Smart Authentication based on Modified Merkle Puzzles

Abstract

Most computer users practice password-based authentication as the first layer of security due to its easy implementation. Yet, the technology advancements have provided the attackers with enough resources to get the password by trying out diverse means. In addition, there is a burden of entering a password when the user wants to access the computer, which is comprehended as discomfort to the user. Given this discomfort, the users often leave the computer in an unlocked state while moving away. The computer in this situation is most vulnerable and makes it susceptible to lunchtime attacks.To address the aforementioned issues, we propose a method called smart authentication that requires minimal user interaction with the computer. Smart authentication encompasses the concepts of authentication, de-authentication, and re-authentication under the same hood. The proposed method uses continuous authentication so that the concepts called de-authentication and re-authentication can be implemented with an insignificant effort. Considering the constraints associated with password-based authentication, second factors of authentication have been introduced as an additional security feature. Due to the difficulty of carrying extra hardware components around all of the time, the proposed approach considers the smartphone device as the second factor. Hardware cost is another aspect that ascends scalability concerns to most of these approaches. The proposed approach aims to use existing hardware commonly found in modern desktop machines and thereby decrease the cost factor of scalability drastically.