NFC Based Mobile Single Sign-On Solution as a Chrome Extension

Ufuk Celikkan, Can Gelis

Abstract

We describe the design and implementation of Single Sign-On authentication solution that uses a Near Field Communication enabled mobile phone. Such a solution relieves the users from remembering multiple username and passwords when authenticating themselves to various services on the internet. Mobile phones are today’s ubiquitous computing devices, used for a wide variety of purposes including authentication, tracking, medical care, entertainment and electronic payment. The primary advantage of NFC technology is that since it uses short range communication, it inherently provides another level of security, and being contactless, it is easy to use. Our solution is seamlessly integrated into the Chrome browser via a browser extension that allows users easy authentication and management personal information on the phone. The Google Chrome extension is written in JavaScript; However, this code (JavaScript) when running in a browser, cannot access the system resources of the computer due to browser security restrictions. Therefore a program written as a Java applet is implemented to run in the user’s computer. This applet, injected into the current web page by the extension, provides access to NFC Reader and supplies the bridge between Java and JavaScript. The user does not need to enter any account information, because it is retrieved from the phone via NFC and automatically submitted to the web login page.

References

  1. Felten, E.W. and Gaw, S., 2006. Password management strategies for online accounts, In Proceedings of the second symposium on Usable privacy and security, 2006, pp. 44-55.
  2. Florencio, D. and Herley, C., 2007. A large-scale study of web password habits, In Proceedings of the 16th international conference on World Wide Web, 2007, pp. 657 - 666.
  3. US-CERT, 2009. Choosing and Protecting Passwords, http://www.us-cert.gov/cas/tips/ST04-002.html, [Accessed 8 April 2014].
  4. OpenID, http://www.openid.net, [Accessed 8 April 2014].
  5. Steiner, J.G., Neuman, C. and Schiller, J.I., 1988. Kerberos: An Authentication Service for Open Network Systems, In Proceedings of Winter USENIX Conference, 1988.
  6. Sovis, P., Kohlar, F. and Schwenk, J., 2010. Security analysis of OpenID, In Proceedings of the Securing Electronic Business Processes-Highlights of the Information Security Solutions Europe 2010 Conference.
  7. Chinitz, J., 2000. Single Sign-On: Is It Really Possible? Information Systems Security, 9(1), pp 1-14.
  8. Coskun, V., Ozdenizci, B. and Ok, K., 2013. A Survey on Near Field Communication (NFC) Technology, Wireless Personal Communications, August 2013, 71 (3), pp. 2259-2294.
  9. Pashalidis, A. and Mitchel, C.J., 2003. A taxonomy of single sign on systems, In Information Security and Privacy, 8th Australasian Conference, ACISP 2003, July 9-11, 2003.
  10. De Clercq, J., 2002. Single Sign-On Architectures, In Proceedings of the International Conference on Infrastructure Security InfraSec 7802, pp 40-58.
  11. Password Director, Last Bit software. http://www.passworddirector.com, [Accessed 8 April 2014].
  12. Chome extension development http://developer.chrome.com/extensions/getstarted, [Accessed 8 April 2014].
  13. SNEP, 2013. Simple NDEF Exchange Protocol. Technical Specification, version 1.0, 2013. NFC Forum. http://members.nfc-forum.org/specs/spec_license, [Accessed 8 April 2014].
  14. NDEF, 2006. NFC data exchange format Technical specification, version 1.0, 2006. NFC Forum. http://members.nfc-forum.org/specs/spec_license, [Accessed 8 April 2014].
  15. ACR122U USB NFC Reader Aplication Programming Interface V2.02. http://downloads.acs.com.hk/drivers/en/APIACR122U-2.02.pdf, [Accessed 8 April 2014].
  16. LLCP, 2011.Logical link control protocol . Technical specification, version 1.1 2011. NFC Forum. http://members.nfc-forum.org/specs/spec_license, [Accessed 8 April 2014].
  17. Android NFC development. http://developer.android.com/guide/topics/connectivity /nfc/nfc.html, [Accessed 8 April 2014].
  18. PCSC, 2014. http://www.pcscworkgroup.com, [Accessed April 8 2014].
Download


Paper Citation


in Harvard Style

Celikkan U. and Gelis C. (2014). NFC Based Mobile Single Sign-On Solution as a Chrome Extension . In Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014) ISBN 978-989-758-045-1, pages 337-343. DOI: 10.5220/0005056703370343


in Bibtex Style

@conference{secrypt14,
author={Ufuk Celikkan and Can Gelis},
title={NFC Based Mobile Single Sign-On Solution as a Chrome Extension},
booktitle={Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014)},
year={2014},
pages={337-343},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005056703370343},
isbn={978-989-758-045-1},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014)
TI - NFC Based Mobile Single Sign-On Solution as a Chrome Extension
SN - 978-989-758-045-1
AU - Celikkan U.
AU - Gelis C.
PY - 2014
SP - 337
EP - 343
DO - 10.5220/0005056703370343