Top

Published in:

2015 | OriginalPaper | Chapter

UAuth: A Strong Authentication Method from Personal Devices to Multi-accounts

Authors : Yazhe Wang, Mingming Hu, Chen Li

Published in: International Conference on Security and Privacy in Communication Networks

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

In this paper we present UAuth, a two-layer authentication framework that provides more security assurances than two-factor authentication while offering a simpler authentication experience. When authenticating, users first verified their static credentials (such as password, fingerprint, etc.) in the local layer, then submit the OTP-signed response generated by their device to the server to complete the server-layer authentication. We also propose the three-level account association mechanism, which completes the association of devices, users and services, establishing a mapping from a user’s device to the user’s accounts in the Internet. Users can easily gain access to different service via a single personal device. Our goal is to provide a quick and convenient SSO-like login process on the basis of security authentication. To meet the goal, we implement our UAuth, and evaluate our designs.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter GridMap: Enhanced Security in Cued-Recall Graphical Passwords

next chapter TPM-Based Authentication Mechanism for Apache Hadoop

SSL, GONE IN 30 SECONDS. https://media.blackhat.com/us-13/US-13-Prado-SSL-Gone-in-30-seconds-A-BREACH-beyond-CRIME-Slides.pdf

TOTP: Time-Based One-Time Password Algorithm. http://tools.ietf.org/html/rfc6238

The Domino Effect of the Password Leak at Gawker. http://voices.yahoo.com/the-domino-effectpassword-leak-gawker-10566853.html

Google 2-Step Verification. http://www.google.com/landing/2step/

FIDO Alliance. http://fidoalliance.org/

The YubiKey Manual. http://static.yubico.com/var/uploads/pdfs/YubiKey_Manual_2010-09-16.pdf

Millions of Adobe hack victims used horrible passwords. http://www.pcworld.com/article/2060825/123456:millions-of-adobe-hack-victims-used-horrible-passwords.html

The OAuth 2.0 Authorization Framework. http://tools.ietf.org/html/rfc6749

OpenID Authentication 2.0. http://openid.net/specs/openid-authentication-2_0.html

10.

Kelley, P.G., Komanduri, S., Mazurek, M.L., Shay, R., Vidas, T., Bauer, L., Christin, N., Cranor, L.F., Lopez, J.: Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms. In: IEEE Symposium on Security and Privacy, pp. 523–537 (2012)

11.

Bonneau, J., Herley, C., van Oorschot, P.C., Stajano, F.: The quest to replace passwords: a framework for comparative evaluation of web authentication schemes. Technical Report UCAM-CL-TR-817, University of Cambridge, Computer Laboratory (March 2012)

12.

Cheswick, W.: Rethinking passwords. Commun. ACM 56(2), 40–44 (2013)CrossRef

13.

Czeskis, A., Dietz, M., Kohno, T., Wallach, D., Balfanz, D.: Strengthening user authentication through opportunistic cryptographic identity assertions. In: Proceedings of the 2012 ACM CCS, pp. 404–414 (2012)

14.

Ives, B., Walsh, K.R., Schneider, H.: The domino effect of password reuse. Commun. ACM 47(4), 75–78 (2004)CrossRef

15.

Marforio, C., Karapanos, N., Soriente, C.: Smartphones as practical and secure location verification tokens for payments. In: NDSS 2014 (2014)

16.

Wimberly, H., Liebrock, L.M.: Using fingerprint authentication to reduce system security: an empirical study. In: 2011 IEEE Symposium on Security and Privacy (SP), pp. 32–46 (2011)

17.

Kontaxis, G., Athanasopoulos, E., Portokalidis, G., Keromytis, A.D.: SAuth: protecting user accounts from password database leaks. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, pp. 187–198 (2013)

Title: UAuth: A Strong Authentication Method from Personal Devices to Multi-accounts
Authors: Yazhe Wang
Mingming Hu
Chen Li
Publisher: Springer International Publishing
Book: International Conference on Security and Privacy in Communication Networks
Print ISBN: 978-3-319-23828-9

Electronic ISBN: 978-3-319-23829-6

Copyright Year: 2015
DOI: https://doi.org/10.1007/978-3-319-23829-6_7

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner