Abstract
Internet users’ platform move toward smart mobile devices like smartphones and tablet PCs, so the user authentication and access control for the mobile users are strongly required to support information securities. Mobile devices have weak points like low computing power, limited power, and restricted interfaces compared with the PC. So, these characteristics of mobile devices require light-weight and stable user authentication methods. This paper proposes user authentication LSAM (Lightweight & Stable Authentication Method) applicable to smart mobile devices (representatively Smartphone). LSAM gives a way to identify the users through random matrix displayed on smart mobile devices. Authentication Token used in LSAM is featured with variations on values of the matrix, so it is safe to replay attack and sniffing attack. LSAM does not need additional devices; it is just operated as the interface software on the mobile smartphone. We will show the evaluation criteria of the mainly used hacking techniques like the Challenger Variability, Replay Attack, Brute-force Attack, MITM (Man–In-The-Middle Attack) and measured the degree of defenses of our proposed authentication algorithm to these attacks.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Morris, R., Thompson, K.: Password security: a case history. Commun. of the ACM 22(11), 594–597 (1979)
Riddle, B.L., Miron, M.S., Semo, J.A.: Passwords in use in a university timesharing environment. Computers & Security 8(7), 569–579 (1989)
Jobusch, D.L., Oldehoeft, A.E.: A survey of password mechanisms: Weaknesses and potential improvements. Compuers & Security 8(7), 587–604 (1989)
Feldmeier, D.C., Karn, P.R.: UNIX Password Security - Ten Years Later. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 44–63. Springer, Heidelberg (1990)
Bishop, M., Klein, D.V.: Improving system security via proactive password checking. Computers & Security 14(3), 233–249 (1995)
Bunnell, J., Podd, J., Henderson, R., Napier, R., Kennedy-Moffat, J.: Cognitive, associative and conventional passwords: Recall and guessing rates. Computers & Security 16(7), 629–641 (1997)
Furnell, S.M., Dowland, P.S., Illingworth, H.M., Reynolds, P.L.: Authentication and supervision: A survey of user attitudes. Computers & Security 19(6), 529–539 (2000)
Pond, R., Podd, J., Bunnell, J., Henderson, R.: Word association computer passwords: The effect of formulation techniques on recall and guessing rates. Computers & Security 19(7), 645–656 (2000)
Abdullayeva, F., Imamverdiyev, Y., Musayev, V., Wayman, J.: Analysis of security vulnerabilities in Biometric systems. In: PCI 2008 Proc. (September 2008)
Uludag, U., Jain, A.K.: Attacks on biometric systems; a case study in fingerprints. In: SPIE-EI 2004 Proc. (June 2004)
Broemme, A.: A Risk Analysis Approach for Biometric Authentication Technology. International Journal of Network Security 2(1), 52–63 (2006)
Brown, A.S., Bracken, E., Zoccoli, S., Douglas, K.: Generating and Remembering Passwords. Applied Cognitive Psychology 18(6), 641–651 (2004)
Yan, J., Blackwell, A., Anderson, R.: Password Memorability and Security; Empirical Results. Security & Pravacy 2(5), 25–31 (2004)
Adams, A., Sasse, M.A., Lunt, P.: Making Passwords Secure and Usable. In: Proc. of HCI on People and Comuters, pp. 1–19 (1997)
Gutmann, P., Grigg, I.: Security Usability. Security & Privacy 3(4), 56–58 (2005)
FFIE Council, ”Authentication in an Internet Banking Environment”
Weir, C.S., Douglas, G., Carruthers, M., Jack, M.: User perceptions of security, convenience and usability for ebanking authentication tokens. Computers & Security 28(1), 47–62 (2009)
Liao, I.E., Lee, C.C., Hwang, M.S.: A password authentication scheme over insecure networks. Journal of Computer and System Sciences 72(4), 727–740 (2006)
Joyce, R., Gupta, G.: Identity authentication based on keystroke latencies. Commun. of the ACM 33(2), 168–176 (1990)
Kim, H.J.: Biometrics, is it a viable proposition for identity authentication and access control. Computers & Security 14(3), 205–214 (1995)
O’Gorman, L.: Comparing Passwords, Tokens, and Biometrics for User Authentication. Proc. of the IEEE 91(12), 2021–2040 (2003)
http://en.wikipedia.org/wiki/Challenge-response_authentication
Ansari, S., Rajeev, S.G., Chandrashekar, H.S.: Packet sniffing: a brief introduction. IEEE Potentials 21(5), 17–19 (2002)
Shannon, C.E.: Communication Theory of Secrecy Systems (1949)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yoo, S., Yoo, J., Park, P., Ryou, J. (2011). A Lightweight and Stable Authentication Method for the Internet Access Control in Smartphones. In: Abd Manaf, A., Zeki, A., Zamani, M., Chuprat, S., El-Qawasmeh, E. (eds) Informatics Engineering and Information Science. ICIEIS 2011. Communications in Computer and Information Science, vol 251. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25327-0_29
Download citation
DOI: https://doi.org/10.1007/978-3-642-25327-0_29
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-25326-3
Online ISBN: 978-3-642-25327-0
eBook Packages: Computer ScienceComputer Science (R0)