An Efficient QR Code Based Web Authentication Scheme

Nowadays, web authentication is the main and important measure which guarantees the information security and data privacy. Web authentication provides the basis of user accessibility and data security. In the last few years, frequent outbreaks in the password databases lead to a main concern in the data security. The default method for the web authentication is password only mechanism. There are many security problems associated with the password only approach. Many users have a tendency to reuse the same password in different websites. So when one password is being compromised, it may lead to the password break of the other websites due to the password reuse. In order to improve the security, Two factor authentication (TFA) is strongly recommended. But despite of this, TFA has not been widely accepted in the web authentication mechanism. Due to the high scale and drastic popularity of the mobile phone and an inbuilt function of the barcode scanning through camera lead to a new two factor authentication method. In this paper, the proposed two factor authentication protocol uses mobile phone with one or more camera as the second factor for the authentication. The proposed TFA in web authentication counter various attacks such as man in the middle attack (MITM), phishing attacks and so on. Here password is the first factor and mobile is used as the second factor for the web authentication. The communication between the mobile phone and the PC is with the help of visible light. Visible light communication has many advantages as compared with other communication mechanisms. There is a less cellular cost in this scheme which indicates the user does not need cellular network or Wi-Fi for the authentication

Deployment of Keystroke Analysis on a Smartphone

The current security on mobile devices is often limited to the Personal Identification Number (PIN), a secretknowledge based technique that has historically demonstrated to provide ineffective protection from misuse. Unfortunately, with the increasing capabilities of mobile devices, such as online banking and shopping, the need for more effective protection is imperative. This study proposes the use of two-factor authentication as an enhanced technique for authentication on a Smartphone. Through utilising secret-knowledge and keystroke analysis, it is proposed a stronger more robust mechanism will exist. Whilst keystroke analysis using mobile devices have been proven effective in experimental studies, these studies have only utilised the mobile device for capturing samples rather than the more computationally challenging task of performing the actual authentication. Given the limited processing capabilities of mobile devices, this study focuses upon deploying keystroke analysis to a mobile device utilising numerous pattern classifiers. Given the trade-off with computation versus performance, the results demonstrate that the statistical classifiers are the most effective

Two-factor Authentication in Smartphones: Implementations and Attacks

Two-factor authentication is the method of combining two so called authentication factors in order to enhance the security of user authentication. An authentication factor is defined as ”Something the user knows, has or is”. Something the user knows is often the traditional username and password, something the user has is something that the user is in physical possession of and something the user is is a physical trait of the user, such as biometrics. Two-factor authentication greatly enhances security attributes compared to traditional password-only methods. With the advent of the smartphone, new convenient authentication methods have been developed in order to take advantage of the versatility such devices provide. However, older two-factor authentication methods such as sending codes via SMS are still widely popular and in the case of the smartphone opens up new attack vectors for criminals to exploit by creating malware that is able to gain control over SMS functionality. This thesis explores, discusses and compares three distinct two-factor authentication methods used in smartphones today in the sense of security and usability. These are mTAN (mobile Transaction Authentication Number), TOTP (Time-based One Time Password Algorithm) and PKI (Public Key Infrastructure). Both practial and theoretical attacks against these methods are reviewed with a focus on malicious software and advantages and disadvantages of each method are presented. An in-depth analysis of an Android smartphone SMS-stealing trojan is done in order to gain a deeper understanding of how smartphone malware operates

An Approach to Secure Mobile Enterprise Architectures

Due to increased security awareness of enterprises for mobile applications operating with sensitive or personal data as well as extended regulations form legislative (the principle of proportionality) various approaches, how to implement (extended) two-factor authentication, multi-factor authentication or virtual private network within enterprise mobile environments to ensure delivery of secure applications, have been developed. Within mobile applications it will not be sufficient to rely on security measures of the individual components or interested parties, an overall concept of a security solution has to be established which requires the interaction of several technologies, standards and system components. These include the physical fuses on the device itself as well as on the network layer (such as integrated security components), security measures (such as employee agreements, contract clauses), insurance coverage, but also software technical protection at the application level (e.g. password protection, encryption, secure container). The purpose of this paper is to summarize the challenges and practical successes, providing best practices to fulfill appropriate risk coverage of mobile applications. I present a use case, in order to proof the concept in actual work settings, and to demonstrate the adaptability of the approach.Comment: 8 pages, 9 figures, tutorial pape

AI-Oriented Two-Phase Multi-Factor Authentication in SAGINs: Prospects and Challenges

Space-air-ground integrated networks (SAGINs), which have emerged as an expansion of terrestrial networks, provide flexible access, ubiquitous coverage, high-capacity backhaul, and emergency/disaster recovery for mobile users (MUs). While the massive benefits brought by SAGIN may improve the quality of service, unauthorized access to SAGIN entities is potentially dangerous. At present, conventional crypto-based authentication is facing challenges, such as the inability to provide continuous and transparent protection for MUs. In this article, we propose an AI-oriented two-phase multi-factor authentication scheme (ATMAS) by introducing intelligence to authentication. The satellite and network control center collaborate on continuous authentication, while unique spatial-temporal features, including service features and geographic features, are utilized to enhance the system security. Our further security analysis and performance evaluations show that ATMAS has proper security characteristics which can meet various security requirements. Moreover, we shed light on lightweight and efficient authentication mechanism design through a proper combination of spatial-temporal factors.Comment: Accepted by IEEE Consumer Electronics Magazin

2-Factor authentication for mobile applications : introducing DoubleSec

With the increasing desire also of private individuals to access their confidential data even from their mobile devices, the need for strong security controls for such application arises – in the same way as it has years ago in the area of web applications. This paper covers one of the most important parts thereof: the login process that allows an application on a mobile device accessing data from a server using two-factor authentication

A Novel Authentication Method That Combines Honeytokens and Google Authenticator

Despite the rapid development of technology, computer systems still rely heavily on passwords for security, which can be problematic. Although multi-factor authentication has been introduced, it is not completely effective against more advanced attacks. To address this, this study proposes a new two-factor authentication method that uses honeytokens. Honeytokens and Google Authenticator are combined to create a stronger authentication process. The proposed approach aims to provide additional layers of security and protection to computer systems, increasing their overall security beyond what is currently provided by single-password or standard two-factor authentication methods. The key difference is that the proposed system resembles a two-factor authentication but, in reality, works like a multi-factor authentication system. Multi-factor authentication (MFA) is a security technique that verifies a user’s identity by requiring multiple credentials from distinct categories. These typically include knowledge factors (something the user knows, such as a password or PIN), possession factors (something the user has, such as a mobile phone or security token), and inherence factors (something the user is, such as a biometric characteristic like a fingerprint). This multi-tiered approach significantly enhances protection against potential attacks. We examined and evaluated our system’s robustness against various types of attacks. From the user’s side, the system is as friendly as a two-factor authentication method with an authenticator and is more secure

Design, Formal Specification and Analysis of Multi-Factor Authentication Solutions with a Single Sign-On Experience

Over the last few years, there has been an almost exponential increase of the number of mobile applications that deal with sensitive data, such as applications for e-commerce or health. When dealing with sensitive data, classical authentication solutions based on username-password pairs are not enough, and multi-factor authentication solutions that combine two or more authentication elements of different categories are required. Many different such solutions are available, but they usually cover the scenario of a user accessing web applications on their laptops, whereas in this paper we focus on native mobile applications. This changes the exploitable attack surface and thus requires a specific analysis. In this paper, we present the design, the formal specification and the security analysis of a solution that allows users to access different mobile applications through a multi-factor authentication solution providing a Single Sign-On experience. The formal and automated analysis that we performed validates the security goals of the solution we propose