Skip to main content
SpringerLink
Log in

KeyPocket - Improving Security and Usability for Provider Independent Login Architectures with Mobile Devices

  • Conference paper
Security and Privacy in Communication Networks (SecureComm 2015)

Abstract

Nowadays, many daily duties being of a private as well as of a business nature are handled with the help of online services. Due to migrating formerly local desktop applications into clouds (e.g., Microsoft Office Online, etc.), services become available by logging in into a user account through a web browser. But possibilities for authenticating a user in a web browser are limited and employing a username with a password is still de facto standard, disregarding open security or usability issues. Notwithstanding new developments on that subject, there is no sufficient alternative available. In this paper, we specify the requirements for a secure, easy-to-use, and third-party-independent authentication architecture. Moreover, we present KeyPocket, a user-centric approach aligned to these requirements with the help of the user’s smartphone. Subsequently, we present its state of implementation and discuss its individual capabilities and features.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Van Eimeren, B.: Always on - smartphone, tablet und co. als neue taktgeber im netz (ard/zdf). Media Perspektiven 7(2013), 386–390 (2013)

    Google Scholar 

  2. Adams, A., Sasse, M.A.: Users are not the enemy. Communications of the ACM 42(12), 40–46 (1999)

    Article  Google Scholar 

  3. Florencio, D., Herley, C.: A large-scale study of web password habits. In: Proceedings of the 16th International Conference on World Wide Web, pp. 657–666. ACM (2007)

    Google Scholar 

  4. Gaw, S., Felten, E.W.: Password management strategies for online accounts. In: Proceedings of the Second Symposium on Usable Privacy and Security, pp. 44–55. ACM (2006)

    Google Scholar 

  5. Morris, R., Thompson, K.: Password security: A case history. Communications of the ACM 22(11), 594–597 (1979)

    Article  Google Scholar 

  6. Parwani, T., Kholoussi, R., Karras, P.: How to hack into facebook without being a hacker. In: Proceedings of the 22nd International Conference on World Wide Web Companion, pp. 751–754. International World Wide Web Conferences Steering Committee (2013)

    Google Scholar 

  7. Bonneau, J., Herley, C., Van Oorschot, P.C., Stajano, F.: The quest to replace passwords: a framework for comparative evaluation of web authentication schemes. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 553–567. IEEE (2012)

    Google Scholar 

  8. Munro, K.: Android scraping: accessing personal data on mobile devices. Network Security 2014(11), 5–9 (2014)

    Article  Google Scholar 

  9. Android 5.0 Encryption 2015. https://source.android.com/devices/tech/security/encryption/ (accessed January 20, 2015)

  10. Heider, J., Boll, M.: iOS keychain weakness FAQ. Fraunhofer Institute for Secure Technology (2011)

    Google Scholar 

  11. Rescorla, E.: Rfc 2818: Http over tls. Internet Engineering Task Force (2000)

    Google Scholar 

  12. Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: X. 509 internet public key infrastructure online certificate status protocol. IETF RFC2560, June 1999

    Google Scholar 

  13. Georgiev, M., Iyengar, S., Jana, S., Anubhai, R., Boneh, D., Shmatikov, V.: The most dangerous code in the world: validating ssl certificates in non-browser software. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 38–49. ACM (2012)

    Google Scholar 

  14. Durumeric, Z., Kasten, J., Adrian, D., Halderman, J.A., Bailey, M., Li, F., Weaver, N., Amann, J., Beekman, J., Payer, M., et al.: The matter of heartbleed. In: Proceedings of the 2014 Conference on Internet Measurement Conference, pp. 475–488. ACM (2014)

    Google Scholar 

  15. Tsoutsos, N.G., Maniatakos, M.: Trust no one: thwarting “heartbleed” attacks using privacy-preserving computation. In: 2014 IEEE Computer Society Annual Symposium on VLSI (ISVLSI), pp. 59–64. IEEE (2014)

    Google Scholar 

  16. Callegati, F., Cerroni, W., Ramilli, M.: Man-in-the-middle attack to the https protocol. IEEE Security and Privacy 7(1), 78–81 (2009)

    Article  Google Scholar 

  17. Czeskis, A., Dietz, M., Kohno, T., Wallach, D., Balfanz, D.: Strengthening user authentication through opportunistic cryptographic identity assertions. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 404–414. ACM (2012)

    Google Scholar 

  18. Borchert, B.: Ekaay-smart login (2013). http://www.ekaay.com/

  19. eKaay Smart Login System (2015). http://www.ekaay.com/ (accessed January 14, 2015)

  20. Van Rijswijk, R.M., Van Dijk, J.: Tiqr: a novel take on two-factor authentication. In: LISA (2011)

    Google Scholar 

  21. Dodson, B., Sengupta, D., Boneh, D., Lam, M.S.: Snap2pass: Consumer-friendly challenge-response authentication with a phone. Stanford University (2010)

    Google Scholar 

  22. Galois QR Authentication (2015). http://galois.com/blog/2011/01/quick-authentication-using-mobile-devices-and-qr-codes/ (accessed January 19, 2015)

  23. Schieb, J.: Schieb. de Wissen—Das sichere Login: So haben Hacker keine Chance, vol. 1, pp. 42–44 (2014)

    Google Scholar 

  24. Click2Pass Handy statt Passwort (2015). http://www.click2pass.net/ (accessed January 14, 2015)

  25. Next Authentication and Authorization Plattform (2015). https://launchkey.com/platform/mobile/ (accessed January 14, 2015)

  26. Zapper (2015). https://www.zapper.com/about.php/ (accessed January 19, 2015)

  27. CLEF Secure Two Factor Login (2015). https://getclef.com/features/ (accessed January 19, 2015)

  28. Jones, M., Hardt, D.: The oauth 2.0 authorization framework: Bearer token usage. Technical report, RFC 6750, October 2012

    Google Scholar 

  29. OneID (2015). https://www.oneid.com/ (accessed September 03, 2015)

  30. KnockToUnlock (2015). http://www.knocktounlock.com/ (accessed September 03, 2015)

  31. BlueID (2015). https://www.blueid.net/ (accessed September 03, 2015)

  32. Asokan, N., Niemi, V., Nyberg, K.: Man-in-the-middle in tunnelled authentication protocols. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2003. LNCS, vol. 3364, pp. 28–41. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  33. Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 3–14. ACM (2011)

    Google Scholar 

  34. Hong, J.: The state of phishing attacks. Communications of the ACM 55(1), 74–81 (2012)

    Article  Google Scholar 

  35. Silver, D., Jana, S., Chen, E., Jackson, C., Boneh, D.: Password managers: attacks and defenses. In: Proceedings of the 23rd Usenix Security Symposium (2014)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Mobile and Distributed Systems Group, Ludwig-Maximilians-University, Oettingenstrasse 67, 80538, Munich, Germany

    André Ebert, Benno Rott & Martin Werner

  2. Virality GmbH, Rauchstrasse 7, 81679, Munich, Germany

    Chadly Marouane, Benno Rott & Martin Werner

Authors
  1. André Ebert
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chadly Marouane
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Benno Rott
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Martin Werner
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to André Ebert .

Editor information

Editors and Affiliations

  1. The University of Texas at Dallas, Richardson, Texas, USA

    Bhavani Thuraisingham

  2. Indiana University at Bloomington, Bloomington, Indiana, USA

    XiaoFeng Wang

  3. SRI International, Menlo Park, California, USA

    Vinod Yegneswaran

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Ebert, A., Marouane, C., Rott, B., Werner, M. (2015). KeyPocket - Improving Security and Usability for Provider Independent Login Architectures with Mobile Devices. In: Thuraisingham, B., Wang, X., Yegneswaran, V. (eds) Security and Privacy in Communication Networks. SecureComm 2015. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 164. Springer, Cham. https://doi.org/10.1007/978-3-319-28865-9_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-28865-9_3

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-28864-2

  • Online ISBN: 978-3-319-28865-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation