Name
Abstract | ||
|---|---|---|
Web authentication that is both secure and usable remains a challenge. Passwords are vulnerable to phishing attacks, while physical tokens face deployment obstacles. We propose to leverage the authentication infrastructure of cellular networks to enhance Web authentication. We design WebCallerID, a Web authentication scheme that uses cell phones as physical tokens and uses cellular networks as trusted identity providers. Since WebCallerID requires no user participation during authentication, it prevents security mistakes by users. WebCallerID also prevents rogue websites from replaying authentication assertions or stealing users' identities. We have implemented a prototype of WebCallerID using the OpenID framework. The prototype shows that WebCallerID seamlessly integrates into OpenID-capable Web authentication while avoiding phishing problems in OpenID and simplifying user participation. |
Year | DOI | Venue |
|---|---|---|
2011 | 10.3233/JCS-2011-0424 | Journal of Computer Security |
Keywords | Field | DocType |
authentication assertion,openid framework,authentication infrastructure,web authentication,user participation,web authentication scheme,openid-capable web authentication,webcallerid seamlessly,physical token,cellular network | Lightweight Extensible Authentication Protocol,World Wide Web,Chip Authentication Program,Challenge-Handshake Authentication Protocol,Generic Bootstrapping Architecture,Computer science,Challenge–response authentication,Computer security,Authentication protocol,Multi-factor authentication,Email authentication | Journal |
Volume | Issue | ISSN |
19 | 5 | 0926-227X |
Citations | PageRank | References |
2 | 0.36 | 21 |
Authors | ||
3 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Francis Hsu | 1 | 154 | 13.43 |
| Hao Chen | 2 | 2723 | 183.89 |
| Sridhar Machiraju | 3 | 435 | 37.08 |