An Analysis of Server-Side Design for Seed-Based Mobile Authentication

With the growing popularity of mobile apps, the security issues of mobile apps become critical. Similar to traditional cyber security, mobile security includes authentication, data integrity, and data privacy. Seed-based authentication is a novel approach for mobile systems. The key idea is to extract seeds from files such as images and generate random numbers for authentication. However, in seed-based authentication, the server side design is different from traditional username-password paradigm. Few work has been done to address server-side issues on seed-based authentication. In this paper, we focus on analyzing server-side design of seed-based authentication. We develop a prototype system and set up experiments to evaluate our server-side design.

[1]  Abhay Kumar,et al.  A Comprehensive Study on Two-factor Authentication with One Time Passwords , 2013 .

[2]  Xinwen Zhang,et al.  Apex: extending Android permission model and enforcement with user-defined runtime constraints , 2010, ASIACCS '10.

[3]  Keke Gai,et al.  Proactive user-centric secure data scheme using attribute-based semantic access controls for mobile clouds in financial industry , 2018, Future Gener. Comput. Syst..

[4]  Mark A. Moraes,et al.  Parallel random numbers: As easy as 1, 2, 3 , 2011, 2011 International Conference for High Performance Computing, Networking, Storage and Analysis (SC).

[5]  Michael Weber,et al.  MIBA: multitouch image-based authentication on smartphones , 2013, CHI Extended Abstracts.

[6]  S. Akula,et al.  Image Based Registration and Authentication System , 2004 .

[7]  Li-Chiou Chen,et al.  Seed-based authentication , 2015, 2015 International Conference on Collaboration Technologies and Systems (CTS).

[8]  Adrian David Cheok,et al.  22nd International Conference on Human-Computer Interaction with Mobile Devices and Services , 2007, Lecture Notes in Computer Science.

[9]  Meikang Qiu,et al.  Privacy Protection for Preventing Data Over-Collection in Smart City , 2016, IEEE Transactions on Computers.

[10]  Keke Gai,et al.  Proactive Attribute-based Secure Data Schema for Mobile Cloud in Financial Industry , 2015, 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conference on Embedded Software and Systems.

[11]  Hideki Koike,et al.  Awase-E: Image-Based Authentication for Mobile Phones Using User's Favorite Images , 2003, Mobile HCI.

[12]  Joachim H. Ahrens,et al.  Pseudo-random numbers , 2005, Computing.