Abstract
Nowadays, there is a lot of critical information and services hosted on computer systems. The proper access control to these resources is essential to avoid malicious actions that could cause huge losses to home and professional users. The access control systems have evolved from the first password based systems to the modern mechanisms using smart cards, certificates, tokens, biometric systems, etc. However, when designing a system, it is necessary to take into account their particular limitations, such as connectivity, infrastructure or budget. In addition, one of the main objectives must be to ensure the system usability, but this property is usually orthogonal to the security. Thus, the use of password is still common. In this paper, we expose a new password based access control system that aims to improve password security with the minimum impact in the system usability.
Highlights
The software industry has experienced a high growth in the last decades, extending its applications to new domains, in both academic and professional fields
Many proposed schemes could be interesting to implement our system but most of them are based on modern cryptographic algorithms such as elliptic curves. This would make it difficult to integrate the zero-knowledge algorithm and a traditional Public Key Infrastructure (PKI) but we considered the ideas exposed in papers by Chase [14], Ben-Sasson [15] and Cramer [16]
We present a new multifactor and distributed authentication system based on one-time passwords that aims to enforce the system security transparently to the system administrators
Summary
The software industry has experienced a high growth in the last decades, extending its applications to new domains, in both academic and professional fields. The use of software services to accomplish critical tasks makes it essential to provide secure access control to these services. It is common that developers offer to clients complete solutions including the hardware devices where the applications providing the required capabilities are hosted. Performing proper user and permission management in the system and providing robust authentication mechanisms avoiding non-authorized accesses are essential to ensure the security of these solutions. People end up having to remember a different password for each site they visit if they want to be safe, and often forget them. Despite the emergence of new authentication tools such as certificates, smart cards or biometric systems, authentication systems based on passwords remain the most used due to their simplicity and low cost
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
