Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Stronger Authentication for Password Credential Internet Services
Luleå University of Technology, Department of Computer Science, Electrical and Space Engineering, Computer Science.ORCID iD: 0000-0003-0593-1253
Luleå University of Technology, Department of Computer Science, Electrical and Space Engineering, Computer Science. Luleå University of Technology, Centre for Critical Infrastructure and Societal Security.ORCID iD: 0000-0003-0244-3561
Number of Authors: 2
2017 (English)In: Proceedings of the 2017 Third Conference on Mobile and Secure Services (MOBISECSERV) / [ed] Pascal Urien, Selwyn Piramuthu, Piscataway, NJ: IEEE conference proceedings, 2017, p. 41-45, article id 7886566Conference paper, Published paper (Refereed)
Abstract [en]

Most Web and other on-line service providers (”Inter- net Services”) only support legacy ID (or email) and password (ID/PW) credential authentication. However, there are numerous vulnerabilities concerning ID/PW credentials. Scholars and the industry have proposed several improved security solutions, such as MFA, however most of the Internet Services have refused to adopt these solutions. Mobile phones are much more sensitive to these vulnerabilities (so this paper focuses on mobile phones). Many users take advantage of password managers, to keep track of all their Internet Service profiles. However, the Internet Service profiles found in password managers, are normally kept on the PC or mobile phone’s disk, in an encrypted form. Our first contribution is a design guideline, whereby the Internet Service profiles never need to touch the client’s disk. Most users would benefit, if they had the ability to use MFA, to login to a legacy Internet Service, which only supports ID/PW credential authentication. Our second contribution is a design guideline, whereby users can choose, for each legacy ID/PW Internet Service, which specific MFA they wish to use. We have also presenting conceptual design guidelines, showing that both of our contributions are minor changes to existing password managers, which can be implemented easily with low overhead.

Place, publisher, year, edition, pages
Piscataway, NJ: IEEE conference proceedings, 2017. p. 41-45, article id 7886566
Keyword [en]
Mobile Device Management, Security, Credentials, Android, Identification, Authentication, Password, Stormpath
National Category
Computer Sciences Information Systems, Social aspects Media and Communication Technology
Research subject
Information systems; Mobile and Pervasive Computing
Identifiers
URN: urn:nbn:se:ltu:diva-61952DOI: 10.1109/MOBISECSERV.2017.7886566ISI: 000403395200008Scopus ID: 2-s2.0-85018333420ISBN: 978-1-5090-3632-5 (electronic)OAI: oai:DiVA.org:ltu-61952DiVA, id: diva2:1073594
Conference
3rd Conference On Mobile And Secure Services, Miami Beach, FL, 11-12 February 2017
Projects
Centre for Critical Infrastructure and Societal Security
Available from: 2017-02-11 Created: 2017-02-11 Last updated: 2018-01-13Bibliographically approved

Open Access in DiVA

fulltext(102 kB)216 downloads
File information
File name FULLTEXT01.pdfFile size 102 kBChecksum SHA-512
00482d87691ce573e37cfd3db40955e02cb95fe48a2fbbc952381d3f4d5ceb864c3989239fb3d4ddab6001ada82bff97918f9ea27a86fcf0c5df770965722782
Type fulltextMimetype application/pdf

Other links

Publisher's full textScopushttp://mobisecserv.org

Search in DiVA

By author/editor
Booth, ToddAndersson, Karl
By organisation
Computer ScienceCentre for Critical Infrastructure and Societal Security
Computer SciencesInformation Systems, Social aspectsMedia and Communication Technology

Search outside of DiVA

GoogleGoogle Scholar
Total: 216 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 544 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf