论文信息 - Mobile Authentication Secure against Man-in-the-Middle Attacks

Mobile Authentication Secure against Man-in-the-Middle Attacks

Current mobile authentication solutions puts a cognitive burden on users to detect and avoid Man-In-The-Middle attacks. In this paper, we present a mobile authentication protocol named Mobile-ID which prevents Man-In-The-Middle attacks without relying on a human in the loop. With Mobile-ID, the message signed by the secure element on the mobile device incorporates the context information of the connected service provider. Hence, upon receiving the signed message the Mobile-ID server could easily identify the existence of an on-going attack and notify the genuine service provider.

Kemal Bicakci | Devrim Unal | Nadir Ascioglu | Oktay Adalier

[1] Bruce Schneier,et al. Two-factor authentication: too little, too late , 2005, CACM.

[2] Audun Jøsang,et al. An Experimental Investigation of the Usability of Transaction Authorization in Online Bank Security Systems , 2008, AISC.

[3] Moti Yung,et al. Contextual OTP: Mitigating Emerging Man-in-the-Middle Attacks with Wireless Hardware Tokens , 2012, ACNS.

[4] Lorrie Faith Cranor,et al. A Framework for Reasoning About the Human in the Loop , 2008, UPSEC.

[5] Frank Stajano,et al. The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes , 2012, 2012 IEEE Symposium on Security and Privacy.

[6] Dan Boneh,et al. Transaction Generators: Root Kits for Web , 2007, HotSec.