More Web Proxy on the site http://driver.im/

article

User perspective and security of a new mobile authentication method

Authors:

Wojciech MazurczykAuthors Info & Claims

Telecommunications Systems, Volume 69, Issue 3

Pages 365 - 379

https://doi.org/10.1007/s11235-018-0437-1

Published: 01 November 2018 Publication History

Abstract

This paper describes a new mobile authentication method which is based on an Open ID Connect standard and subscriber identity module card. The proposed solution enables users to access websites, services and applications without the need to remember passwords, responses or support of any equipment. The proposed method is evaluated from the users' perspective as well as from the security viewpoint. Moreover, we compare it with the two most popular existing authentication schemes i.e. static passwords and SMS OTP (one time password). In order to evaluate user's view on various authentication methods a questionnaire was prepared and distributed among 40 participants. Obtained results revealed that the new authentication scheme yielded better results than the existing methods. Finally, we also performed a security analysis with respect to all abovementioned authentication solutions to assess whether there are any major risks related to the proposed method.

References

[1]

https://www.statista.com. Statista {Online}. Available: https://www.statista.com/topics/2476/online-privacy/. Accessed February 5, 2017.

[2]

Kafle, V. P., Fukushima, Y., Fujikawa, K., & Harai, H. (2016). ID-based communication framework in future networks. Wireless Personal Communications, 86(4), 1735---1750.

Digital Library

[3]

Thamizhchelvy, K., & Geetha, G. (2012). E-banking security: Mitigating online threats using message authentication image (MAI) algorithm. In International conference on computing sciences (ICCS), 2012, Phagwara.

Digital Library

[4]

Veeraraghavan, P., Almuairfi, S., & Chilamkurti, N. (2016). Anonymous paperless secure payment system using clouds. The Journal of Supercomputing, 72(5), 1813---1824.

Digital Library

[5]

Kim, N. H., Lee, Y. S., Lim, H., Jo, H., & Lee, H. J. (2010). Online banking authentication system using mobile-OTP with QR-code. In 5th international conference on computer sciences and convergence information technology (ICCIT), 2010, Seoul.

[6]

Fang, X., & Zhan, J. (2010). Online banking authentication using mobile phones. In 5th international conference on future information technology (FutureTech 2010), Busan.

[7]

Kerttula, E. (2015). A novel federated strong mobile signature service--The finnish case. Journal of Network and Computer Applications, 56, 101---114.

Digital Library

[8]

Fernandez-Saavedra, B., Sanchez-Reillo, R., Ros-Gomez, R., & Liu-Jimenez, J. (2016). Small fingerprint scanners used in mobile devices: The impact on biometric performance. IET Biometrics, 5(1), 28---36.

[9]

Zareen, F. J., & Jabin, S. (2016). Authentic mobile-biometric signature verification system. IET Biometrics, 5(1), 13---19.

[10]

Choi, H.-S., Lee, B., & Yoon, S. (2016). Biometric authentication using noisy electrocardiograms acquired by mobile sensors. IEEE Access, 4, 1266---1273.

[11]

Liu, H., & Lazkani, E. E. (2016). Biometric inspired mobile network authentication and protocol validation. Mobile Networks and Applications, 21(1), 130---138.

Digital Library

[12]

Ghouzali, S., Lafkih, M., Abdul, W., Mikram, M., El Haziti, Mohammed, & Aboutajdine, D. (2016). Trace attack against biometric mobile applications. Mobile Information Systems, 2016, 1---15.

[13]

Torres, J., Izquierdo, A., & Sierra, J. M. (2007). Advances in network smart cards authentication. Computer Networks, 51(9), 2249---2261.

Digital Library

[14]

Ashraf, M., Aziz, S. M., & Kabir, M. L. (2009). A SIM-based electronic transaction authentication system. Computer Systems Science and Engineering, 24, 13---20.

[15]

Parka, H.-S., Leeb, H.-W., Leec, D. H., & Koa, H.-K. (2008). Multi-protocol authentication for SIP/SS7 mobile network. Computer Communications, 31(11), 2755---2763.

Digital Library

[16]

Mishra, D., Das, A. K., & Mukhopadhyay, S. (2016). A secure and efficient ECC-based user anonymity-preserving session initiation authentication protocol using smart card. Peer-to-Peer Networking and Applications, 9(1), 171---192.

[17]

Islam, S. H., Obaidat, M. S., & Amin, R. (2016). An anonymous and provably secure authentication scheme for mobile user. International Journal of Communication Systems, 29, 1529---1544.

Digital Library

[18]

Djellali, B., Belarbi, K., Chouarfia, A., & Lorenz, P. (2015). User authentication scheme preserving anonymity for ubiquitous devices. Security and Communication Networks, 8(17), 3131---3141.

Digital Library

[19]

Gope, P., & Hwang, T. (2016). An efficient mutual authentication and key agreement scheme preserving strong anonymity of the mobile user in global mobility networks. Journal of Network and Computer Applications, 62, 1---8.

Digital Library

[20]

Tsai, J.-L., & Lo, N.-W. (2016). Provably secure anonymous authentication with batch verification for mobile roaming services. Ad Hoc Networks, 44, 19---31.

Digital Library

[21]

Lu, Y., Li, L., Peng, H., & Yang, Y. (2016). Robust anonymous two-factor authenticated key exchange scheme for mobile client-server environment. Security and Communication Networks, 9(11), 1331---1339.

Digital Library

[22]

Alizadeha, M., Abolfazlic, S., Zamanid, M., Baharunb, S., & Sakuraia, K. (2016). Authentication in mobile cloud computing: A survey. Journal of Network and Computer Applications, 61, 59---80.

Digital Library

[23]

Yanga, X., Huanga, X., & Liu, J. K. (2016). Efficient handover authentication with user anonymity and untraceability for Mobile Cloud Computing. Future Generation Computer Systems, 62, 190---195.

Digital Library

[24]

Mayrhofer, R. (2014). An architecture for secure mobile devices. Security and Communication Networks, 8, 1958---1970.

Digital Library

[25]

Bicakcia, K., Unalb, D., Asciogluc, N., & Adalierc, O. (2014). Mobile authentication secure against man-in-the-middle attacks. Procedia Computer Science, 34, 323---329.

[26]

Abid, M. H., Jan, F., Mustafa, T., & Faridi, M. S. (2012). Cloud computing: A general user's perceptions and security issues at Universities of Faisalabad, Pakistan. International Journal of Computer Science Issues, 9(5), 375---380.

[27]

Weir, C. S., Douglas, G., Carruthers, M., & Jack, M. (2009). User perceptions of security, convenience and usability. Computers and Security, 28(1---2), 47---62.

Digital Library

[28]

Sari, P. K., Ratnasari, G. S., & Prasetio, A. (2015). An evaluation of authentication methods for smartphone based on users' preferences. In International conference on innovation in engineering and vocational education, Bandung.

[29]

http://openid.net/ {Online}. Available: http://openid.net/specs/openid-connect-core-1_0.html. Accessed 2017.

[30]

Hardt, D. (2012). https://tools.ietf.org/html/rfc6749. Internet Engineering Task Force (IETF), October 2012. {Online}. Available: https://tools.ietf.org/html/rfc6749. Accessed February 5, 2017.

[31]

http://www.simplypsychology.org {Online}. Available: http://www.simplypsychology.org/likert-scale.html. Accessed 2017.

[32]

https://www.owasp.org. OWASP {Online}. Available: https://www.owasp.org/index.php/HttpOnly. Accessed 2017.

[33]

https://www.owasp.org. OWASP {Online}. Available: https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet. Accessed 2017.

Cited By

Ying JZhu TLiu QXiong CWeng ZChen TFu LLv MWu HWang TChen Y(2024)TrapCog: An Anti-Noise, Transferable, and Privacy-Preserving Real-Time Mobile User Authentication System With High AccuracyIEEE Transactions on Mobile Computing10.1109/TMC.2023.326507123:4(2832-2848)Online publication date: 1-Apr-2024
https://dl.acm.org/doi/10.1109/TMC.2023.3265071
Yuanzhang LJunli LXinting XXiaosong ZLi ZQuanxin Z(2022)A robust packet‐dropping covert channel for mobile intelligent terminalsInternational Journal of Intelligent Systems10.1002/int.2286837:10(6928-6950)Online publication date: 25-Aug-2022
https://dl.acm.org/doi/10.1002/int.22868
McDonald ASugatan CGuberek TSchaub FKitamura YQuigley AIsbister KIgarashi TBjørn PDrucker S(2021)The Annoying, the Disturbing, and the Weird: Challenges with Phone Numbers as Identifiers and Phone Number RecyclingProceedings of the 2021 CHI Conference on Human Factors in Computing Systems10.1145/3411764.3445085(1-14)Online publication date: 6-May-2021
https://dl.acm.org/doi/10.1145/3411764.3445085
Show More Cited By

User perspective and security of a new mobile authentication method
1. Security and privacy
  1. Security services
2. Social and professional topics
  1. Computing / technology policy

Recommendations

A Secure and Robust Password-Based Remote User Authentication Scheme Using Smart Cards for the Integrated EPR Information System

An integrated EPR (Electronic Patient Record) information system of all the patients provides the medical institutions and the academia with most of the patients' information in details for them to make corrective decisions and clinical decisions in ...
A secure remote user mutual authentication scheme using smart cards

Authentication thwarts unauthorised users from accessing resources in insecure network environments. Password authentication based on smart cards is one of the simplest and most efficient authentication methods and is commonly deployed to authenticate ...
A robust anonymous biometric-based remote user authentication scheme using smart cards

Several biometric-based remote user authentication schemes using smart cards have been proposed in the literature in order to improve the security weaknesses in user authentication system. In 2012, An proposed an enhanced biometric-based remote user ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Telecommunications Systems

Telecommunications Systems Volume 69, Issue 3

November 2018

142 pages

ISSN:1018-4864

Issue’s Table of Contents

Copyright © Copyright © 2018 Springer Science+Business Media, LLC, part of Springer Nature.

Publisher

Kluwer Academic Publishers

United States

Publication History

Published: 01 November 2018

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 17 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Ying JZhu TLiu QXiong CWeng ZChen TFu LLv MWu HWang TChen Y(2024)TrapCog: An Anti-Noise, Transferable, and Privacy-Preserving Real-Time Mobile User Authentication System With High AccuracyIEEE Transactions on Mobile Computing10.1109/TMC.2023.326507123:4(2832-2848)Online publication date: 1-Apr-2024
https://dl.acm.org/doi/10.1109/TMC.2023.3265071
Yuanzhang LJunli LXinting XXiaosong ZLi ZQuanxin Z(2022)A robust packet‐dropping covert channel for mobile intelligent terminalsInternational Journal of Intelligent Systems10.1002/int.2286837:10(6928-6950)Online publication date: 25-Aug-2022
https://dl.acm.org/doi/10.1002/int.22868
McDonald ASugatan CGuberek TSchaub FKitamura YQuigley AIsbister KIgarashi TBjørn PDrucker S(2021)The Annoying, the Disturbing, and the Weird: Challenges with Phone Numbers as Identifiers and Phone Number RecyclingProceedings of the 2021 CHI Conference on Human Factors in Computing Systems10.1145/3411764.3445085(1-14)Online publication date: 6-May-2021
https://dl.acm.org/doi/10.1145/3411764.3445085
Ma SFeng RLi JLiu YNepal SDiethelm Bertino EDeng RMa ZJha SBalenson D(2019)An empirical study of SMS one-time password authentication in Android appsProceedings of the 35th Annual Computer Security Applications Conference10.1145/3359789.3359828(339-354)Online publication date: 9-Dec-2019
https://dl.acm.org/doi/10.1145/3359789.3359828

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents