Two-Factor Authentication Scheme With Anonymous One-time Password Based On Partial Digital Image

The authentication of access codes is now the main task that used to keep theinformation systems safe. The most commonly authentication mechanisms is based on2-Factor Authentication (2FA). It is the most securely which does not verify the personalidentity information (username and password) only, but it also needs a second factor suchas a USB, Mobile phone and others. Two-factor authentication has been introduced as akey technique that is leveraged in the cloud to provide efficient yet scalable cloudauthentication. A user initially sends his username and password to the cloud server as afirst factor and if the cloud authenticates it the user can later send his secondauthentication factor.In this dissertation, we propose two-factor authentication scheme based on partialdigital image. Our proposed scheme is involved with three components, Third party, a userset, and server. It is divided into three phases—setup®istration, login andauthentication. Setup and registration phases are executed only once, and theauthentication phase is executed whenever a user wishes to login. In the setup andregistration phases, the user registers her/his identity (username and password) into thirdparty who saves them, and then provides public system parameters to the server and eachuser in secure channel.The third party computes important information such as salt key, n which is the largeprime numbers and select random digital image for user supplying. It supplies the serverside with the encryption value of user identity and password in addition the salt key andthe random digital image. Here, the user can save his important data in any safety placewhich he is preferred such as USB. After that, the user may use the authentication phase tologin. The authentication process implements by extracts a random vector from randomimage and encrypts its location to use it as a second factor. Security analysis and experimental results proofs that our proposed scheme canwithstand the well-known security attacks`and has a good performance of passwordauthentication.