A Secure Password based Authentication with Variable Key Lengths Based on the Image Embedded Method
Article Sidebar
Main Article Content
Abstract
Passwords are widely used to secure client–server communication in authentication-based systems that are used over untrusted transmission media; thus, users' passwords are vulnerable, and systems are vulnerable to hacking. In this paper, we propose a new philosophy for secret password encryption where encryption is secure between communicating parties during a communication session while ensuring resistance to man-in-the-middle attacks and preventing dictionary attacks in violation of trustworthiness without relying on trusted third parties or other out-of-band mechanisms for authentication, which will be encrypted on the basis of the data from the image sent during authentication. The proposed encryption scheme will encode each character of the password and replace it with a value representing the pixel value locations in the image and choose randomly. The sent image serves as the key to the algorithm used to encrypt the password after encrypting it with the same password. The proposed approach provides security, efficiency, reliability and cryptanalysis against various attacks. The proposed scheme has shown ability through several security analyses to resist man-in-the-middle attacks and reattacks. Finally, we compare the performance of our protocol with that of existing schemes. Hence, our system ensures good security and efficiency features.
Article Details
Issue
Section
This work is licensed under a Creative Commons Attribution 4.0 International License.
How to Cite
References
[1] W. Ding, N. Wang, P. Wang, and S. Qing, "Preserving privacy for free: Efficient and provably secure two-factor authentication scheme with user anonymity," *Inf. Sci.*, vol. 321, pp. 162–178, 2015, doi: 10.1016/j.ins.2015.03.070.
[2] A. T. Ali, H. Abdullah, and M. N. Fadhil, "Impostor recognition based voice authentication by applying three machine learning algorithms," *Iraqi J. Comput. Communun. Control Eng.*, vol. 21, no. 3, pp. 112–124, 1970, doi: 10.33103/uot.ijccce.21.3.10.
[3] S. A. Sheikh and M. T. Banday, "Multi-recipient e-mail messages: Privacy issues and possible solutions," *Adv. Electr. Comput. Eng.*, vol. 21, no. 4, pp. 115–126, 2021, doi: 10.4316/AECE.2021.04013.
[4] S. W. Jirjees, A. R. Nasser, and A. M. Mahmood, "RoundPIN: Shoulder surfing resistance for PIN entry with randomized keypad," *Int. J. Secur. Softw. Eng.*, vol. 11, no. 6, pp. 697–702, 2021, doi: 10.18280/ijsse.110610.
[5] X. Jiang et al., "Neuromuscular password-based user authentication," *IEEE Trans. Ind. Inform.*, vol. 17, no. 4, pp. 2641–2652, Apr. 2020, doi: 10.1109/TII.2020.3001612.
[6] L. A. Salman, A. T. Hashim, and A. M. Hasan, "Automated brain tumor detection of MRI image based on hybrid image processing techniques," *TELKOMNIKA Telecommun. Comput. Electron. Control*, vol. 20, no. 4, pp. 762–771, 2022, doi: 10.12928/telkomnika.v20i4.22760.
[7] S. W. Jirjees, F. F. Alkhalid, and A. M. Hasan, "Text encryption by indexing ASCII of characters based on the locations of pixels of the image," *Traitement du Signal*, vol. 40, no. 2, pp. 791–796, 2023, doi: 10.18280/ts.400240.
[8] A. K. Jabbar, A. T. Hashim, and Q. F. Al-Doori, "Secured medical image hashing based on frequency domain with chaotic map," *Eng. Technol. J.*, vol. 39, no. 5A, pp. 711–722, 2021, doi: 10.30684/etj.v39i5A.1786.
[9] A. T. Hashim, A. M. Hasan, and H. M. Abbas, "Design and implementation of proposed 320 bit RC6-cascade encryption/decryption cores on Altera FPGA," *Int. J. Electr. Comput. Eng.*, vol. 10, no. 6, pp. 6370–6379, 2020.
[10] M. Kim and T. Suh, "Eavesdropping vulnerability and countermeasure in infrared communication for IoT devices," *Sensors*, vol. 21, no. 24, p. 8207, 2021, doi: 10.3390/s21248207.
[11] S. E. Yunakovsky et al., "Towards security recommendations for public-key infrastructures for production environments in the post-quantum era," *EPJ Quantum Technol.*, vol. 8, p. 14, 2021, doi: 10.1140/epjqt/s40507-021-00104-z.
[12] P. Wlazlo et al., "Man-in-the-middle attacks and defence in a power system cyber-physical testbed," *IET Cyber-Phys. Syst.: Theory Appl.*, vol. 6, no. 3, pp. 164–177, Jun. 2021, doi: 10.1049/cps2.12014.
[13] L. A. Salman, A. T. Hashim, and A. M. Hasan, "Selective medical image encryption using polynomial-based secret image sharing and chaotic map," *Int. J. Saf. Secur. Eng.*, vol. 12, no. 3, pp. 357–369, 2022.
[14] C.-T. Chen, C.-C. Lee, and I.-C. Lin, "Efficient and secure three-party mutual authentication key agreement protocol for WSNs in IoT environments," *PLOS ONE*, vol. 15, no. 4, p. e0232277, 2020, doi: 10.1371/journal.pone.0234631.
[15] H. Dalkilic and M. H. Ozcanhan, "A strong mutual authentication protocol for securing wearable smart textile applications," *Adv. Electr. Comput. Eng.*, vol. 22, no. 1, pp. 31–38, 2022, doi: 10.4316/AECE.2022.01004.
[16] N. A. Hasan and A. K. Farhan, "Security improve in ZigBee protocol based on RSA public algorithm in WSN," *Eng. Technol. J.*, vol. 37, no. 3B, pp. 67–73, 2019, doi: 10.30684/etj.37.3B.1.
[17] E. H. Riyadi, T. K. Priyambodo, and A. E. Putra, "The dynamic symmetric four-key-generators system for securing data transmission in the industrial control system," *Int. J. Intell. Eng. Syst.*, vol. 14, no. 1, pp. 376–386, Feb. 2021, doi: 10.22266/IJIES2021.0228.35.
[18] A. F. Mustacoglu, F. O. Catak, and G. C. Fox, "Password-based encryption approach for securing sensitive data," *Security Privacy*, vol. 3, no. 5, Sep. 2020, doi: 10.1002/spy2.121.
[19] A. Singh and S. Raj, "Securing password using dynamic password policy generator algorithm," *J. King Saud Univ. - Comput. Inf. Sci.*, vol. 34, no. 4, pp. 1357–1361, Apr. 2022, doi: 10.1016/j.jksuci.2019.06.006.
[20] C. L. Lin and T. Hwang, "A password authentication scheme with secure password updating," *Comput. Security*, vol. 22, no. 1, pp. 68–72, 2003, doi: 10.1016/S0167-4048(03)00114-7.
[21] S. Roy, S. M. Siddiquee, M. K. Rahman, and A. Al Marouf, "A novel authentication method for password encryption," in *Proc. 4th Int. Conf. Electron., Commun. Aerospace Technol. (ICECA)*, 2020, pp. 780–785, doi: 10.1109/ICECA49313.2020.9297542.
[22] D. Natanael, Faisal, and D. Suryani, "Text encryption in Android chat applications using elliptical curve cryptography (ECC)," in *Proc. Int. Conf. Comput. Sci.*, Elsevier B.V., 2018, pp. 283–291, doi: 10.1016/j.procs.2018.08.176.
[23] M. B. Jayalekshmi and S. H. Krishnaveni, "TSS - Twin layered security scheme for cloud storage to preserve data integrity," *Int. J. Intell. Eng. Syst.*, vol. 10, no. 3, pp. 94–101, Jun. 2017, doi: 10.22266/ijies2017.0630.11.
[24] P. Panahi, C. Bayılmış, U. Çavuşoğlu, and S. Kaçar, "Performance evaluation of lightweight encryption algorithms for IoT-based applications," *Arab. J. Sci. Eng.*, vol. 46, no. 4, pp. 4015–4037, Apr. 2021, doi: 10.1007/s13369-021-05358-4.
[25] W. Yang et al., "Security analysis of a distributed networked system under eavesdropping attacks," *IEEE Trans. Circuits Syst. II: Exp. Briefs*, vol. 67, no. 7, pp. 1254–1258, Jul. 2019, doi: 10.1109/TCSII.2019.2928558.
[26] D. Vukovic Grbic, Z. Djuric, and A. Kelec, "Enhancing security and privacy in modern text-based instant messaging communications," *Adv. Electr. Comput. Eng.*, vol. 24, no. 2, pp. 49–60, 2024, doi: 10.4316/AECE.2024.02006.
[27] S. Yu et al., "A secure and efficient three-factor authentication protocol in global mobility networks," *Appl. Sci.*, vol. 10, no. 10, p. 3565, 2020, doi: 10.3390/app10103565.
[28] S. Zhu and C. Zhu, "An efficient chosen-plaintext attack on an image fusion encryption algorithm based on DNA operation and hyperchaos," *Entropy*, vol. 23, no. 7, p. 804, 2021, doi: 10.3390/e23070804.
[29] B. P. Kumar and E. S. Reddy, "An efficient security model for password generation and time complexity analysis for cracking the password," *Int. J. Saf. Secur. Eng.*, vol. 10, no. 5, pp. 713–720, 2020, doi: 10.18280/ijsse.100517.
[30] M. Zhou and C. Wang, "A novel image encryption scheme based on conservative hyperchaotic system and closed-loop diffusion between blocks," *Signal Process.*, vol. 171, p. 107484, 2020, doi: 10.1016/j.sigpro.2020.107484.
[31] A. M. Ali and A. K. Farhan, "A novel improvement with an effective expansion to enhance the MD5 hash function for verification of a secure E-document," *IEEE Access*, vol. 8, pp. 80290–80304, 2020, doi: 10.1109/ACCESS.2020.2989050.
[32] S. W. Jirjees and F. F. Alkhalid, "IMGTXT: Image to text encryption based on encoding pixel contrasts," *Math. Model. Eng. Problems*, vol. 9, no. 2, pp. 539–544, 2022, doi: 10.18280/mmep.090233.
[33] L. A. Salman, A. T. Hashim, and A. M. Hasan, "Selective medical image encryption using polynomial-based secret image sharing and chaotic map," *Int. J. Saf. Secur. Eng.*, vol. 12, no. 3, pp. 357–369, 2022, doi: 10.18280/ijsse.120310.
[34] Z. ur Rahman et al., "Generative adversarial networks (GANs) for image augmentation in farming: A review," *IEEE Access*, 2024, doi: 10.1109/ACCESS.2024.3505989.
[35] K. Yazid, H. Ibrahim, and M. Z. Abdullah, "Enhanced patchwise maximal intensity prior for deblurring neutron radiographic images," *Int. J. Electr. Comput. Eng. Syst.*, vol. 16, no. 2, pp. 133–152, 2025, doi: 10.32985/ijeces.16.2.5.
[36] A. S. Abdul-Zahra, E. Ghane, A. Kamali, and A. A. F. Ogaili, "Power forecasting in continuous extrusion of pure titanium using Naïve Bayes algorithm," Terra Joule Journal, vol. 1, no. 1, Art. no. 2, 2024. [Online]. Available: https://tjj.researchcommons.org/journal/vol1/iss1/2