Enhancing security of one-time password using Elliptic Curve Cryptography with finger-print biometric

摘要

Security of one-time password (OTP) is essential because nowadays most of the e-commerce transactions are performed with the help of this mechanism. OTP is used to counter replay attack / eavesdropping. Replay Attack / eavesdropping is one form of attack on computing system connected to the Internet or Intranet. For achieving 112 bits of security level, RSA algorithm needs key size of 2048 bits, while Elliptic Curve Cryptography (ECC) needs key size of 224-255 bits. Another issue with most of the existing implementation of security models is storage of secret keys. Stored keys are often protected by poorly selected user passwords that can either be guessed or obtained through brute force attacks. This is a weak link in a security model and can potentially compromise the integrity of sensitive data. Combining biometrics with cryptography is seen as a possible solution. This paper suggests an enhanced security model of OTP system using ECC with finger-print biometric. This model also suggests more security with less key length and there is no need to store any private key anywhere. It focuses to create and share secret key without transmitting any private key so that no one could access the secret key except themselves.