Security and privacy is an important topic in the field of sensitive data communication. Secondary authentication methods like secret questions are widely used as a form of authentication which can be easily guessed. Moreover, users may forget his/her answers, and even if a user remembers the answer, they can forget how it was written. The recent prevalence of smartphone has provided a rich source of personal data concerning the user’s knowledge of its short-term history. Such a feature has made it possible for people to spend more and more time on these devices. Furthermore, the popularity of social media applications and single sign-on increases day after day, users with their information do not always take as many precautions as they need. We present a “Secret-Question based Authentication System” having a set of secret questions based on user’s short-term smartphone usage. We have developed prototype of android application, and have evaluated the security of the secret questions. We also present a multifactor authentication that creates more and more walls to prevent people from seeing your information. It allows the verification of user’s identity for a login or other transaction-based on more than one method of authentication from independent categories of credentials.

Android, Secret Questions, Security, Authentication

[1] P. Zhao et al., "Understanding Smartphone Sensor and App Data for Enhancing the Security of Secret Questions," in IEEE Transactions on Mobile Computing, vol. 16, no. 2, pp. 552-565, 1 Feb. 2017.
[2] A. Bissada and A. Olmsted, "Mobile multi-factor authentication," 2017 12th International Conference for Internet Technology and Secured Transactions (ICITST), Cambridge, 2017, pp. 210-211. [3] Karthick S, Dr. SumitraBinu "Android Security Issues and Solutions," IEEE 2017
[4] S. Yadav, A. Apurva, P. Ranakoti, S. Tomer and N. R. Roy, "Android vulnerabilities and security," 2017 International Conference on Computing and Communication Technologies for Smart Nation (IC3TSN), Gurgaon, 2017, pp. 204-208.
[5] F. Aloul, S. Zahidi and W. El-Hajj, "Two factor authentication using mobile phones," 2009 IEEE/ACS International Conference on Computer Systems and Applications, Rabat, 2009, pp. 641-644.
[6] S. Schechter, A. B. Brush, and S. Egelman, “It’s no secret measuring the security and reliability of authentication via secret questions,” in S & P., IEEE, 2009, pp. 375–390.
[7] A. Babic, H. Xiong, D. Yao, and L. Iftode, “Building robust authentication systems with activity-based personal questions,” in SafeConfig. New York, NY, USA: ACM, 2009, pp. 19–24.
[8] M. Zviran and W. J. Haga, "User authentication by cognitive passwords: an empirical assessment," Proceedings of the 5th Jerusalem Conference on Information Technology, 1990. `Next Decade in Information Technology`, Jerusalem, Israel, 1990, pp. 137-144.
[9] J. Podd, J. Bunnell, and R. Henderson, “Cost-effective computer security: Cognitive and associative passwords,” in Computer-Human Interaction, 1996. Proceedings, Sixth Australian Conference on. IEEE, 1996, pp. 304–305.
[10] X. Jiang and J. Ling, "Simple and effective one-time password authentication scheme," 2013 2nd International Symposium on Instrumentation and Measurement, Sensor Network and Automation (IMSNA), Toronto, ON, 2013, pp. 529-531.
[11] P. B. Tiwari and S. R. Joshi, "Single sign-on with one time password," 2009 First Asian Himalayas International Conference on Internet, Kathmandu, 2009, pp. 1-4.
[12] K. Renaud, D. Kennes, J. van Niekerk and J. Maguire, "SNIPPET: Genuine knowledge-based authentication," 2013 Information Security for South Africa, Johannesburg, 2013, pp. 1-8.
[13] J. Bonneau, "The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords," 2012 IEEE Symposium on Security and Privacy, San Francisco, CA, 2012, pp. 538-552.
[14] Joseph Bonneau, Elie Bursztein, Ilan Caron, Rob Jackson, and Mike Williamson. 2015. Secrets, Lies, and Account Recovery: Lessons from the Use of Personal Knowledge Questions at Google, pp. 141-150.