Info: Zenodo’s user support line is staffed on regular business days between Dec 23 and Jan 5. Response times may be slightly longer than normal.

Published November 30, 2016 | Version v1
Journal article Open

A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)

  • 1. Department of Computer Science, Arab American University, Jenin, Palestine

Description

Despite their proven security breaches, text passwords have been dominating all other methods of human authentication over the web for tens of years, however, the frequent successful attacks that exploit the passwords vulnerable model raises the need to enhance web authentication security. This paper proposes BMBAT; a new authentication technique to replace passwords, that leverages the pervasive user mobile devices, QR codes and the strength of symmetric and asymmetric cryptography. In BMBAT, the user’s mobile device acts as a user identity prover and a verifier for the server; it employs a challenge-response model with a dual mode of encryption using AES and RSA keys to mutually authenticate the client to the server and vice-versa. BMBAT combats a set of attack vectors including phishing attacks, man in the middle attacks, eavesdropping and session hijacking. A prototype of BMBAT has been developed and evaluated; the evaluation results show that BMBAT is a feasible and competitive alternative to passwords.

Files

8616ijnsa03.pdf

Files (428.6 kB)

Name Size Download all
md5:c1928a4440973b263e4962e022c58071
428.6 kB Preview Download