Abstract
In this paper two mobile website authentication schemes are proposed. The first enables authentication credentials (username and password) to be stored and retrieved securely from a mobile handset, and requires no changes to existing websites. The second scheme, which may optionally be used with the first, utilises a one-time password and is intended for applications requiring an enhanced level of authentication, e.g. financial services. Both authentication schemes use a Java SIM and ubiquitous mobile phone; with its familiar and convenient form factor and high user acceptance. Both schemes also provide protection against online phishing attacks.
Chapter PDF
Similar content being viewed by others
References
Adams, A., Sasse, M.A.: Users are not the enemy. Commun. ACM 42(12), 40–46 (1999)
Sophos: at risk as one third of surfers admit they use the same password for all websites, http://www.sophos.com/pressoffice/news/articles/2009/03/password-security.html
Ives, B., Walsh, K.R., Schneider, H.: The domino effect of password reuse. Commun. ACM 47(4), 75–78 (2004)
Hart, J., Markantonakis, K., Mayes, K.: Website credential storage and two-factor web authentication with a Java SIM. Cryptology ePrint Archive, Report 2010 (2010)
Wu, M., Garfinkel, S., Miller, R.: Secure web authentication with mobile phones. In: DIMACS Workshop on Usable Privacy and Security Software (2004)
Gouda, M.G., Liu, A.X., Leung, L.M., Alam, M.A.: SPP: An anti-phishing single password protocol. Comput. Netw. 51(13), 3715–3726 (2007)
Mannan, M., van Oorschot, P.C.: Using a personal device to strengthen password authentication from an untrusted computer. In: Financial Cryptography, pp. 88–103 (2007)
Florêncio, D., Herley, C.: One-time password access to any server without changing the server. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 401–420. Springer, Heidelberg (2008)
3GPP: Specification of the SIM Application Toolkit (SAT) for the Subscriber Identity Module - Mobile Equipment (SIM-ME) interface. TS 11.14, 3rd Generation Partnership Project (3GPP) (2007)
3GPP: Subscriber Identity Module Application Programming Interface (SIM API) for Java Card. TS 03.19, 3rd Generation Partnership Project (3GPP) (2002)
3GPP (U)SIM Application Programming Interface (API); (U)SIM API for Java Card. TS 31.130, 3rd Generation Partnership Project (3GPP) (2009)
Guthery, S.B., Cronin, M.: Mobile Application Development with SMS and the SIM Toolkit. McGraw-Hill Professional, New York (2001)
3GPP: Security mechanisms for SIM application toolkit; Stage 2. TS 03.48, 3rd Generation Partnership Project (3GPP) (2005)
Ecrypt II: (Report on key sizes), http://www.keylength.com/en/3/
Gemalto NV: (Gemalto Developer Suite), http://www.gemalto.com
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 IFIP International Federation for Information Processing
About this paper
Cite this paper
Hart, J., Markantonakis, K., Mayes, K. (2010). Website Credential Storage and Two-Factor Web Authentication with a Java SIM. In: Samarati, P., Tunstall, M., Posegga, J., Markantonakis, K., Sauveron, D. (eds) Information Security Theory and Practices. Security and Privacy of Pervasive Systems and Smart Devices. WISTP 2010. Lecture Notes in Computer Science, vol 6033. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-12368-9_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-12368-9_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-12367-2
Online ISBN: 978-3-642-12368-9
eBook Packages: Computer ScienceComputer Science (R0)