{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,17]],"date-time":"2026-02-17T12:12:25Z","timestamp":1771330345493,"version":"3.50.1"},"reference-count":42,"publisher":"MDPI AG","issue":"15","license":[{"start":{"date-parts":[[2020,7,29]],"date-time":"2020-07-29T00:00:00Z","timestamp":1595980800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>A significant percentage of security research that is conducted suffers from common issues that prevent wide-scale adoption. Common snags of such proposed methods tend to include (i) introduction of additional nodes within the communication architecture, breaking the simplicity of the typical client\u2013server model, or fundamental restructuring of the Internet ecosystem; (ii) significant inflation of responsibilities or duties for the user and\/or server operator; and (iii) adding increased risks surrounding sensitive data during the authentication process. Many schemes seek to prevent brute-forcing attacks; they often ignore either partially or holistically the dangers of other cyber-attacks such as MiTM or replay attacks. Therefore, there is no incentive to implement such proposals, and it has become the norm instead to inflate current username\/password authentication systems. These have remained standard within client\u2013server authentication paradigms, despite insecurities stemming from poor user and server operator practices, and vulnerabilities to interception and masquerades. Besides these vulnerabilities, systems which revolve around secure authentication typically present exploits of two categories; either pitfalls which allow MiTM or replay attacks due to transmitting data for authentication constantly, or the storage of sensitive information leading to highly specific methods of data storage or facilitation, increasing chances of human error. This paper proposes a more secure method of authentication that retains the current structure of accepted paradigms, but minimizes vulnerabilities which result from the process, and does not inflate responsibilities for users or server operators. The proposed scheme uses a hybrid, layered encryption technique alongside a two-part verification process, and provides dynamic protection against interception-based cyber-attacks such as replay or MiTM attacks, without creating additional vulnerabilities for other attacks such as bruteforcing. Results show the proposed mechanism outperforms not only standardized methods, but also other schemes in terms of deployability, exploit resilience, and speed.<\/jats:p>","DOI":"10.3390\/s20154212","type":"journal-article","created":{"date-parts":[[2020,7,30]],"date-time":"2020-07-30T03:36:38Z","timestamp":1596080198000},"page":"4212","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":19,"title":["A Hybrid Dynamic Encryption Scheme for Multi-Factor Verification: A Novel Paradigm for Remote Authentication"],"prefix":"10.3390","volume":"20","author":[{"given":"Muath","family":"Obaidat","sequence":"first","affiliation":[{"name":"Center for Cybercrime Studies, City University of New York, New York, NY 10019, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Joseph","family":"Brown","sequence":"additional","affiliation":[{"name":"Center for Cybercrime Studies, City University of New York, New York, NY 10019, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Suhaib","family":"Obeidat","sequence":"additional","affiliation":[{"name":"Computer Science Department, Bloomfield College, Bloomfield, NJ 07003, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Majdi","family":"Rawashdeh","sequence":"additional","affiliation":[{"name":"Department of Business Information Technology, PSUT, Amman 11941, Jordan"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2020,7,29]]},"reference":[{"key":"ref_1","unstructured":"(2020, July 21). Available online: https:\/\/www.whitehatsec.com\/blog\/2018-whitehat-app-sec-statistics-report\/."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Sai, A.R., Buckley, J., and Le Gear, A. (2019, January 2\u20133). Privacy and Security Analysis of Cryptocurrency Mobile Applications. Proceedings of the 2019 Fifth Conference on Mobile and Secure Services (MobiSecServ), Miami Beach, FL, USA.","DOI":"10.1109\/MOBISECSERV.2019.8686583"},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Obaidat, M.A., Obeidat, S., Holst, J., Al Hayajneh, A., and Brown, J. (2020). A Comprehensive and Systematic Survey on the Internet of Things: Security and Privacy Challenges, Security Frameworks, Enabling Technologies, Threats, Vulnerabilities and Countermeasures. Comput. J., 9.","DOI":"10.3390\/computers9020044"},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Obaidat, M.A., Khodjaeva, M., Obeidat, S., Salane, D., and Holst, J. (2019). Security Architecture Framework for Internet of Things, 10th IEEE Ubicquitous Computing, Electronics and Mobile Communication Confernce, Columbia University.","DOI":"10.1109\/UEMCON47517.2019.8993096"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Khodjaeva, M., Obaidat, M.A., and Salane, D. (2019). Mitigating Threats and Vulnerabilities of RFID in IoT through Outsourcing Computations Using Public Key Cryptography, in Security, Privacy and Trust in the IoT Environment, Springer.","DOI":"10.1007\/978-3-030-18075-1_3"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Chanda, K. (2016). Password Security: An Analysis of Password Strengths and Vulnerabilities. IJCNIS, 7.","DOI":"10.5815\/ijcnis.2016.07.04"},{"key":"ref_7","first-page":"23","article-title":"Systematic Overview of Password Security Problems","volume":"16","author":"Taneski","year":"2019","journal-title":"Acta Polytech. Hung."},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Joshi, A.M., and Muniyal, B. (2018, January 19\u201322). Authentication Using Text and Graphical Password. Proceedings of the 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI), Bangalore, India.","DOI":"10.1109\/ICACCI.2018.8554390"},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"229","DOI":"10.1007\/s11623-016-0584-z","article-title":"Usable Authentication","volume":"40","author":"Lindemann","year":"2016","journal-title":"Datenschutz Datensich"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"112505","DOI":"10.1109\/ACCESS.2019.2932400","article-title":"Recent Trends in User Authentication\u2013A Survey","volume":"7","author":"Shah","year":"2019","journal-title":"IEEE Access"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Archana, B.S., Chandrashekar, A., Bangi, A.G., Sanjana, B.M., and Akram, S. (2017, January 19\u201320). Survey on usable and secure two-factor authentication. Proceedings of the 2017 2nd IEEE International Conference on Recent Trends in Electronics, Information Communication Technology (RTEICT), Bangalore, India.","DOI":"10.1109\/RTEICT.2017.8256716"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"199","DOI":"10.1016\/j.procs.2018.11.040","article-title":"One-Time Passwords: Resistance to Masquerade Attack","volume":"145","author":"Babkin","year":"2018","journal-title":"Procedia Comput. Sci."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Ibrokhimov, S., Hui, K.L., Abdulhakim Al-Absi, A., Lee, H., and Sain, M. (2019, January 17\u201320). Multi-Factor Authentication in Cyber Physical System: A State of Art Survey. Proceedings of the 2019 21st International Conference on Advanced Communication Technology (ICACT), PyeongChang Kwangwoon_Do, Korea.","DOI":"10.23919\/ICACT.2019.8701960"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Taufiq, M., and Ogi, D. (2018, January 13). Implementing One-Time Password Mutual Authentication Scheme on Sharing Renewed Finite Random Sub-Passwords Using Raspberry Pi as a Room Access Control to Prevent Replay Attack. Proceedings of the 2018 International Conference on Electrical Engineering and Informatics (ICELTICs), Bali, Indonesia.","DOI":"10.1109\/ICELTICS.2018.8548886"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Zheng, W., and Jia, C. (2017, January 15\u201318). CombinedPWD: A New Password Authentication Mechanism Using Separators Between Keystrokes. Proceedings of the 2017 13th International Conference on Computational Intelligence and Security (CIS), Hong Kong, China.","DOI":"10.1109\/CIS.2017.00129"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Ometov, A., Bezzateev, S., M\u00e4kitalo, N., Andreev, S., Mikkonen, T., and Koucheryavy, Y. (2018). Multi-Factor Authentication: A Survey. Cryptography, 2.","DOI":"10.3390\/cryptography2010001"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Basharzad, S.N., and Fazeli, M. (2017, January 22). Knowledge based dynamic password. Proceedings of the 2017 IEEE 4th International Conference on Knowledge-Based Engineering and Innovation (KBEI), Tehran, Iran.","DOI":"10.1109\/KBEI.2017.8325004"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Mohamedali, I.A., and Fadlalla, Y. (2017, January 17\u201319). Securing password in static password-based authentication: A review. Proceedings of the 2017 Sudan Conference on Computer Science and Information Technology (SCCSIT), Securing password in static password-based authentication: A review, Elnihood, Sudan.","DOI":"10.1109\/SCCSIT.2017.8293063"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Pansa, D., and Chomsiri, T. (2018, January 5\u20138). Integrating the Dynamic Password Authentication with Possession Factor and CAPTCHA. Proceedings of the 2018 Joint 10th International Conference on Soft Computing and Intelligent Systems (SCIS) and 19th International Symposium on Advanced Intelligent Systems (ISIS), Toyama, Japan.","DOI":"10.1109\/SCIS-ISIS.2018.00093"},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1016\/S0969-4765(16)30049-2","article-title":"Passwords are broken\u2013The future shape of biometrics","volume":"2016","author":"Ferbrache","year":"2016","journal-title":"Biom. Technol. Today"},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"5994","DOI":"10.1109\/ACCESS.2018.2889996","article-title":"A Survey on Biometric Authentication: Toward Secure and Privacy-Preserving Identification","volume":"7","author":"Rui","year":"2019","journal-title":"IEEE Access"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Kayem, A.V.D.M. (2016, January 23\u201325). Graphical Passwords\u2013A Discussion. Proceedings of the 2016 30th International Conference on Advanced Information Networking and Applications Workshops (WAINA), Crans, Montana.","DOI":"10.1109\/WAINA.2016.31"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Fayyadh, B.E., Mansour, K., and Mahmoud, K.W. (2018, January 17\u201318). A New Password Authentication Mechanism Using 2D Shapes. Proceedings of the 2018 8th International Conference on Computer Science and Information Technology (CSIT), Amman, Jordan.","DOI":"10.1109\/CSIT.2018.8486188"},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Yang, G.-C. (2017, January 8\u201310). PassPositions: A secure and user-friendly graphical password scheme. Proceedings of the 2017 4th International Conference on Computer Applications and Information Processing Technology (CAIPT), Kuta Bali.","DOI":"10.1109\/CAIPT.2017.8320723"},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"380","DOI":"10.1109\/THMS.2015.2487511","article-title":"PassBYOP: Bring Your Own Picture for Securing Graphical Passwords","volume":"46","author":"Bianchi","year":"2016","journal-title":"IEEE Trans. Hum. Mach. Syst."},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Pagar, V.R., and Pise, R.G. (2017, January 11\u201312). Strengthening password security through honeyword and Honeyencryption technique. Proceedings of the 2017 International Conference on Trends in Electronics and Informatics (ICEI), Tirunelveli, India.","DOI":"10.1109\/ICOEI.2017.8300819"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Sudramurthy, B., Obaidy, M.A., and Maata, R.L. (2017, January 14\u201316). Analysis of Authentication on Online Purchase Using Honey Password. Proceedings of the 2017 IEEE International Conference on Computational Intelligence and Computing Research (ICCIC), Coimbatore, India.","DOI":"10.1109\/ICCIC.2017.8524503"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Tse, D., Huang, K., Cai, B., and Liang, K. (2018, January 16\u201319). Robust Password-keeping System Using Block-chain Technology. Proceedings of the 2018 IEEE International Conference on Industrial Engineering and Engineering Management (IEEM), Bangkok, Thailand.","DOI":"10.1109\/IEEM.2018.8607284"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Morii, M., Tanioka, H., Ohira, K., Sano, M., Seki, Y., Matsuura, K., and Ueta, T. (2017, January 4\u20138). Research on Integrated Authentication Using Passwordless Authentication Method. Proceedings of the 2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC), Turin, Italy.","DOI":"10.1109\/COMPSAC.2017.198"},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Kumari, S., and Karuppiah, M. (2016, January 25\u201327). Security problems of a \u201cmore secure remote user authentication scheme. Proceedings of the 2016 International Conference on Advanced Communication Control and Computing Technologies (ICACCCT), Ramanathapuram, India.","DOI":"10.1109\/ICACCCT.2016.7831694"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Kurihara, Y., and Soshi, M. (2016, January 12\u201314). A novel hash chain construction for simple and efficient authentication. Proceedings of the 2016 14th Annual Conference on Privacy, Security and Trust (PST), Auckland, New Zeland.","DOI":"10.1109\/PST.2016.7907012"},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Jan, M.S., and Afzal, M. (2016, January 12\u201316). Hash chain based strong password authentication scheme. Proceedings of the 2016 13th International Bhurban Conference on Applied Sciences and Technology (IBCAST), Islamabad, Pakistan.","DOI":"10.1109\/IBCAST.2016.7429902"},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Babkin, S., and Epishkina, A. (2019, January 28\u201331). Authentication Protocols Based on One-Time Passwords. Proceedings of the 2019 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus), Saint Petersburg and Moscow, Russia.","DOI":"10.1109\/EIConRus.2019.8656839"},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Zaman, M.U., Shen, T., and Min, M. (2019, January 8\u201311). Hash Vine: A New Hash Structure for Scalable Generation of Hierarchical Hash Codes. Proceedings of the 2019 IEEE International Systems Conference (SysCon), Orlando, FL, USA.","DOI":"10.1109\/SYSCON.2019.8836921"},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Kim, Y., Kim, J., and Cho, S. (2017, January 2\u20134). Hybrid authentication scheme in peer-aware communication. Proceedings of the 2017 International Conference on Information Science and Communications Technologies (ICISCT), Tashkent, Uzbekistan.","DOI":"10.1109\/ICISCT.2017.8188574"},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Obaidat, M.A., and Brown, J. (2020). Two Factor Hash Verification (TFHV): A Novel Paradigm for Remote Authentication, IEEE International Symposium on Networks, Computers and Communications (ISNCC).","DOI":"10.1109\/ISNCC49221.2020.9297319"},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Faheem, M., Jamel, S., Hassan, A., Abubakar, Z., Shafinaz, N., and Mat, M. (2017). A Survey on the Cryptographic Encryption Algorithms. Int. J. Adv. Comput. Sci. Appl., 8.","DOI":"10.14569\/IJACSA.2017.081141"},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Biswas, S., and Biswas, S. (2017, January 3\u20135). Password security system with 2-way authentication. Proceedings of the 2017 Third International Conference on Research in Computational Intelligence and Communication Networks (ICRCICN), Kolkata, India.","DOI":"10.1109\/ICRCICN.2017.8234533"},{"key":"ref_39","unstructured":"Suguna, S., Dhanakoti, D.V., and Manjupriya, R. (2020, May 21). A STUDY ON SYMMETRIC AND ASYMMETRIC KEY ENCRYPTION ALGORITHMS. Available online: \/paper\/A-STUDY-ON-SYMMETRIC-AND-ASYMMETRIC-KEY-ENCRYPTION-Suguna-Dhanakoti\/0bc9f960bcb46010c95fc59286923d40c4e33a09."},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Chandra, S., Paira, S., Alam, S.S., and Sanyal, G. (2014, January 17\u201318). A comparative survey of Symmetric and Asymmetric Key Cryptography. Proceedings of the 2014 International Conference on Electronics, Communication and Computational Engineering (ICECCE), Hosur, India.","DOI":"10.1109\/ICECCE.2014.7086640"},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"Kaushik, S., and Gandhi, C. (, January 11\u201313). Cloud data security with hybrid symmetric encryption. Proceedings of the 2016 International Conference on Computational Techniques in Information and Communication Technologies (ICCTICT), New Delhi, India.","DOI":"10.1109\/ICCTICT.2016.7514656"},{"key":"ref_42","doi-asserted-by":"crossref","unstructured":"Khan, S., and Khan, F. (2016, January 4). Attempt based password. Proceedings of the 2016 13th International Bhurban Conference on Applied Sciences and Technology (IBCAST), Islamabad, Pakistan.","DOI":"10.1109\/IBCAST.2016.7429894"}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/20\/15\/4212\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T09:52:36Z","timestamp":1760176356000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/20\/15\/4212"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,7,29]]},"references-count":42,"journal-issue":{"issue":"15","published-online":{"date-parts":[[2020,8]]}},"alternative-id":["s20154212"],"URL":"https:\/\/doi.org\/10.3390\/s20154212","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,7,29]]}}}