Authors : E. Mohan, Ramanathan and S. Uvaraj
Abstract: Mobile devices are becoming more pervasive and more advanced with respect to their processing power and memory size. Relying on the personalized and trusted nature of such devices, security features can be deployed on them in order to uniquely identify a user to a service provider. In this study, researchers present a strong authentication mechanism that exploits the use of mobile devices to provide a two aspect authentication system. The approach uses a combination of One-Time Passwords as the first authentication aspect and credentials stored on a mobile device as the second aspect to offer a strong and secure authentication approach. By adding an SMS-based mechanism is implemented as both a backup mechanism for retrieving the password and as a possible mean of synchronization. Researchers also present an analysis of the security and usability of this mechanism. The security protocol is analyzed against an adversary model; this evaluation proves that the method is safe against various attacks, most importantly key logging, shoulder surfing and phishing attacks. The simulation result evaluation shows that although, the technique does add a layer of indirectness that lessens usability; participants were willing to trade-off that usability for enhanced security once they became aware of the potential threats when using an untrusted computer.
E. Mohan, Ramanathan and S. Uvaraj, 2014. Two Aspect Authentication System Using Secure Mobile Devices. International Journal of Soft Computing, 9: 1-9.