Abstract
We present a novel approach to authenticate and authorize a user, using her personal smartphone. The presented architecture is complemented with a proof-of-concept implementation. The implemented system architecture is based on a single sign-on solution (SSO), extended to allow the usage of the smartphone as authentication and authorization device. We evaluated the system within real-world scenarios, observing users’ behavior using the novel technique. Based on our experiences, we summarize advances, made both in usability and security, for novel implementations using the proposed concept.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Hammer-Lahav, E.: RFC 5849 – The OAuth 1.0 protocol. Technical report, IETF (2010)
Recordon, D., Reed, D.: OpenID 2.0: A Platform for User-Centric Identity Management. In: Proceedings of the 2nd ACM workshop on Digital Identity Management, DIM 2006, pp. 11–16. ACM, New York (2006)
Miculan, M., Urban, C.: Formal analysis of Facebook Connect single sign-on authentication protocol. In: SOFSEM, vol. 11, pp. 22–28 (2011)
Erdos, M., Cantor, S.: Shibboleth-Architecture Draft v05. Internet2/MACE (May 2002)
Parker, T.: Single Sign-On Systems – The Technologies and the Products. In: European Convention on Security and Detection, pp. 151–155 (May 1995)
M’Raihi, D., Bellare, M., Hoornaert, F., Naccache, D., Ranen, O.: RFC 4226 – HOTP: An HMAC-Based One-Time Password Algorithm. Technical Report 4226, IETF (December 2005)
De Luca, A., Frauendienst, B., Boring, S., Hussmann, H.: My Phone is my Keypad: Privacy-Enhanced PIN-Entry on Public Terminals. In: Proceedings of the 21st Annual Conference of the Australian Computer-Human Interaction Special Interest Group: Design: Open 24/7, OZCHI 2009, pp. 401–404. ACM, New York (2009)
Vapen, A., Byers, D., Shahmehri, N.: 2-clickAuth Optical Challenge-Response Authentication. In: IEEE International Conference on Availability, Reliability, and Security, pp. 79–86 (2010)
Mayrhofer, R., Fuss, J., Ion, I.: UACAP: A Unified Auxiliary Channel Authentication Protocol. IEEE Transactions on Mobile Computing 99 (2012)
Mizuno, S., Yamada, K., Takahashi, K.: Authentication Using Multiple Communication Channels. In: Proceedings of the 2005 Workshop on Digital Identity Management, DIM 2005, pp. 54–62. ACM, New York (2005)
De Luca, A., Frauendienst, B.: A Privacy-Respectful Input Method for Public Terminals. In: Proceedings of the 5th Nordic Conference on Human-computer Interaction: Building Bridges. NordiCHI 2008, pp. 455–458. ACM, New York (2008)
Möller, A., Michahelles, F., Diewald, S., Roalter, L., Kranz, M.: Update Behavior in App Markets and Security Implications: A Case Study in Google Play. In: Poppinga, B. (ed.) Proceedings of the 3rd International Workshop on Research in the Large. Held in Conjunction with Mobile HCI, pp. 3–6 (September 2012)
Müller, J., Alt, F., Michelis, D.: Pervasive Advertising. Pervasive Advertising, 1–29 (2011)
Kranz, M., Holleis, P., Schmidt, A.: Ubiquitous Presence Systems. In: Proceedings of the 2006 ACM Symposium on Applied Computing, pp. 1902–1909. ACM, New York (2006)
Davies, N., Langheinrich, M., Jose, R., Schmidt, A.: Open Display Networks: A Communications Medium for the 21st Century. Computer 45(5), 58–64 (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Roalter, L., Diewald, S., Möller, A., Stockinger, T., Kranz, M. (2013). User-Friendly Authentication and Authorization Using a Smartphone Proxy. In: Moreno-Díaz, R., Pichler, F., Quesada-Arencibia, A. (eds) Computer Aided Systems Theory - EUROCAST 2013. EUROCAST 2013. Lecture Notes in Computer Science, vol 8112. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-53862-9_50
Download citation
DOI: https://doi.org/10.1007/978-3-642-53862-9_50
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-53861-2
Online ISBN: 978-3-642-53862-9
eBook Packages: Computer ScienceComputer Science (R0)