000000163 001__ 163
000000163 005__ 20130522141946.0
000000163 037__ $$aLERSSE-REPORT-2008-027
000000163 041__ $$aeng
000000163 100__ $$aNima Kaviani
000000163 100__ $$aKirstie Hawkey
000000163 100__ $$aKonstantin Beznosov
000000163 245__ $$aA Two-factor Authentication Mechanism Using Mobile Phones
000000163 260__ $$c2008-08-20
000000163 300__ $$a27p
000000163 520__ $$aMobile devices are becoming more pervasive and more advanced with respect to their processing power and memory size. Relying on the personalized and trusted nature of such devices, security features can be deployed on them in order to uniquely identify a user to a service provider. In this paper, we present a strong authentication mechanism that exploits the use of mobile devices to provide a two-factor authentication method. Our approach uses a combination of one-time passwords, as the first authentication factor, and credentials stored on a mobile device, as the second factor, to offer a strong and secure authentication approach. We also present an analysis of the security and usability of this mechanism. The security protocol is analyzed against an adversary model; this evaluation proves that our method is safe against various attacks, most importantly key logging, shoulder surfing, and phishing attacks. Our usability evaluation shows that, although our technique does add a layer of indirectness that lessens usability, participants were willing to tradeoff that usability for enhanced security once they became aware of the potential threats when using an untrusted computer.
000000163 6531_ $$aTwo-factor Authentication
000000163 8560_ $$fsantsais@ece.ubc.ca
000000163 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/163/files/163.pdf$$yTransfer from CDS 0.99.7
000000163 909C4 $$pNima Kaviani and Kirstie Hawkey and Konstantin Beznosov, "A Two-factor Authentication Mechanism Using Mobile Phones," Tech. Rep. LERSSE-TR-2008-03, Laboratory for Education and Research in Secure Systems Engineering, University of British Columbia, August 2008
000000163 980__ $$aREPORT
guest ::