Abstract
Mobile phones offer unique advantages for secure authentication: they are small and portable, provide multiple data transfer channels, and are nearly ubiquitous. While phones provide a flexible and capable platform, phone designs vary, and the security level of an authentication solution is influenced by the choice of channels and authentication methods. It can be a challenge to get a consistent overview of the strengths and weaknesses of the available alternatives. Existing guidelines for authentication usually do not consider the specific problems in mobile phone authentication. We provide a method for evaluating and designing authentication solutions using mobile phones, using an augmented version of the Electronic Authentication Guideline.
Chapter PDF
Similar content being viewed by others
References
Security requirements for cryptographic modules. Technical Report 140-2, National Institute of Standards and Technology (2001), http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf
Aloul, F., Zahidi, S., El-Hajj, W.: Two factor authentication using mobile phones. In: AICCSA 2009, pp. 641–644 (May 2009)
Bonneau, J., Preibusch, S.: The password thicket: technical and market failures in human authentication on the web, pp. 1–10 (2010)
Burr, W.E., Dodson, D.F., Polk, W.T.: Electronic authentication guideline. Technical Report 800-63, National Institute of Standards and Technology (2008), http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf
Eliasson, C., Fiedler, M., Jorstad, I.: A criteria-based evaluation framework for authentication schemes in IMS. In: Proceedings of the 4th International Conference on Availability, Reliability and Security, pp. 865–869. IEEE Computer Society, Los Alamitos (2009)
Hiltgen, A., Kramp, T., Weigold, T.: Secure internet banking authentication. IEEE Security & Privacy 4(2), 21–29 (2006)
Mannan, M.S., van Oorschot, P.C.: Using a personal device to strengthen password authentication from an untrusted computer. In: Dietrich, S., Dhamija, R. (eds.) FC 2007 and USEC 2007. LNCS, vol. 4886, pp. 88–103. Springer, Heidelberg (2007)
Rannenberg, K.: Identity management in mobile cellular networks and related applications. Information Security Technical Report 9(1), 77–85 (2004)
van Thanh, D., Jorstad, I., Jonvik, T., van Thuan, D.: Strong authentication with mobile phone as security token. In: IEEE 6th International Conference on Mobile Adhoc and Sensor Systems, MASS 2009, pp. 777–782 (October 12-15, 2009)
Vapen, A., Byers, D., Shahmehri, N.: 2-clickAuth - optical challenge-response authentication. In: Proceedings of the 5th International Conference on Availability, Reliability and Security, pp. 79–86. IEEE Computer Society, Los Alamitos (2010)
Wu, M., Garfinkel, S., Miller, R.: Secure web authentication with mobile phones. In: Proceedings of DIMACS Workshop on Usable Privacy and Security Software (2004)
Yan, J., Blackwell, A., Anderson, R., Grant, A.: Password memorability and security: empirical results. IEEE Security & Privacy 2(5), 25–31 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 IFIP International Federation for Information Processing
About this paper
Cite this paper
Vapen, A., Shahmehri, N. (2011). Security Levels for Web Authentication Using Mobile Phones. In: Fischer-Hübner, S., Duquenoy, P., Hansen, M., Leenes, R., Zhang, G. (eds) Privacy and Identity Management for Life. Privacy and Identity 2010. IFIP Advances in Information and Communication Technology, vol 352. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-20769-3_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-20769-3_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-20768-6
Online ISBN: 978-3-642-20769-3
eBook Packages: Computer ScienceComputer Science (R0)