research-article

n-Auth: Mobile Authentication Done Right

Authors:

Juha HäikiöAuthors Info & Claims

ACSAC '17: Proceedings of the 33rd Annual Computer Security Applications Conference

Pages 1 - 15

https://doi.org/10.1145/3134600.3134613

Published: 04 December 2017 Publication History

Abstract

Weak security, excessive personal data collection for user profiling, and a poor user experience are just a few of the many problems that mobile authentication solutions suffer from. Despite being an interesting platform, mobile devices are still not being used to their full potential for authentication. n-Auth is a firm step in unlocking the full potential of mobile devices in authentication, by improving both security and usability whilst respecting the privacy of the user. Our focus is on the combined usage of several strong cryptographic techniques with secure HCI design principles to achieve a better user experience. We specified and built n-Auth, for which robust Android and iOS apps are openly available through the official stores.

References

[1]

Seb Aebischer, Claudio Dettoni, Graeme Jenkinson, Kat Krol, David Llewellyn-Jones, Toshiyuki Masui, and Frank Stajano. 2017. Pico in the Wild: Replacing Passwords, One Site at a Time. In 2nd European Workshop on Usable Security (EuroUSEC 2017).

[2]

Daniel J. Bernstein. 2006. Curve25519: New Diffie-Hellman Speed Records. In Public Key Cryptography (Lecture Notes in Computer Science), Moti Yung, Yevgeniy Dodis, Aggelos Kiayias, and Tal Malkin (Eds.), Vol. 3958. Springer, 207--228.

Digital Library

[3]

Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and Bo-Yin Yang. 2012. High-speed high-security signatures. Journal of Cryptographic Engineering 2, 2 (2012), 77--89.

[4]

Daniel J. Bernstein, Tanja Lange, and Peter Schwabe. 2012. The security impact of a new cryptographic library. In LatinCrypt (LNCS), Vol. 7533. Springer, 159--176.

Digital Library

[5]

Joseph Bonneau, Cormac Herley, Paul C. van Oorschot, and Frank Stajano. 2012. The Quest to Replace Passwords: a Framework for Comparative Evaluation of Web Authentication Schemes. In IEEE Symposium on Security and Privacy. IEEE Computer Society, 553--567.

Digital Library

[6]

Joseph Bonneau, Cormac Herley, Paul C. van Oorschot, and Frank Stajano. 2012. The Quest to Replace Passwords: a Framework for Comparative Evaluation of Web Authentication Schemes. Technical Report UCAM-CL-TR-817. University of Cambridge, Computer Laboratory. http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.pdf

[7]

SURFnet bv. 2010. tiqr. (2010). https://tiqr.org/

[8]

Ran Canetti and Hugo Krawczyk. 2002. Security Analysis of IKE's Signature-Based Key-Exchange Protocol. In Advances in Cryptology -- CRYPTO 2002. LNCS, Vol. 2442. Springer Berlin Heidelberg, 143--161.

Digital Library

[9]

Ben Dodson, Debangsu Sengupta, Dan Boneh, and Monica S Lam. 2010. Secure, consumer-friendly web authentication and payments with a phone. In International Conference on Mobile Computing, Applications, and Services. Springer, 17--38.

[10]

Steve Gibson. 2013. Secure Quick Reliable Login. (2013). https://www.grc.com/sqrl/sqrl.htm

[11]

Eiji Hayashi and Jason I Hong. 2015. Knock x knock: the design and evaluation of a unified authentication management system. In ACM International Joint Conference on Pervasive and Ubiquitous Computing. ACM, 379--389.

Digital Library

[12]

Charanjit S. Jutla. 2001. Encryption Modes with Almost Free Message Integrity. In Advances in Cryptology -- EUROCRYPT 2001 (LNCS), Vol. 2045. Springer, 529--544.

Digital Library

[13]

Yung-Wei Kao, Guo-Heng Luo, Hsien-Tang Lin, Yu-Kai Huang, and Shyan-Ming Yuan. 2011. Physical access control based on QR code. In International Conference on Cyber-enabled distributed computing and knowledge discovery. IEEE, 285--288.

Digital Library

[14]

Hugo Krawczyk. 2003. SIGMA: The 'SIGn-and-MAc' Approach to Authenticated Diffie-Hellman and Its Use in the IKE-Protocols. In Advances in Cryptology -- CRYPTO 2003 (LNCS), Vol. 2729. Springer, 400--425.

[15]

Rolf Lindemann, Eric Tiffany, Davit Baghdasaryan, Dirk Balfanz, Brad Hill, and Jeff Hod. 2017. FIDO Universal Authentication Framework Protocol. Version 1.1 id-20170202, FIDO Alliance, February (2017).

[16]

Rolf Molich and Jakob Nielsen. 1990. Improving a human-computer dialogue. Commun. ACM 33, 3 (1990), 338--348.

Digital Library

[17]

D. M'Raihi, J. Rydell, S. Bajaj, S. Machani, and D. Naccache. 2011. OCRA: OATH Challenge-Response Algorithm. RFC 6287. RFC Editor.

[18]

Bryan Parno, Cynthia Kuo, and Adrian Perrig. 2006. Phoolproof Phishing Prevention. Springer Berlin Heidelberg, 1--19.

Digital Library

[19]

Scott Ruoti, Brent Roberts, and Kent Seamons. 2015. Authentication Melee: A Usability Analysis of Seven Web Authentication Systems. In 24th International Conference on World Wide Web (WWW '15). International World Wide Web Conferences Steering Committee, 916--926.

Digital Library

[20]

J.H. Saltzer and M.D. Schroeder. 1975. The protection of Information in Computer Systems. Proc. IEEE 63, 9 (1975), 1278--1308.

[21]

Florian Schaub, Ruben Deyhle, and Michael Weber. 2012. Password Entry Usability and Shoulder Surfing Susceptibility on Different Smartphone Platforms. In 11th International Conference on Mobile and Ubiquitous Multimedia (MUM '12). ACM, Article 13, 10 pages.

Digital Library

[22]

Frank Stajano. 2011. Pico: No More Passwords!. In Security Protocols XIX - 19th International Workshop (LNCS), Vol. 7114. Springer, 49--81.

Digital Library

[23]

Frank Stajano, Bruce Christianson, T. Mark A. Lomas, Graeme Jenkinson, Jeunese Payne, Max Spencer, and Quentin Stafford-Fraser. 2015. Pico Without Public Keys. In Security Protocols XXIII - 23rd International Workshop (LNCS), Vol. 9379. Springer, 195--211.

Digital Library

[24]

Frank Stajano, Graeme Jenkinson, Jeunese Payne, Max Spencer, Quentin Stafford-Fraser, and Chris Warrington. 2014. Bootstrapping Adoption of the Pico Password Replacement System. In Security Protocols XXII - 22nd International Workshop (LNCS), Vol. 8809. Springer, 172--186.

[25]

Frank Stajano, Max Spencer, Graeme Jenkinson, and Quentin Stafford-Fraser. 2014. Password-Manager Friendly (PMF): Semantic Annotations to Improve the Effectiveness of Password Managers. In Technology and Practice of Passwords: International Conference on Passwords, PASSWORDS'14. Springer International Publishing, 61--73.

[26]

Guenther Starnberger, Lorenz Froihofer, and Karl M Göschka. 2009. QR-TAN: Secure mobile transaction authentication. In Availability, Reliability and Security, 2009. ARES'09. International Conference on. IEEE, 578--583.

[27]

Ka-Ping Yee. 2002. User Interaction Design for Secure Systems. In 4th International Conference on Information and Communications Security (ICICS '02) (Lecture Notes in Computer Science), Vol. 2513. Springer, 278--290.

Digital Library

[28]

B. Zhu, X. Fan, and G. Gong. 2014. Loxin: A solution to password-less universal login. In IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). 488--493.

Cited By

Laing TMarin ERyan MSchiffman JWattiau G(2022)Symbolon: Enabling Flexible Multi-device-based User Authentication2022 IEEE Conference on Dependable and Secure Computing (DSC)10.1109/DSC54232.2022.9888854(1-12)Online publication date: 22-Jun-2022
https://doi.org/10.1109/DSC54232.2022.9888854
Ruiz JSerral ESnoeck M(2020)Unifying Functional User Interface Design PrinciplesInternational Journal of Human–Computer Interaction10.1080/10447318.2020.180587637:1(47-67)Online publication date: 26-Aug-2020
https://doi.org/10.1080/10447318.2020.1805876
Han DChen YLi TZhang RZhang YHedgpeth TShorey RMurty RChen YJamieson K(2018)Proximity-ProofProceedings of the 24th Annual International Conference on Mobile Computing and Networking10.1145/3241539.3241574(401-415)Online publication date: 15-Oct-2018
https://dl.acm.org/doi/10.1145/3241539.3241574

n-Auth: Mobile Authentication Done Right
1. Security and privacy
  1. Security services

Recommendations

Auth+Track: Enabling Authentication Free Interaction on Smartphone by Continuous User Tracking
CHI '21: Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems

We propose Auth+Track, a novel authentication model that aims to reduce redundant authentication in everyday smartphone usage. By sparse authentication and continuous tracking of the user’s status, Auth+Track eliminates the “gap” authentication between ...
Wi-Auth: WiFi based Second Factor User Authentication
MobiQuitous 2017: Proceedings of the 14th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services

While second factor authentication (2FA) is now widely available, user adoption is still very low, as most of 2FA implementations require significant interaction from the user. In this paper, we present a novel 2FA system, called Wi-Auth that requires ...
QS-Auth: A Quantum-secure mutual authentication protocol based on PUF and Post-Quantum Signature for Heterogeneous Delay-Tolerant Networks
Abstract
Delay tolerant networks supporting heterogeneous communication are a promising network architecture solution that can meet today’s communication requirements involving nodes in space, terrestrial and water networks. These networks with dynamic ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ACSAC '17: Proceedings of the 33rd Annual Computer Security Applications Conference

December 2017

618 pages

ISBN:9781450353458

DOI:10.1145/3134600

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 December 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article
Research
Refereed limited

Conference

ACSAC 2017

ACSAC 2017: 2017 Annual Computer Security Applications Conference

December 4 - 8, 2017

FL, Orlando, USA

Acceptance Rates

Overall Acceptance Rate 104 of 497 submissions, 21%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
329
Total Downloads

Downloads (Last 12 months)13
Downloads (Last 6 weeks)0

Reflects downloads up to 24 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Laing TMarin ERyan MSchiffman JWattiau G(2022)Symbolon: Enabling Flexible Multi-device-based User Authentication2022 IEEE Conference on Dependable and Secure Computing (DSC)10.1109/DSC54232.2022.9888854(1-12)Online publication date: 22-Jun-2022
https://doi.org/10.1109/DSC54232.2022.9888854
Ruiz JSerral ESnoeck M(2020)Unifying Functional User Interface Design PrinciplesInternational Journal of Human–Computer Interaction10.1080/10447318.2020.180587637:1(47-67)Online publication date: 26-Aug-2020
https://doi.org/10.1080/10447318.2020.1805876
Han DChen YLi TZhang RZhang YHedgpeth TShorey RMurty RChen YJamieson K(2018)Proximity-ProofProceedings of the 24th Annual International Conference on Mobile Computing and Networking10.1145/3241539.3241574(401-415)Online publication date: 15-Oct-2018
https://dl.acm.org/doi/10.1145/3241539.3241574

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents