A personal authentication scheme using mobile technology (original) (raw)
Related papers
Online Authentication Using Smart-Card Technology in Mobile Phone Infrastructure
2011
The widespread of Internet usage has resulted in a greater number and variety of applications involving different types of private information. In order to diminish privacy concerns and strengthen user trust, security improvements in terms of authentication are necessary. The solutions need to be convenient, entailing ease of use and higher mobility. The suggested approach is to make use of the already popular mobile phone and to involve the mobile network, benefiting from Subscriber Identity Module (SIM) card's tamper resistance to become trusted entities guarding personal information and identifying users. Mobile phone's SIM card is convenient for safely storing security parameters essential for secured communication. It becomes secure entity compulsory for getting access to privacy sensitive Internet applications, like those involving money transfers. Utilizing the NFC interface passes the personal user keys only when needed, giving additional strength to the traditional public key cryptography approach in terms of security and portability.
A strong user authentication scheme with smart cards for wireless communications
Computer Communications, 2011
Seamless roaming over wireless network is highly desirable to mobile users, and security such as authentication of mobile users is challenging. Recently, due to tamper-resistance and convenience in managing a password file, some smart card based secure authentication schemes have been proposed. This paper shows some security weaknesses in those schemes. As the main contribution of this paper, a secure and light-weight authentication scheme with user anonymity is presented. It is simple to implement for mobile user since it only performs a symmetric encryption/decryption operation. Having this feature, it is more suitable for the low-power and resource-limited mobile devices. In addition, it requires four message exchanges between mobile user, foreign agent and home agent. Thus, this protocol enjoys both computation and communication efficiency as compared to the well-known authentication schemes. As a special case, we consider the authentication protocol when a user is located in his/her home network. Also, the session key will be used only once between the mobile user and the visited network. Besides, security analysis demonstrates that our scheme enjoys important security attributes such as preventing the various kinds of attacks, single registration, user anonymity, no password/verifier table, and high efficiency in password authentication, etc. Moreover, one of the new features in our proposal is: it is secure in the case that the information stored in the smart card is disclosed but the user password of the smart card owner is unknown to the attacker. To the best of our knowledge, until now no user authentication scheme for wireless communications has been proposed to prevent from smart card breach. Finally, performance analysis shows that compared with known smart card based authentication protocols, our proposed scheme is more simple, secure and efficient.
Effective Authentication Mechanisms for Mobile Devices :Smartcard(SMCA,BSCA)
2011
This is an era of mobile communications and computing where mobiles are being used in place of traditional computers. Mobile devices are small, handy devices that can be carried around by the user very easily. A user holding the mobile device will have access to the information even at the places where no internet terminal is available. Due to this reason, they are heavily being used in the business environment in managing application, e-mail correspondence, accessing the remote corporate data, handling voice calls, etc. But the mobile devices are still lack-in most important security features such as user authentication, content encryption, virus protection, confidentiality, integrity, etc. The sensitive information stored in the mobile devices is not secure (can be accessed by an unauthorized user). Mobile device poses limited storage and processing power, and the low battery-power. It is also tedious to implement the cryptographic algorithms on mobile devices because they need he...
In 2012, Mun et al. proposed an enhanced secure authentication with key-agreement protocol for roaming service in global mobility networks environment based on elliptic curve cryptography. They claimed that their protocol is efficient and resistant to prominent security attacks. The careful analysis of this study proves that Mun et al.'s protocol is susceptible to several attacks such as replay attack, man-in-middle attack, user impersonation attack, privileged insider attack, denial-of-service attack, no login phase and imperfect mutual authentication phase. In addition, this study proposes an enhanced lightweight authentication with key-agreement protocol for mobile networks based on elliptic curve cryptography using smart cards. The proposed protocol is lightweight and perfectly suitable for real-time applications as it accomplishes simple one-way hash function, message authentication code and exclusive-OR operation. Furthermore, it achieves all the eminent security properties and is resistant to various possible attacks. The security analysis and comparison section demonstrates that the proposed protocol is robust compared with Mun et al.'s protocol.
A New Hybrid Authentication Protocol to Secure Data Communications in Mobile Networks
The growing area of lightweight devices, such as mobile cell phones, PDA … conduct to the rapid growth of mobile networks, they are playing important role in everyone's day. Mobile Networks offer unrestricted mobility and tender important services like M-business, M-Learning, where, such services need to keep security of data as a top concern. The root cause behind the eavesdroppers in these networks is the un-authentication. Designing authentication protocol for mobile networks is a challenging task, because, mobile device's memory, processing power, bandwidths are limited and constrained. Cryptography is the important technique to identify the authenticity in mobile networks. The authentication schemes for this networks use symmetric or asymmetric mechanisms. In this paper, we propose a hybrid authentication protocol that is based on Elliptic Curve Cryptography which is, actually, the suitable technique for mobile devices because of its small key size and high security.
A Privacy-Preserving User Authentication Scheme for WirelessSensor Network Users
seamless roaming over wireless network is very attractive to portable clients, and security, for example, verification of mobile clients is testing. As of late, because of alter protection and comfort in dealing with a secret word record, some shrewd card based secure confirmation plans have been proposed. This paper demonstrates some security shortcomings in those plans. As the fundamental commitment of this paper, a protected and lightweight verification plot with client secrecy is introduced. It is easy to execute for mobile client since it just plays out a symmetric encryption/decoding operation. Having this component, it is more appropriate for the low-power and asset restricted cell phones. Likewise, it requires four message trades between mobile client, outside specialist and home operator. Therefore, this convention appreciates both calculation and correspondence proficiency when contrasted with the outstanding confirmation plans. As an uncommon case, we consider the confirmation convention when a client is situated in his/her home system. In this paper, we propose a privacy-preserving all inclusive authentication protocol, called priauth, which gives solid client obscurity against the two busybodies and remote servers, session key foundation, and accomplishes productivity. In particular, priauth gives an effective way to deal with handle the issue of client renouncement while supporting solid client untraceability.
User authentication scheme preserving anonymity for ubiquitous devices
Security and Communication Networks, 2015
With the evolution of information technologies, mobile devices (e.g., cell phone, personal digital assistant, and notebook PC) have swamped all domains of the active life. At anytime and anywhere, they are in research of service to satisfy their immediate needs. The services are remotely provided and implemented in sites that verify the legitimacy of the user over an insecure communication channel. The mechanism that authenticates remote user and allows legitimate users to access network services over insecure communication network is known by remote user authentication. Smart card-based authentication is one of the most widely used and practical solutions to remote user authentication. In this paper, we propose a smart card-based authentication scheme that aims to provide more functionality to resist well-known attacks. It provides both user anonymity and mutual authentication in simple and efficient mechanism that can be applicable to limited resources. This mechanism can be suitable to ubiquitous computing environments in which a variety of wireless mobile devices with limited power and computation capacity are deployed.
43rd Annual 2009 International Carnahan Conference on Security Technology, 2009
Due to rapid advance of the RFID systems, there is sufficient computing power to implement the encryption and decryption required for the authentication during transactions nowadays. In addition, RFID tags have enough capacity to store the corresponding information. Therefore, RFID enabled credit card can be used to improve the potential security issues occurred while using the traditional credit card, however, the limitation of the production cost of RFID tag, its computing power and storage capacity is limited. Thus, it cannot perform sophisticated computation needed for the authentication mechanism, i.e., security technologies adopted from traditional wireless network cannot be transplanted to the contactless RFID transmission directly. Many solutions have been proposed to improve the RFID security issues raised in the research. Most of these studies assume the communication infrastructure between the RFID reader and the back-end database are based wired enterprise networking environment which is usually defined as the secured communication channel. However, there are many applications that users need to use RFID enabled handheld devices such as mobile phones or PDAs to link with the back-end database via wireless communication protocols like GSM, GPRS or wi-fi. These communication channels are exposed to unsafe environments and the security issues must be taken into account. In this paper, we construct an RFID system based on mobile communication devices such as cellular phones. We propose an effective and secured certificate mechanism using mobile devices as RFID readers together with the credit cards containing RFID tags. The result shows it can improve the existing RFID security issues under the premise of safety, efficiency and compatibility of the EPC network.
Journal of Computer Science, 2019
In this paper, we proposed a new Authentication Protocol for Mobile Applications using NFC technology (AP for MAN). The proposed protocol minimizes the required time to complete the authentication process between the shared entities with a high level of privacy. According to the main security measures, the proposed protocol is evaluated. The current paper presents a new idea for preventing denial of service attack and preserves the limited mobile device capability. The proposed protocol is checked using BAN logic and established that it has no redundancy, the mutual authentication property between the shared parties is verified. The implementation of the proposed protocol shows that it works as designed and it is practical.
A potpourri of authentication mechanisms the mobile device way
Nowadays the use of mobile devices, such as smartphones and tablets, are rapidly increasing in network services, proliferating to almost every environment. This massive appearance of mobile devices creates significant opportunities to leverage these mobile devices to establish novel types of services. However there are also significant concerns about the privacy and security of sensitive data exchanged and stored on these devices. Since these devices are usually embodied with numerous characteristics like camera devices, 3G and NFC connection that can be used to create new alternative authentication schemes in order to guarantee users identity.