| Peer-Reviewed

Two Aspect Authentication System Using Secure Mobile Devices

Received: 16 May 2013     Published: 10 June 2013
Views:       Downloads:
Abstract

Mobile devices are becoming more pervasive and more advanced with respect to their processing power and memory size. Relying on the personalized and trusted nature of such devices, security features can be deployed on them in order to uniquely identify a user to a service provider. In this paper, we present a strong authentication mechanism that exploits the use of mobile devices to provide a two-aspect authentication system. Our approach uses a combination of one-time passwords, as the first authentication aspect, and credentials stored on a mobile device, as the second aspect, to offer a strong and secure authentication approach. By Adding an SMS-based mechanism is implemented as both a backup mechanism for retrieving the password and as a possible mean of synchronization. We also present an analysis of the security and usability of this mechanism. The security protocol is analyzed against an adversary model; this evaluation proves that our method is safe against various attacks, most importantly key logging, shoulder surfing, and phishing attacks. Our simulation result evaluation shows that, although our technique does add a layer of indirectness that lessens usability; participants were willing to trade-off that usability for enhanced security once they became aware of the potential threats when using an untrusted computer.

Published in International Journal of Wireless Communications and Mobile Computing (Volume 1, Issue 1)
DOI 10.11648/j.wcmc.20130101.15
Page(s) 26-34
Creative Commons

This is an Open Access article, distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution and reproduction in any medium or format, provided the original work is properly cited.

Copyright

Copyright © The Author(s), 2013. Published by Science Publishing Group

Keywords

Computer Network Security, Mobile Handsets, One-Time Password, Smart Mobile Phones

References
[1] A. Jøsang and G. Sanderud, "Security in Mobile Communications: Challenges and Opportunities," in Proc. of the Australasian information security workshop conference on ACSW frontiers, 43-48, 2003.
[2] Aladdin Secure SafeWord 2008. Available at http://www.securecomputing.com/index.cfm?skey=1713
[3] A. Medrano, "Online Banking Security – Layers of Protection," Available at http://ezinearticles.com/?Online-Banking-Security---Layers-of-Protection&id=1353184
[4] B. Schneier, "Two-Aspect Authentication: Too Little, Too Late," in Inside Risks 178, Communications of the ACM, 48(4), April 2005.
[5] D. Ilett, "US Bank Gives Two-Aspect Authentication to Millions of Customers," 2005. Available at http://www.silicon.com/financialservices/0,3800010322,39153981,00.htm
[6] D. de Borde, "Two-Aspect Authentication," Siemens Enterprise Communications UK- Security Solutions, 2008. Available at http://www.insight.co.uk/files/whitepapers/Twoaspect%20authenticatio n%20(White%20paper).pdf
[7] A. Herzberg, "Payments and Banking with Mobile Personal Devices,"Communications of the ACM, 46(5), 53-58, May 2003.
[8] J. Brainard, A. Juels, R. L. Rivest, M. Szydlo and M. Yung, "Fourth-Aspect Authentication: Somebody You Know," ACM CCS, 168-78.2006.
[9] NBD Online Token. Available at http://www.nbd.com/NBD/NBD_CDA/CDA_Web_pages/Internet_Banking /nbdonline_topbanner
[10] N. Mallat, M. Rossi, and V. Tuunainen, "Mobile Banking Services,"Communications of the ACM, 47(8), 42-46, May 2004.
[11] "RSA Security Selected by National Bank of Abu Dhabi to Protect Online Banking Customers," 2005. Available at http://www.rsa.com/press_release.aspx?id =6092
[12] R. Groom, "Two Aspect Authentication Using BESTOKEN Pro USBToken." Available at http://bizsecurity.about.com/od/mobilesecurity/a/twoaspect.htm
[13] Sha4J. Available at http://www.softabar.com/home/content/view/46/68/
[14] SMSLib. Available at http://smslib.org
Cite This Article
  • APA Style

    S. Uvaraj, S. Suresh, N. KannaiyaRaja. (2013). Two Aspect Authentication System Using Secure Mobile Devices. International Journal of Wireless Communications and Mobile Computing, 1(1), 26-34. https://doi.org/10.11648/j.wcmc.20130101.15

    Copy | Download

    ACS Style

    S. Uvaraj; S. Suresh; N. KannaiyaRaja. Two Aspect Authentication System Using Secure Mobile Devices. Int. J. Wirel. Commun. Mobile Comput. 2013, 1(1), 26-34. doi: 10.11648/j.wcmc.20130101.15

    Copy | Download

    AMA Style

    S. Uvaraj, S. Suresh, N. KannaiyaRaja. Two Aspect Authentication System Using Secure Mobile Devices. Int J Wirel Commun Mobile Comput. 2013;1(1):26-34. doi: 10.11648/j.wcmc.20130101.15

    Copy | Download

  • @article{10.11648/j.wcmc.20130101.15,
      author = {S. Uvaraj and S. Suresh and N. KannaiyaRaja},
      title = {Two Aspect Authentication System Using Secure Mobile Devices},
      journal = {International Journal of Wireless Communications and Mobile Computing},
      volume = {1},
      number = {1},
      pages = {26-34},
      doi = {10.11648/j.wcmc.20130101.15},
      url = {https://doi.org/10.11648/j.wcmc.20130101.15},
      eprint = {https://article.sciencepublishinggroup.com/pdf/10.11648.j.wcmc.20130101.15},
      abstract = {Mobile devices are becoming more pervasive and more advanced with respect to their processing power and memory size. Relying on the personalized and trusted nature of such devices, security features can be deployed on them in order to uniquely identify a user to a service provider. In this paper, we present a strong authentication mechanism that exploits the use of mobile devices to provide a two-aspect authentication system. Our approach uses a combination of one-time passwords, as the first authentication aspect, and credentials stored on a mobile device, as the second aspect, to offer a strong and secure authentication approach. By Adding an SMS-based mechanism is implemented as both a backup mechanism for retrieving the password and as a possible mean of synchronization. We also present an analysis of the security and usability of this mechanism. The security protocol is analyzed against an adversary model; this evaluation proves that our method is safe against various attacks, most importantly key logging, shoulder surfing, and phishing attacks. Our simulation result evaluation shows that, although our technique does add a layer of indirectness that lessens usability; participants were willing to trade-off that usability for enhanced security once they became aware of the potential threats when using an untrusted computer.},
     year = {2013}
    }
    

    Copy | Download

  • TY  - JOUR
    T1  - Two Aspect Authentication System Using Secure Mobile Devices
    AU  - S. Uvaraj
    AU  - S. Suresh
    AU  - N. KannaiyaRaja
    Y1  - 2013/06/10
    PY  - 2013
    N1  - https://doi.org/10.11648/j.wcmc.20130101.15
    DO  - 10.11648/j.wcmc.20130101.15
    T2  - International Journal of Wireless Communications and Mobile Computing
    JF  - International Journal of Wireless Communications and Mobile Computing
    JO  - International Journal of Wireless Communications and Mobile Computing
    SP  - 26
    EP  - 34
    PB  - Science Publishing Group
    SN  - 2330-1015
    UR  - https://doi.org/10.11648/j.wcmc.20130101.15
    AB  - Mobile devices are becoming more pervasive and more advanced with respect to their processing power and memory size. Relying on the personalized and trusted nature of such devices, security features can be deployed on them in order to uniquely identify a user to a service provider. In this paper, we present a strong authentication mechanism that exploits the use of mobile devices to provide a two-aspect authentication system. Our approach uses a combination of one-time passwords, as the first authentication aspect, and credentials stored on a mobile device, as the second aspect, to offer a strong and secure authentication approach. By Adding an SMS-based mechanism is implemented as both a backup mechanism for retrieving the password and as a possible mean of synchronization. We also present an analysis of the security and usability of this mechanism. The security protocol is analyzed against an adversary model; this evaluation proves that our method is safe against various attacks, most importantly key logging, shoulder surfing, and phishing attacks. Our simulation result evaluation shows that, although our technique does add a layer of indirectness that lessens usability; participants were willing to trade-off that usability for enhanced security once they became aware of the potential threats when using an untrusted computer.
    VL  - 1
    IS  - 1
    ER  - 

    Copy | Download

Author Information
  • Arulmigu Meenakshi Amman College of Engineering, Kanchipuram

  • Sri Venkateswara College of Engineering, Kanchipuram

  • Defence Engineering College, Ethiopia

  • Sections