One Time Password Using Sphere Angle Based Random Password Generation for Online Portals - A Review  
  Authors : Ishupreet Kaur; Gargi Narula


The one time passwords (OTPs) are widely used in the various application to protect the bot or autobot from repeated access without human interaction to the online portals. The OTPs are usually sent over the mobile phone numbers, from where the user read, fill and submit the one time password, which is later verified on the server side and the next step is taken according to the requirement. These message based OTPs are prone to the various autobot/bot based repeated access attacks because it is easier to read the message automatically fromt the phone. Also it can be easily submitted using automatic form submission script. In this paper, we have proposed a new image based OTP which can be sent to the user's phone using MMS or various other social or chatting applications. The image based OTP provides more harden protection from the bot/autobot. than the ordinary text-based OTPs. The OTP is generated using the elevation angle and azimuth angle followed by radius value matrix, which provides a robust environment to generate the unique OTP every time. The OTP is the converted into the image using ASCII character identity based visual encoding which will be forwarded to the user later. The new technique can be used on various web portals require OTP on service.


Published In : IJCAT Journal Volume 1, Issue 6

Date of Publication : 31 July 2014

Pages : 253 - 256

Figures :--

Tables : --

Publication Link : One Time Password Using Sphere Angle Based Random Password Generation for Online Portals - A Review




Ishupreet Kaur : Computer Science & Engineering Department, SVIET, Patiala, Punjab, 140601, India

Gargi Narula : Computer Science & Engineering Department, SVIET, Patiala, Punjab, 140601, India








One Time Password


Replay Attacks


The purpose of a one-time password (OTP) is to make it more difficult to gain unauthorized access to restricted resources, like a computer account. Traditionally static passwords can more easily be accessed by an unauthorized intruder given enough attempts and time. By constantly altering the password, as is done with a one-time password, this risk can be greatly reduced. But the text based one time passwords are not being proved to be strong enough to protect against the bots accessing the online portals. Hence, there has to be an strong and secure alternative to the text based one time passwords. By taking the above research gap in account, the new one time password authentication system is proposed in this research. The proposed one time password scheme is a scheme which can be widely accepted over the internet applications. This scheme generates the password using the sphere random function, which carries a heavier amount of numbers and can produce many unique combinations. Spherical random function is capable of generating more unique combinations of integers than any other mathematical random function. Then the random is uniquely selected among the sphere matrix, which creates more unique passwords. The conversion of the integer based password into image hardens the security layer of the mobile/SMS based authentication environments.










[1] R.R.Karthiga, 2013.“One-time Password: A Survey”, International Journal of Emerging Trends in Engineering and Development Issue 3, Vol.1, pp. 613-623.

[2] Ahmad Alamgir Khan, 2013. “Preventing Phishing Attacks using One Time Password and User Machine Identification”, International Journal of Computer Applications (0975 – 8887) Volume 68– No.3.

[3] Indu S., Sathya T.N., Saravana Kumar V., 2013“ A Stsnd-alone and SMS-Based approach for Authentication using Mobile Phone”, IEEE-International Conference on Information Communication and Embedded.

[4] Andrew Y. Lindell, 2007.“Time versus Event Based One-Time Passwords”, Aladdin Knowledge Systems.

[5] Soonduck Yoo1 , Seung-jung Shin1, Dae-hyun Ryu1, 2013. “An effective Two Factor Authentication Method using QR code”, ISA 2013, ASTL Vol. 21, pp. 106- 109, © SERSC 2013.

[6] Bin Li, Shaohai Hu, Yunyan Liu, 2006.“A Practical One-Time Password Authentication Implement on Internet”, ICWMMN Proceedings.

[7] Jivika Govil, 2007. “Examining the Criminology of Bot Zoo”, IEEE.

[8] Mihai Ordean, 2012. “Secure Authentication Using One Time Visual Password”, Ph.D. Dissertation, The technical university of Cluj-Napoca.

[9] Jing Liu, Yang Xiao, Kaveh Ghaboosi, Hongmei Deng, and Jingyuan Zhang, 2009.” Botnet: Classification, Attacks, Detection, Tracing, and Preventive Measures”, Hindawi Publishing Corporation EURASIP Journal on Wireless Communications and Networking Volume 2009,11 pages doi:10.1155/2009/692654

[10] Abebe Tesfahun and D.Lalitha Bhaskari, 2013. “Botnet Detection and Countermeasures- A Survey”, International Journal of Emerging Trends & Technology in Computer Science (IJETTCS), Volume 2, Issue 4, ISSN 2278-6856.

[11] Takasuke TSUJI, 2003. “A One-Time Password Authentication Method”, Kochi University of Technology.

[12] S. Behal, A. S. Brar, and K. Kumar, “Signature based Botnet Detection and Prevention”, ISCET, pp. 122-127, 2010.