A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)
Creators
- 1. Department of Computer Science, Arab American University, Jenin, Palestine
Description
Despite their proven security breaches, text passwords have been dominating all other methods of human authentication over the web for tens of years, however, the frequent successful attacks that exploit the passwords vulnerable model raises the need to enhance web authentication security. This paper proposes BMBAT; a new authentication technique to replace passwords, that leverages the pervasive user mobile devices, QR codes and the strength of symmetric and asymmetric cryptography. In BMBAT, the user’s mobile device acts as a user identity prover and a verifier for the server; it employs a challenge-response model with a dual mode of encryption using AES and RSA keys to mutually authenticate the client to the server and vice-versa. BMBAT combats a set of attack vectors including phishing attacks, man in the middle attacks, eavesdropping and session hijacking. A prototype of BMBAT has been developed and evaluated; the evaluation results show that BMBAT is a feasible and competitive alternative to passwords.
Files
8616ijnsa03.pdf
Files
(428.6 kB)
Name | Size | Download all |
---|---|---|
md5:c1928a4440973b263e4962e022c58071
|
428.6 kB | Preview Download |