Name
Abstract | ||
|---|---|---|
Frequent outbreak of password database leaks and server breaches in recent years manifests the aggravated security problems of web authentication using only password. Two-factor authentication, despite being more secure and strongly promoted, has not been widely applied to web authentication. Leveraging the unprecedented popularity of both personal mobile devices (e.g., Smartphones) and barcode scans through camera, we explore a new horizon in the design space of two-factor authentication. In this paper, we present CamAuth, a web authentication scheme that exploits pervasive mobile devices and digital cameras to counter various password attacks including man-in-the-middle and phishing attacks. In CamAuth, a mobile device is used as the second authentication factor to vouch for the identity of a use who is performing a web login from a PC. The device communicates directly with the PC through the secure visible light communication channels, which incurs no cellular cost and is immune to radio frequency attacks. CamAuth employs public-key cryptography to ensure the security of authentication process. We implemented a prototype system of CamAuth that consists of an Android application, a Chrome browser extension, and a Java-based web server. Our evaluation results indicate that CamAuth is a viable scheme for enhancing the security of web authentication. |
Year | DOI | Venue |
|---|---|---|
2015 | 10.1109/HASE.2015.41 | HASE |
Keywords | Field | DocType |
public-key cryptography,pervasive mobile devices,design space,digital cameras,user identity,database leaks,chrome browser extension,security problems,web authentication security,man-in-the-middle attacks,web login,android application,radio frequency attacks,computer crime,server breaches,camauth,smartphones,authentication process,barcode scans,internet,password outbreak,password attacks,authorisation,cameras,public key cryptography,secure visible light communication channels,personal mobile devices,smart phones,message authentication,phishing attacks,mobile computing,two-factor authentication,java-based web server,servers,authentication | Lightweight Extensible Authentication Protocol,Chip Authentication Program,Challenge-Handshake Authentication Protocol,Computer security,Challenge–response authentication,Computer science,S/KEY,One-time password,Authentication protocol,Multi-factor authentication | Conference |
ISSN | Citations | PageRank |
1530-2059 | 2 | 0.37 |
References | Authors | |
18 | 5 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Mengjun Xie | 1 | 212 | 23.46 |
| Yanyan Li | 2 | 10 | 1.45 |
| Kenji Yoshigoe | 3 | 84 | 13.88 |
| Remzi Seker | 4 | 60 | 14.21 |
| Jiang Bian | 5 | 7 | 1.14 |