论文信息 - Strengthening SMS-Based Authentication through Usability

Strengthening SMS-Based Authentication through Usability

Current state-of-the art solutions for online banking authentication and identity management include methods for re-authenticating users via out-of-band channels for each transaction. SMS-based schemes belong to this category, and can provide strong authentication to protect against security attacks. Poor usability of these schemes is still a problem, which makes them vulnerable to other obvious attacks. This paper describes a method for improving the usability of typical SMS-based authentication schemes which thereby will improve their overall security.

Audun Jøsang | Ernest Foo | Adrian McCullagh | Mohammed Al Zomai

[1] Spencer C. Lee. An Introduction to Identity Management , 2003 .

[2] J. D. Tygar,et al. Usability of Security: A Case Study, , 1998 .

[3] Elaine Lawrence,et al. Bluetooth as an enabling technology in mobile transactions , 2005, International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II.

[4] Diana K. Smetters,et al. In search of usable security: five lessons from the field , 2004, IEEE Security & Privacy Magazine.

[5] M. Angela Sasse,et al. Users are not the enemy , 1999, CACM.

[6] Martina Angela Sasse,et al. Computer Security: Anatomy of a Usability Disaster, and a Plan for Recovery , 2003 .

[7] J. Doug Tygar,et al. Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[8] Audun Jøsang,et al. Usability and Privacy in Identity Management Architectures , 2007, ACSW.

[9] Owen Rees,et al. Identity Management: a Key e-Business Enabler , 2002 .

[10] Audun Jøsang,et al. An Experimental Investigation of the Usability of Transaction Authorization in Online Bank Security Systems , 2008, AISC.