Token-based Authentication for Smartphones

Manuel Koschuch, Matthias Hudler, Hubert Eigner, Zsolt Saffer

2013

Abstract

Due to short - but frequent - sessions of smartphone usage, the fast and easy usability of authentication mechanisms in this special environment has a big impact on user acceptance. In this work we propose a user-friendly alternative to common authentication methods (like PINs and patterns). The advantages of the proposed method are its security, fastness, and easy usage, requiring minimal user interaction compared to other authentication techniques currently used on smartphones. The mechanism described uses the presence of a Bluetooth-connected hardware-token to authenticate the user and can easily be implemented on current smartphones. It is based on an authentication protocol which meets the requirements on energy efficiency and limited resources by optimizing the communication effort. A prototype was implemented on an Android smartphone and an MSP430 based MCU. The token allows fast authentication without the need for additional user action. The entire authentication process can be completed in less than one second, the developed software prototype requires no soft- or hardware modifications (like rooting) of the Android phone.

References

  1. Aviv, A. J., Gibson, K., Mossop, E., Blaze, M., and Smith, J. M. (2010). Smudge attacks on smartphone touch screens. In Proceedings of the 4th USENIX conference on Offensive technologies, WOOT'10, pages 1- 7, Berkeley, CA, USA. USENIX Association.
  2. CertiVox (2013). Certivox miracl crypto sdk. http://certivox.com/index.php/solutions/ miracl-crypto-sdk/.
  3. Cozza, R., Milanesi, C., Zimmermann, A., Nguyen, T. H., Vergne, H. J. D. L., Shen, S., Gupta, A., Sato, A., Lu, C., and Glenn, D. (2012). Market share: Mobile devices by region and country, 4q11 and 2011. Technical report, Gartner Report.
  4. Diffie, W. and Hellman, M. (1976). New directions in cryptography. Information Theory, IEEE Transactions on, 22(6):644 - 654.
  5. Dörflinger, T., Voth, A., Krämer, J., and Fromm, R. (2010). ”my smartphone is a safe! ” the user's point of view regarding novel authentication methods and gradual security levels on smartphones. In Security and Cryptography (SECRYPT), Proceedings of the 2010 International Conference on, pages 1 -10.
  6. Menezes, A. J., van Oorschot, P. C., and Vanstone, S. A. (2001). Handbook of Applied Cryptography. CRC Press, 5th printing edition.
  7. Mobahat, H. (2010). Authentication and lightweight cryptography in low cost rfid. In Software Technology and Engineering (ICSTE), 2010 2nd International Conference on, volume 2, pages V2-123 -V2-129.
  8. Potlapally, N. R., Ravi, S., Raghunathan, A., and Jha, N. K. (2006). A study of the energy consumption characteristics of cryptographic algorithms and security protocols. Mobile Computing, IEEE Transactions on, 5(2):128 - 143.
  9. Texas Instruments (2012). Texas instruments inc.: Msp430 + cc2560 bluetooth platform. http://www.ti.com/ lit/ml/swpt038/swpt038.pdf.
  10. Thanh, D. V., Jorstad, I., Jonvik, T., and Thuan, D. V. (2009). Strong authentication with mobile phone as security token. In Mobile Adhoc and Sensor Systems, 2009. MASS 7809. IEEE 6th International Conference on, pages 777 -782.
Download


Paper Citation


in Harvard Style

Koschuch M., Hudler M., Eigner H. and Saffer Z. (2013). Token-based Authentication for Smartphones . In Proceedings of the 4th International Conference on Data Communication Networking, 10th International Conference on e-Business and 4th International Conference on Optical Communication Systems - Volume 1: DCNET, (ICETE 2013) ISBN 978-989-8565-72-3, pages 51-56. DOI: 10.5220/0004520000510056


in Bibtex Style

@conference{dcnet13,
author={Manuel Koschuch and Matthias Hudler and Hubert Eigner and Zsolt Saffer},
title={Token-based Authentication for Smartphones},
booktitle={Proceedings of the 4th International Conference on Data Communication Networking, 10th International Conference on e-Business and 4th International Conference on Optical Communication Systems - Volume 1: DCNET, (ICETE 2013)},
year={2013},
pages={51-56},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004520000510056},
isbn={978-989-8565-72-3},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 4th International Conference on Data Communication Networking, 10th International Conference on e-Business and 4th International Conference on Optical Communication Systems - Volume 1: DCNET, (ICETE 2013)
TI - Token-based Authentication for Smartphones
SN - 978-989-8565-72-3
AU - Koschuch M.
AU - Hudler M.
AU - Eigner H.
AU - Saffer Z.
PY - 2013
SP - 51
EP - 56
DO - 10.5220/0004520000510056