Multi-Device Authentication using Wearables and IoT

Jan Hajny, Petr Dzurenda, Lukas Malina

Abstract

The paper presents a novel cryptographic authentication scheme that makes use of the presence of electronic devices around users. The scheme makes authentication more secure by involving devices that are usually worn by users (such as smart-watches, fitness bracelets and smart-cards) or are in their proximity (such as sensors, home appliances, etc.). In our scheme, the user private key is distributed over all personal devices thus cannot be compromised by breaking into only a single device. Furthermore, involving wearables and IoT devices makes it possible to use multiple authentication factors, such as user's position, his behavior and the state of the surrounding environment. We provide the full cryptographic specification of the protocol, its formal security analysis and the implementation results in this paper.

References

  1. Camenisch, J. and et Al. (2012). Specification of the identity mixer cryptographic library. Technical report, IBM Research - Zurich.
  2. Camenisch, J. and Stadler, M. (1997a). Efficient group signature schemes for large groups. In Advances in Cryptology - CRYPTO 7897, volume 1294 of LNCS, pages 410-424. Springer Berlin / Heidelberg.
  3. Camenisch, J. and Stadler, M. (1997b). Proof systems for general statements about discrete logarithms. Technical report, IBM.
  4. Cha, B.-R., Lee, S.-H., Park, S.-B., and Ji, G.-K. L. Y.-K. (2015). Design of micro-payment to strengthen security by 2 factor authentication with mobile & wearable devices.
  5. Chien, H.-Y. and Huang, C.-W. (2007). Security of ultralightweight rfid authentication protocols and its improvements. SIGOPS Oper. Syst. Rev., 41(4):83-86.
  6. Fiat, A. and Shamir, A. (1987). How to prove yourself: Practical solutions to identification and signature problems. In Advances in Cryptology - CRYPTO 86, volume 263 of LNCS, pages 186-194. Springer Berlin / Heidelberg.
  7. Gonzalez-Manzano, L., de Fuentes, J., and Orfila, A. (2015). Access control for the cloud based on multidevice authentication. In Trustcom/BigDataSE/ISPA, 2015 IEEE, volume 1, pages 856-863. IEEE.
  8. Guillou, L. C. and Quisquater, J.-J. (1988). EUROCRYPT 7888: Workshop on the Theory and Application of Cryptographic Techniques, chapter A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory, pages 123-128. Springer Berlin Heidelberg, Berlin, Heidelberg.
  9. Lashkari, A. H., Danesh, M. M. S., and Samadi, B. (2009). A survey on wireless security protocols (wep, wpa and wpa2/802.11 i). In Computer Science and Information Technology, 2009. ICCSIT 2009. 2nd IEEE International Conference on, pages 48-52. IEEE.
  10. Neuman, B. C. and Ts' O, T. (1994). Kerberos: An authentication service for computer networks. Communications Magazine, IEEE, 32(9):33-38.
  11. Paquin, C. (2011). U-prove cryptographic specification v1.1. Technical report, Microsoft Corporation.
  12. Quisquater, J.-J., Guillou, L., Annick, M., and Berson, T. (1989). How to explain zero-knowledge protocols to your children. In Proceedings on Advances in cryptology, CRYPTO 7889, pages 628-631, New York, NY, USA. Springer-Verlag New York, Inc.
  13. Riva, O., Qin, C., Strauss, K., and Lymberopoulos, D. (2012). Progressive authentication: Deciding when to authenticate on mobile phones. In Presented as part of the 21st USENIX Security Symposium (USENIX Security 12), pages 301-316, Bellevue, WA. USENIX.
  14. Schnorr, C. P. (1991). Efficient signature generation by smart cards. Journal of Cryptology, 4:161-174.
  15. Shepherd, S. J. (1995). Continuous authentication by analysis of keyboard typing characteristics. In Security and Detection, pages 111-114.
  16. Xu, W. (2015). Mobile applications based on smart wearable devices. In Proceedings of the 13th ACM Conference on Embedded Networked Sensor Systems, pages 505-506. ACM.
Download


Paper Citation


in Harvard Style

Hajny J., Dzurenda P. and Malina L. (2016). Multi-Device Authentication using Wearables and IoT . In Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016) ISBN 978-989-758-196-0, pages 483-488. DOI: 10.5220/0006000004830488


in Bibtex Style

@conference{secrypt16,
author={Jan Hajny and Petr Dzurenda and Lukas Malina},
title={Multi-Device Authentication using Wearables and IoT},
booktitle={Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016)},
year={2016},
pages={483-488},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006000004830488},
isbn={978-989-758-196-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016)
TI - Multi-Device Authentication using Wearables and IoT
SN - 978-989-758-196-0
AU - Hajny J.
AU - Dzurenda P.
AU - Malina L.
PY - 2016
SP - 483
EP - 488
DO - 10.5220/0006000004830488