Using Structural Diversity to Enforce Strong Authentication of Mobiles to the Cloud

International audienceModern portable devices such as smartphones are enhanced by advanced functionalities and may therefore soon become both the preferred portable computing device (thereby substituting laptops) and the personal trusted device. They are also increasingly used to access to online cloud services, including those particularly sensitive which require high security. This paper introduces an original and strong authentication method for mobiles. It involves a two factor scheme enhanced through network channels and devices diversity. Our solution combines an OTP-based approach using an IoT object as secondary device in addition to the smartphone. The diversity of the network's channels rests on the use of one of the LPWAN networks together with LTE or WIFI networks. Authentication factors are therefore transmitted over different channels through different devices thus greatly reducing the attack surface. The proposal is also enhanced by end-to-end encryption of the transferred sensitive contents. The link with the authorization issues is analyzed and the integration of our approach to OpenID Connect/OAuth 2.0 is investigated. A platform that implements this scheme has been developed, tested and evaluated under different attack scenarios