A Novel Authentication Scheme to Increase Security for Non-Repudiation of Users

Protection of sensitive information is a growing concern worldwide. Failure to protect sensitive information can lead to loss of clients in the banking sector or threaten national security. Access to sensitive information starts with e-authentication. Most authentication systems are designed for authenticated users only. However, the user is not the only party that needs to be authenticated to ensure the security of transactions on the Internet. Existing onetime password (OTP) mechanism cannot guarantee non-repudiation and fail to guarantee reuse of a stolen device, which is used in authentication. A novel authentication scheme based on OTP is presented in this paper. This paper proposes a secure multi-factor electronic authentication mechanism. This mechanism is intended to authenticate both the user and the mobile device of the user to ensure non-repudiation and protect the integrity of the OTP against adversarial attacks. The proposed mechanism can detect whether the mobile device is in the hands of the rightful owner before the OTP is sent to the user. The system requires each user to have a unique phone number and a unique mobile device (unique International Mobile Equipment Identity (IMEI)), in addition to an ID card number. The proposed system can ensure that the user who misuses the system becomes liable for the act committed. Therefore, the proposed system can be used in e-banking, egovernment, and ecommerce systems, among other areas requiring high-security guarantees. KeywordSecurity; non-repudiation; multi factor authentication; IMEI; authenticate mobile device; nested multi factor authentication Khalid Waleed Hussein et al, International Journal of Computer Science and Mobile Computing Vol.2 Issue. 7, July2013, pg. 396-405 © 2013, IJCSMC All Rights Reserved 397