad M., Kumar P. (2019). An Identity-Based Authentication Framework for Big Data Security. In: Krishna, C., Dutta, M., Kumar, R. (eds) Proceedings of 2nd International Conference on Communication, Computing and Networking. Lecture Notes in Networks and Systems, vol 46. Springer, Singapore. https://doi.org/10.1007/978-981-13-1217-5_7

. Картер Роберт А., Многофакторная аутентификация. US Patent App. 13/124,598; 2011.

. Abhishek K., Roshan S., Kumar P., Ranjan R. (2013). A Comprehensive Study on Multifactor Authentication Schemes. In: Meghanathan, N., Nagamalai, D., Chaki, N. (eds) Advances in Computing and Information Technology. Advances in Intelligent Systems and Computing, vol 177. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31552-7_57

. Haller N., Metz K., Nesser P., Strau M. One-time password system. Request for comments from the network working group. 1998;2289.

. Sharma, M.K., Nene, M.J. (2020). Quantum One Time Password with Biometrics. In: Raj, J., Bashar, A., Ramson, S. (eds) Innovative Data Communication Technologies and Application. ICIDCA 2019. Lecture Notes on Data Engineering and Communications Technologies, vol 46. Springer, Cham. https://doi.org/10.1007/978-3-030-38040-3_36

. Ahn TH. Transaction based One Time Password (OTP) payment system. US patent application. 13/555.442; 2013.

. M'Raihi D, Machani S, Pei M, Rydell J. A time-based one-time password algorithm. Internet Eng Task Force RFC. 2011;6238.

. Popp N, M'raihi D, Hart L. One-time password. US Patent 8,087,074; 2011.

. Roy, U.K., Mahansaria, D. (2020). Two-Factor Authentication Using Mobile OTP and Multi-dimensional Infinite Hash Chains. In: Arai, K., Kapoor, S., Bhatia, R. (eds) Advances in Information and Communication. FICC 2020. Advances in Intelligent Systems and Computing, vol 1129. Springer, Cham. https://doi.org/10.1007/978-3-030-39445-5_50

. Alkatheiri, M.S., Eldefrawy, M.H., Khan, M.K. (2012). BAN Logic-Based Security Proof for Mobile OTP Authentication Scheme. In: J. (Jong Hyuk) Park, J., Leung, V., Wang, CL., Shon, T. (eds) Future Information Technology, Application, and Service. Lecture Notes in Electrical Engineering, vol 164. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-4516-2_6

. Deng, FG., Li, XH., Li, CY.et al. Quantum state sharing of an arbitrary two-qubit state with two-photon entanglements and Bell-state measurements. Eur. Phys. J. D 39, 459–464 (2006). https://doi.org/10.1140/epjd/e2006-00124-1

. Rehman, H.U., Ghani, A., Chaudhry, S.A. et al. A secure and improved multi server authentication protocol using fuzzy commitment. Multimed Tools Appl 80, 16907–16931 (2021). https://doi.org/10.1007/s11042-020-09078-z

. Liu C-H, Wang J-S, Peng C-C, Shyu JZ. Оценка и выбор биометрии в сетевой безопасности. Secur Commun Netw. 2015;8(5):727-739. Doi: 10.1002/sec.1020

. Schultz PT., Multifactor multimedia biometric authentication. US Patent 8,189,878; 2012.

. Jain Anil K, Ross A, Pankanti S. Biometrics: a tool for information security. IEEE Trans Inform Forensics Secur. 2006;1(2):125-143. DOI: 10.1109/TIFS.2006.873653

. Hao, F., Anderson, R., & Daugman, J. (2006). Combining crypto with biometrics effectively. IEEE transactions on computers, 55(9), 1081-1088.

. Dodis, Y., Reyzin, L., Smith, A. (2004). Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data. In: Cachin, C., Camenisch, J.L. (eds) Advances in Cryptology - EUROCRYPT 2004. EUROCRYPT 2004. Lecture Notes in Computer Science, vol 3027. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24676-3_31

. Peotta L, Holtz Marcelo D, David Bernardo M, Deus Flavio G, De Sousa RT. Formal classification of attacks and vulnerabilities of Internet banking vulnerabilities. Int J Comput Sci Inform Technol. 2011;3(1):186-197. DOI:10.5121/ijcsit.2011.3113

. Dmitrienko, A., Liebchen, C., Rossow, C., Sadeghi, AR (2014). On the (In)Security of Mobile Two-Factor Authentication. In: Christin, N., Safavi-Naini, R. (eds) Financial Cryptography and Data Security. FC 2014. Lecture Notes in Computer Science(), vol 8437. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-45472-5_24

. Dmitrienko, A., Liebchen, C., Rossow, C., Sadeghi, AR. (2014). On the (In)Security of Mobile Two-Factor Authentication. In: Christin, N., Safavi-Naini, R. (eds) Financial Cryptography and Data Security. FC 2014. Lecture Notes in Computer Science(), vol 8437. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-45472-5_24

. Yoo, C., Kang, BT. & Kim, H.K. Case study of the vulnerability of OTP implemented in internet banking systems of South Korea. Multimed Tools App 74, 3289–3303 (2015). https://doi.org/10.1007/s11042-014-1888-3

. Hamdare S, Nagpurkar V, Mittal J. Protecting sms-based one-time password technology from man-in-the-middle attacks. arXiv preprint arXiv:1405.4828; 2014. https://doi.org/10.14445/22315381/IJETT-V11P230

. Ganesan R, Sandhu RS, Cottrell A P, Schoppert BJ, Bellare M. Protecting one-time-passwords against man-in-the-middle attacks. US Patent 7,840,993; 2010.

. Plateaux, A., Lacharme, P., Jøsang, A., Rosenberger, C. (2014). One-Time Biometrics for Online Banking and Electronic Payment Authentication. In: Teufel, S., Min, T.A., You, I., Weippl, E. (eds) Availability, Reliability, and Security in Information Systems. CD-ARES 2014. Lecture Notes in Computer Science, vol 8708. Springer, Cham. https://doi.org/10.1007/978-3-319-10975-6_14

. Hosseini, Z. Zareh, and E. Barkhordari. "Enhancement of security with the help of real time authentication and one time password in e-commerce transactions." The 5th Conference on Information and Knowledge Technology. IEEE, 2013. DOI: 10.1109/IKT.2013.6620077

. Zhu H. One-time key agreement scheme with biometric-based ID-password authentication. Secur Commun Netw. 2015;8(13):2350-2360. DOI: 10.1002./sec.1182

. Naren G, Li S, Andréasson J. One-time password generation and two-factor authentication using molecules and light. DOI: 10.1002/cphc.201700074

. Yanofsky Noson S. Introduction to quantum computing. arXiv preprint arXiv:0708.0261; 2007. http://arxiv.org/abs/0708.0261v1

. Nene, M.J., Upadhyay, G. (2016). Shor’s Algorithm for Quantum Factoring. In: Choudhary, R., Mandal, J., Auluck, N., Nagarajaram, H. (eds) Advanced Computing and Communication Technologies. Advances in Intelligent Systems and Computing, vol 452. Springer, Singapore. https://doi.org/10.1007/978-981-10-1023-1_33

. Riffel Eleanor G., Polak Wolfgang H. Quantum computing: a gentle introduction. Cambridge, MA: MIT Press; 2011. https://s3.amazonaws.com/arena-attachments/1000401/ c8d3f8742d163b7ffd6ae3e4e4e07bf3.pdf

. Lidar Daniel A, Chuang Isaac L, Whaley KB. Coherently incoherent subspaces for quantum computing. Phys Rev Lett. 1998;81(12):2594-2597. https://doi.org/10.1103/PhysRevLett.81.2594

. Bennett CH, Brassard G, Popescu S, Schumacher B, Smolin JA, Wootters WK. Clearing Noise Confusion and True Teleportation through noisy channels. Phys Rev Lett. 1996;76(5):722-725. https://doi.org/10.1103/PhysRevLett.76.722

. Calderbank AR, Rains EM, Shor PM, Sloane Neil JA. Quantum error correction using codes over GF (4). IEEE Trans Infor Theory. 1998;44(4):1369-1387. DOI: 10.1109/18.681315

. Khan, A.A., Kumar, V., Ahmad, M.: An elliptic curve cryptography based mutual authentication scheme for smart grid communications using biometric approach. J. King Saud Univ. - Comput. Inf. Sci. (2019). https://doi.org/10.1016/j.jksuci.2019.04.013, http://www.sciencedirect.com/science/article/pii319157819301193

. Kelsey, J., Schneier, B., Wagner, D., Hall, C. (1998). Cryptanalytic Attacks on Pseudorandom Number Generators. In: Vaudenay, S. (eds) Fast Software Encryption. FSE 1998. Lecture Notes in Computer Science, vol 1372. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-69710-1_12

. Ambeynis A., Rosmanis A., Unrukh D. Quantum attacks on classical proof systems: the hardness of quantum rewinding. New York: IEEE; 2014:474-483. DOI:10.1109/FOCS.2014.57