02-07-2012, 11:50 AM
Im silpa salim,3'rd year student of B.Tech Computer Science and Engineering. Please send me the ppt for token based authentication using mobile phone..
02-07-2012, 11:50 AM
Im silpa salim,3'rd year student of B.Tech Computer Science and Engineering. Please send me the ppt for token based authentication using mobile phone..
20-09-2012, 02:46 PM
Token Based Authentication using Mobile Phone
Token Based Authentication.pdf (Size: 219.72 KB / Downloads: 40) Abstract: Digital identity is the key representation of user and getting most crucial subject for information security. The password based authentication is weak solution and no longer adequate. User select static password which is easy to guess and remember, relevant information or common for all authentication process. This simplicity makes weak authentication scheme; as so far, static passwords are known as easiest target for attackers. Further, Security Token based runtime interaction could extend the strength of authentication control. Security tokens can be used for strong authentication but inconvenient for user and costly for the service providers. To avoid the user inconvenient and extra cost mobile phone is an emerging alternative. These papers comprise the study of various digital identification schemes and give motivation to integrate mobile token. In order to establish standard for mobile token, work starts with the review of current schemes and explores the security architecture for strong authentication with mobile token. Password algorithm is derived to generate dynamic password for token authentication. Thereafter explore various authentication mechanisms to implement mobile token on different prospective. At the end, it describes the various test cases and evolutionary result of various attacks on suggested schemes. INTRODUCTION The enrichment of Internet, business solutions, online services, government portals, social networking sites, information portals are replacing the traditional way of working and the communication. Authentication helps to establish proof of identity. These are the way to prove that, the user, trying to access the account is authentic. [1] Most of the solutions comprise personal details, operational credits, certified information or services, which requisite digital identification for making proof of authenticity. Today, three universally recognized philosophy are used for digital identification: what we know (i.e. password), what we have (i.e. Tokens and cards) and universal identity (i.e. Biometric characteristics). In order to extend authentication strength and make work more flexible and strong, recent work has been done on the field of virtual identification approach (i.e. virtual token). These virtual tokens not only help to reduce extra cost but also overcome the problem of remembrance and keeping the token. BACKGROUND The concept of security is not only important but mandatory to the success of digital solution. There is no clear definition for strong authentication. Strong authentication is an approach to extend security level and try to achieve security requirement. [5] Security is not only meant for buying, exchanging or selling products or services but also important to maintain decency of information and system. It is also important to establish network and communication between PCs, servers, application and mobiles phones. Identification and authorization is the key requirement of security[8]. Currently, solutions rely on “static password” to establish trust and verify user authenticity. [1] User chooses password, which is easy to guess and remember, relevant information or common for all authentication process. Sometime user derive password from what they have in there mind. Strong password (i.e. @my$sit13*) is tiresome to remember and demands hard time to handle it. People like to store passwords into diary or take common password for all; these are susceptible for password leek. Weak authentication scheme may cause to exploit access level vulnerability and liable for information leek. Furthermore, Attack methods are generally unique to the targeted application or system, and common techniques can be used. Attacker have multiple option to steel passwords like spoofing, surfing, eavesdropping, brute forcing , predicting, profile study and many more. These study conclude that, work demand an interactive security process which should be variant in each identification. SMS Based Dynamic Password: In this approach user send user id and 4 digit static passwords to the server to retrieve dynamic password. Server verifies the request as of user details and forwards it to password algorithm for generation of dynamic password. By helping static password, password algorithm generates a unique dynamic password for individual user. Thereafter, system stores it to VPR with user id for current session and sends it to user via SMS. Now, user has to submit this dynamic password with user id to gain application access. System verify requested password with stored one and redirect to main application access. Because VPR store dynamic password for verification, may be vulnerable for replay attack. To overcome it, we purposed a session time but VPR is updating in every instance of minute, we decide to make session time for every entry. The VPR session time out is 3 minutes and on every minute system run updating service which deletes the outdated value from VPR. In simple words, complete life of dynamic password is 3 minutes. SIM Based Authentication: It is a scheme where both dynamic password request and response done through SMS. This proposed mechanism use IMSI number, which are unique to each mobile phone and use to identify the device. IMSI number is stored into SIM card inserted into mobile phone. This number is also stored into server database with user details In order to gain application access, user sends 4 digit static passwords with registered SIM to the application server via SMS. Thereafter, server detect its IMSI number and retrieve static password from contain. Now, server detects the existence of IMSI number in user details and forwards the static password to password algorithm. Thereafter, password algorithm return 24 bits dynamic password to application server, which store into VPR and send it to requested SIM via SMS. Now, user gives user id and dynamic password and gain application access. CONCLUSION Security is the mandatory key element to get success of any digital solution. Authentication is the way to prove that; the user, trying to access the account is authentic? This paper explores the possibilities to use of mobile phone instead of security tokens for strong authentication. Static password is no longer secure and easily vulnerable for attackers. Security token can be easily extending the authentication strength but extra cost, single use and server synchronization become most shortcoming issues. Further, hardware token is given to each user for the respective account which increases the number of carried tokens and the cost. |
|