Abstract:
Ab initio, Password-based authentication systems have been the conventional way to authenticate a user. However, these systems are susceptible to many security threats and vulnerabilities. This impelled the use of Multi-Factor Authentication (MFA) to ensure a more secure and reliable user verification process. Previous research on MFAs has claimed the usage of an extra device as an additional factor to verify the identity of a user. But the existing MFA types, such as OffPAD, OTT, and smartcard-based solutions lack the strength to prevent Man-in-the-Middle (MITM) attack, session hijacking, replay, phishing, and DOS attacks. On top of it, the traditional single server authentication mechanism suffers from inefficiency and inadequacy. This research focuses on designing an MFA model—SMFA—by using steganography for secure credential transmission. The proposed model uses steganography to conceal the user’s credential with the aim of reducing the risk caused by MITM and session-hijacking attacks. Additionally, the SMFA model entails the user to have an extra USB device as another factor to prove his/her identity, along with a proposed multi-server authentication scheme to attenuate the issue of traditional single-server authentication mechanism. A model has been formalized in several steps. This study performs an extensive analysis and comparison of this model with several other widely used protocols. Overall, the comparative analysis indicates clearly that SMFA has better security coverage than other mechanisms in response to MITM, replay, DOS, user-impersonating, and password-guessing attacks.
