User-Friendly Authentication and Authorization Using a Smartphone Proxy

We present a novel approach to authenticate and authorize a user, using her personal smartphone. The presented architecture is complemented with a proof-of-concept implementation. The implemented system architecture is based on a single sign-on solution (SSO), extended to allow the usage of the smartphone as authentication and authorization device. We evaluated the system within real-world scenarios, observing users’ behavior using the novel technique. Based on our experiences, we summarize advances, made both in usability and security, for novel implementations using the proposed concept.

[1]  Drummond Reed,et al.  OpenID 2.0: a platform for user-centric identity management , 2006, DIM '06.

[2]  Alexander De Luca,et al.  A privacy-respectful input method for public terminals , 2008, NordiCHI.

[3]  Heinrich Hußmann,et al.  My phone is my keypad: privacy-enhanced PIN-entry on public terminals , 2009, OZCHI.

[4]  Eran Hammer-Lahav,et al.  The OAuth 1.0 Protocol , 2010, RFC.

[5]  Albrecht Schmidt,et al.  Pervasive advertising , 2009, GI Jahrestagung.

[6]  David M'Raïhi,et al.  HOTP: An HMAC-Based One-Time Password Algorithm , 2005, RFC.

[7]  T. A. Parker Single sign-on systems-the technologies and the products , 1995 .

[8]  Nahid Shahmehri,et al.  2-clickAuth Optical Challenge-Response Authentication , 2010, 2010 International Conference on Availability, Reliability and Security.

[9]  René Mayrhofer,et al.  UACAP: A Unified Auxiliary Channel Authentication Protocol , 2013, IEEE Transactions on Mobile Computing.

[10]  Hisham M. Haddad Proceedings of the 2006 ACM symposium on Applied computing , 2006, SAC.

[11]  Scott B. Cantor,et al.  Shibboleth architecture draft v05 , 2002 .

[12]  Kenji Takahashi,et al.  Authentication using multiple communication channels , 2005, DIM '05.

[13]  Caterina Urban,et al.  Formal analysis of Facebook Connect Single Sign-On authentication protocol , 2010 .

[14]  Albrecht Schmidt,et al.  Ubiquitous presence systems , 2006, SAC '06.

[15]  Albrecht Schmidt,et al.  Open Display Networks: A Communications Medium for the 21st Century , 2012, Computer.

[16]  Andreas Möller,et al.  Update Behavior in App Markets and Security Implications : A Case Study in Google Play , 2012 .