Engineering Graphical Captcha and AES Crypto Hash Functions for Secure Online Authentication


Password alone is not trusted for user online authentication since mere password cannot give full surety of proper access control. The authentication of the users is one of the key areas in research and practice in the domain of e-security. The threats from hackers are also growing and therefore need for a highly efficient defense safeguard protection against hackers and unauthorized users. The different password entering techniques create problems related to usability and inherent security issues, whereas CAPTCHA techniques came into picture to boost up security via automated assistance. This CAPTCHA automated test is to be built qualified by real humans but not by a computer program. Such CAPTCHA program can be used to distinguish between humans and robots. This CAPTCHA has many applications in the online security domain which is merged with encrypted hash function as accommodating advantages of retaining the facility of the graphical password schemes. This paper proposes engineering an authentication technique using graphical CAPTCHA with an AES encrypted hash password to maintain an applicable security accessing systems. We proposed three layered security system that joins highly efficient security mechanisms to avoid users stress of entering password many times or different other hectic routines in order to save account accessing. This engineering authentication technique includes modules of CAPTCHA combined with SHA2 cryptography to efficiently improve the online security showing fast attractive remarks as compared to related systems.

Author Biographies

Nafisah Kheshaifaty , Umm Al-Qura University

Nafisah Matouq Kheshaifaty is a graduate student pursuing Master of Sciences (MS) degree in Computer Science and Engineering from UQU Makkah main campus. Her studies are fully sponsored by the Ministry of Education in Saudi Arabia. Currently her MS Thesis is specialized in “Engineering Systems Accessibility via Multi-Level Password Authentication” under supervision of Prof. Adnan Gutub within computer security track offered, hoping to complete her MS degree requirements soon during 2021.

Adnan Gutub, Umm Al-Qura University
Prof. Adnan Abdul-Aziz Gutub is ranked as Full Professor in Computer Engineering specialized in Information and Computer Security within College of Computers and Information Systems at Umm Al-Qura University (UQU). He has been working as the Vice Dean of the Custodian of the Two Holy Mosques Institute of the Hajj & OmrahResearch, Known publicly as Hajj Research Institute (HRI), within (UQU), Makkah Al-Mukarramah, all Muslims religious Holy City located within the Kingdom of Saudi Arabia. Adnan’s academic experience in Computer Engineering was gained from his previous long-time work as Associate Professor, Assistant Professor, Lecturer, and Graduate Assistant, all in Computer Engineering at King Fahd University of Petroleum and Minerals (KFUPM) in Dhahran, Saudi Arabia. He received his Ph.D. degree (2002) in Electrical and Computer Engineering  from Oregon State University, USA. He had his BS in Electrical Engineering and MS in Computer Engineering both from KFUPM, Saudi Arabia. Adnan's research work can be observed through his 90+ publications (international journals and conferences) as well as his 5 US patents registered officially by USPTO. His main research interests involved optimizing, modeling, simulating, and synthesizing VLSI hardware for crypto and security computer arithmetic operations. He worked on designing efficient integrated circuits for the Montgomery inverse computation in different finite fields. He has some work in modeling architectures for RSA and elliptic curve crypto operations. His interest in computer security also involved steganography and secret-sharing focusing on image based steganography and Arabic text steganography as well as counting based secret sharing. Adnan’s research interest in computing and information technology have been broaden to also relate to smart crowd management and intelligent transportation engineering systems because of the involvement in Hajj and OmrahResearch at UQU - Makkah. In summer 2013, Adnan has been awarded 3-month visiting scholar grant in collaboration with Purdue University, West Lafayette, Indiana, USA. He had been involved in research of current studies related to Arabic Text Steganography in Data Security as well as Elliptic Curve Crypto Processor Designs. His activities at Purdue was in relation to three main research groups: Distributed Multimedia Systems Laboratory, Center for Education and Research in Information Assurance and Security (CERIAS), Visual Analytics for Command, Control, and Interoperability Environments (VACCIEN). Previously, Adnan have been twice awarded the UK visiting internship for 2 months of summer 2005 and summer 2008, both sponsored by the British Council in Saudi Arabia. The 2005 summer research visit was at Brunel University to collaborate with the Bio-Inspired Intelligent System (BIIS) research group in a project to speed-up a scalable modular inversion hardware architecture. The 2008 visit was at University of Southampton with the Pervasive Systems Centre (PSC) for research related to text steganography and data security. Administratively, Adnan Gutub filled many executive and managerial academic positions at KFUPM as well as UQU. At KFUPM - Dhahran, he had the experience of chairing the Computer Engineering department (COE) for five years until moving to Makkah in 2010. Then, at UQU - Makkah, Adnan Chaired the Information Systems Department at the College of Computers and Information Systems followed by his leadership of the Center of Research Excellence in Hajj and Omrah (HajjCoRE) serving as HajjCoRE director for around 3-years until the end of 2013. Then, he was assigned his last position (until March 2016) as the Vice Dean of HRI, i.e. the Custodian of the Two Holy Mosques Institute of the Hajj & Omrah Research. For more details about Adnan and his activities, you are welcome to visit the links at the top of the webpage!!
Computer Engineering