Mobile Security
2011 International Conference on Communication Systems and Network Technologies
Token Based Authentication using Mobile Phone
Parekh Tanvi SIMS, Indore tanvi.parekh@sims-indore.com Gawshinde Sonal SSSIST, Indore sonal209@yahoo.co.in Sharma Mayank Kumar IET-DAVV, Indore leomayank @yahoo.com
Abstract: Digital identity is the key representation of user and getting most crucial subject for information security. The password based authentication is weak solution and no longer adequate. User select static password which is easy to guess and remember, relevant information or common for all authentication process. This simplicity makes weak authentication scheme; as so far, static passwords are known as easiest target for attackers. Further, Security Token based runtime interaction could extend the strength of authentication control. Security tokens can be used for strong authentication but inconvenient for user and costly for the service providers. To avoid the user inconvenient and extra cost mobile phone is an emerging alternative. These papers comprise the study of various digital identification schemes and give motivation to integrate mobile token. In order to establish standard for mobile token, work starts with the review of current schemes and explores the security architecture for strong authentication with mobile token. Password algorithm is derived to generate dynamic password for token authentication. Thereafter explore various authentication mechanisms to implement mobile token on different prospective. At the end, it describes the various test cases and evolutionary result of various attacks on suggested schemes.
could be great solution. These solutions make cheaper and flexible strong authentication for user as well as for the service provider and reduces worry of carrying extra hardware for identification only. In this paper we have used mobile phone as security token and proposed an authentication model for strong digital identification. To increase
Token Based Authentication using Mobile Phone
Parekh Tanvi SIMS, Indore tanvi.parekh@sims-indore.com Gawshinde Sonal SSSIST, Indore sonal209@yahoo.co.in Sharma Mayank Kumar IET-DAVV, Indore leomayank @yahoo.com
Abstract: Digital identity is the key representation of user and getting most crucial subject for information security. The password based authentication is weak solution and no longer adequate. User select static password which is easy to guess and remember, relevant information or common for all authentication process. This simplicity makes weak authentication scheme; as so far, static passwords are known as easiest target for attackers. Further, Security Token based runtime interaction could extend the strength of authentication control. Security tokens can be used for strong authentication but inconvenient for user and costly for the service providers. To avoid the user inconvenient and extra cost mobile phone is an emerging alternative. These papers comprise the study of various digital identification schemes and give motivation to integrate mobile token. In order to establish standard for mobile token, work starts with the review of current schemes and explores the security architecture for strong authentication with mobile token. Password algorithm is derived to generate dynamic password for token authentication. Thereafter explore various authentication mechanisms to implement mobile token on different prospective. At the end, it describes the various test cases and evolutionary result of various attacks on suggested schemes.
could be great solution. These solutions make cheaper and flexible strong authentication for user as well as for the service provider and reduces worry of carrying extra hardware for identification only. In this paper we have used mobile phone as security token and proposed an authentication model for strong digital identification. To increase
References: Fadi Aloul, Syed Zahidi, Wassim El-Hajj “Two Factor Authentication Using Mobile Phones” proceeding of 978-1-42443806-8/0 IEEE Conference in 2009. 2. SIMSON L. GARFINKEL “Email-Based Identification and Authentication: An Alternative to PKI?” published by The IEEE Computer Society proceeding 1540-7993/03 in 2003. 3. Ghassan Kbar “Wireless Network Token-Based Fast Authentication” published in proceeding of 17th International Conference on Telecommunication 978-1-4244-5247-7/09 in 2010. 4. Sharma M.K., Gawshinde S., Parekh T., “Values of Authentication in E-Business” published in proceeding of 1st International Conference in 2011. 5. Do van Thanh, Ivar Jorstad, Tore Jenvik “Strong Authentication with mobile phone as token” Proceeding of 978-1-4244-5113-5/09 IEEE Conference in 2009. 6. Haidong Xia, Jos´e Brustoloni “Virtual Prepaid Tokens for Wi-Fi Hotspot Access” Proceedings of the 29th Annual IEEE International Conference on Local Computer Networks (LCN’04) 0742-1303-in 2004. 7. Hristo Bojinov, Dan Boneh “Mobile Token-Based Authentication on a Budget” in Proceeding ACM 978-1-4503-0649-2 in 2010. 8. L. E. Sebola and W.T. Penzhorn “A Secure Mobile Commerce System for the Vending of Prepaid Electricity Tokens”. 9. D. Ilett, “US Bank Gives Two-Factor Authentication to Millions of Customers” 2005. 10. A. Herzberg, “Payments and Banking with Mobile Personal Device” Communications of the ACM, 46(5), 53-58, May 2003. 11. “RSA Security Selected by National Bank of Abu Dhabi to ProtectvOnline Banking Customers” 2005 Available at http:// www.rsa.com/press reease.aspx: id=6092. 1. Table 1 Comparison of two factor Authentication VII. CONCLUSION Security is the mandatory key element to get success of any digital solution. Authentication is the way to prove that; the user, trying to access the account is authentic? This paper explores the possibilities to use of mobile phone instead of security tokens for strong authentication. Static password is no longer secure and easily vulnerable for attackers. Security token can be easily extending the authentication strength but extra cost, single use and server synchronization become most shortcoming issues. Further, hardware token is given to each user for the respective account which increases the number of carried tokens and the cost. For the manufacturing and maintaining them, has become a burden on both the client and 88