Smartphone-based secure authenticated session sharing in Internet of Personal Things

In the context of password-based authentication, a user can only memorize limited number of usernames and passwords. They are generally referred to as user-credentials. Longer character length of passwords further adds complication in mastering them. The expansion of the Internet and our growing dependency on it, has made it almost impossible for us to handle the big pool of user-credentials. Using simple, same or similar passwords is considered a poor practice, as it can easily be compromised by password cracking tools and social engineering attacks. Therefore, a robust and painless technique to manage personal credentials for websites is desirable. In this paper, a novel technique for user-credentials management via a smart mobile device such as a smartphone in a local network is proposed. We present a secure user-credential management scheme in which user’s account login (username) and password associated with websites domain name is saved into the mobile device’s database using a mobile application. We develop a custom browser extension application for client and use it to import user’s credentials linked with the corresponding website from the mobile device via the local Wi-Fi network connection. The browser extension imports and identifies the authentication credentials and pushes them into the target TextBox locations in the webpage, ready for the user to execute. This scheme is suitably demonstrated between two personal devices in a local network.

[1]  Sangkil Kim,et al.  Wearable biomonitoring monopole antennas using inkjet printed electromagnetic band gap structures , 2012, 2012 6th European Conference on Antennas and Propagation (EUCAP).

[2]  Nick Savage,et al.  Graphical authentication based on user behaviour , 2010, 2010 International Conference on Security and Cryptography (SECRYPT).

[3]  Russ Housley,et al.  Counter with CBC-MAC (CCM) , 2003, RFC.

[4]  Mohammad Shahid,et al.  Novel scheme for securing passwords , 2009, 2009 3rd IEEE International Conference on Digital Ecosystems and Technologies.

[5]  Fang Hu,et al.  On the Application of the Internet of Things in the Field of Medical and Health Care , 2013, 2013 IEEE International Conference on Green Computing and Communications and IEEE Internet of Things and IEEE Cyber, Physical and Social Computing.

[6]  R.V. Yampolskiy User Authentication via Behavior Based Passwords , 2007, 2007 IEEE Long Island Systems, Applications and Technology Conference.

[7]  Antonio F. Gómez-Skarmeta,et al.  A decentralized approach for security and privacy challenges in the Internet of Things , 2014, WF-IoT.

[8]  Luigi Atzori,et al.  Network navigability in the social Internet of Things , 2014, 2014 IEEE World Forum on Internet of Things (WF-IoT).

[9]  Soma Bandyopadhyay,et al.  Negotiation-based privacy preservation scheme in internet of things platform , 2012, SecurIT '12.

[10]  Qiaoyan Wen,et al.  Preserving Sensor Location Privacy in Internet of Things , 2012, 2012 Fourth International Conference on Computational and Information Sciences.

[11]  G.N. Kodagoda,et al.  VoizLock - Human Voice Authentication System using Hidden Markov Model , 2008, 2008 4th International Conference on Information and Automation for Sustainability.

[12]  Jean-Philippe Vasseur,et al.  Interconnecting Smart Objects with IP: The Next Internet , 2010 .

[13]  Wi-Fi Alliance,et al.  Wi-Fi protected access , 2003 .

[14]  Jove Ilica,et al.  Self-Adaptive Requirements-Aware Intelligent Things , 2013, IOT 2013.

[15]  Luigi Atzori,et al.  Trustworthiness Management in the Social Internet of Things , 2014, IEEE Transactions on Knowledge and Data Engineering.

[16]  Rumen Kyusakov,et al.  Enabling Cloud Connectivity for Mobile Internet of Things Applications , 2013, 2013 IEEE Seventh International Symposium on Service-Oriented System Engineering.

[17]  Hu Tao,et al.  Preference-Based Privacy Protection Mechanism for the Internet of Things , 2010, 2010 Third International Symposium on Information Science and Engineering.