Integrating Authentication method on Java Based Mobile Devices
Zahid Iqbal2006
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
Strong authentication is the first pillar of trusted networks where identities can be securely shared and trusted across independent partners. This allows the identities to access the network and applications and share the resources. Now-a-days different strong authentication methods are in use some of them can be embedded in security devices such as tokens, smart cards etc. The intent of this paper is twofold: First we study the different authentication methods by keeping in view the Java ME security architecture, then on the basis of study we integrate the HOTP based two factor authentication method in more flexible mobile devices (such as cell phones, PDA) in a cost effective manner. For the illustration purpose, we use a case study of online banking system where users authenticate to the bank server through OTP generated from mobile device to access bank services.
Figures (7)
![A considerable number of research works is conducted on strong authentication methods. NTT Information Platform Sharing Laboratories is giving facility for authentication using multiple communication channels [3] as shown in figure 1. In this solution there is no mechanism to generate OTP directly. It also confront many issues such as device authentication, certificate supported mobile phones and usability (not all the mobile phones have camera to read barcode). Figure 1. Simple Challenge Response A uthentication using 2- Dimensional Barcode [3]](https://figures.academia-assets.com/84443972/figure_001.jpg)
Related papers
Strong Authentication Protocol based on Java Crypto Chip as a Secure Element
Advances in Science, Technology and Engineering Systems Journal, 2016
Smart electronic devices and gadgets and their applications are becoming more and more popular. Most of those devices and their applications handle personal, financial, medical and other sensitive data that require security and privacy protection. In this paper we describe one aspect of such protection-user authentication protocol based on the use of X.509 certificates. The system uses Public Key Infrastructure (PKI), challenge/response protocol, mobile proxy servers, and Java cards with crypto capabilities used as a Secure Element. Innovative design of the protocol, its implementation, and evaluation results are described. In addition to end-user authentication, the described solution also supports the use of X.509 certificates for additional security services-confidentiality, integrity, and non-repudiation of transactions and data in an open network environment. The system uses Application Programming Interfaces (APIs) to access Java cards functions and credentials that can be used as add-ons to enhance any mobile application with security features and services.
Development and implementation of authenticated multi-user mobile Java applications
2009 Wireless Telecommunications Symposium, 2009
Across the globe mobile devices are a facet of everyday life. The technology that is encapsulated within these units is accelerating at a phenomenal rate. The addition of a wide range of network connectivity, from InfraRed (IR) to Wireless Local Area Network (WLAN) and more predominantly Bluetooth, has increased the scope of the applications that can be developed and utilised within this market. The demands of ever evolving technology within mobile phones places large burdens on developers to deploy applications to market at an equal rate. Previous pieces of research have highlighted the benefits of utilising a framework in the development of applications. Through the use of Iterative modeling and software prototypes this paper presents an application framework to reduce the complexity and knowledge base necessary to construct a Bluetooth multiuser application. To reduce hardware dependency the framework has been developed on Java 2 Platform, Micro Edition (J2ME). It is also identified that Bluetooth technology within resource restricted devices is prone to security issues. The issues surrounding human interaction in device authentication are addressed by this paper through the addition of an automated Diffie-Hellman key exchange authentication connection process.
IRJET- Multi-factor Authentication for Bank Using Mobile Phones
IRJET, 2021
As computing becomes dominant and more intensive, people depend on public computers to do transactions and business over the World Wide Web. Due to the penetration of technology, Internet has become the environment of choice for a variety of services via electronic means: ebusiness, e-commerce, e-banking, e-voting etc. Financial institutions and organizations providing Internet based products and services to their customers and end users should use effective and secure methods to authenticate the identity of customers using those products and services. Multi-factor authentication provides improved level of security and delivers an authentication assurance for sensitive transactions. Traditional method of generating and delivering OTP (One Time Passwords) messages are generally relayed via SMS channel. Depending on the area of operation and provider, international roaming, SMS costs and delays put restrictions on this existing system. Our projected system presents a multifactor authentication procedure in which a user's device produces an OTP from an initial seed consisting of unique parameters. This proposed system overcomes the restrictions by the SMS system.
Two Way Mobile Authentication Security Mechanisms for an Enterprise System
Over a decade and more importantly since the advent of Internet technology, security issue has become a thing of great necessity to protect an enterprise data. This has culminated as a result of an increase in cybercrime by hackers thereby bridging the confidentiality and data integrity gap of an enterprise. Therefore to prevent an unauthorized user access by the intruders/hackers into a personalized data or information, there is need for a stronger mode of user's authentication that goes beyond the usual ID and password authentication mode which is regarded as the One-way authentication system. This paper however illustrates and describes a two-way mobile authentication factor as an improvement over the traditional one way authentication factor. Our proposed system requires both the Web and a GPRS connection for its online authentication via the designed web based interface and gets a randomly generated OTP via short message service on his mobile phone, which he must then type-in to be granted access to the system and access the available resources.
Effective Authentication Mechanisms for Mobile Devices :Smartcard(SMCA,BSCA)
2011
This is an era of mobile communications and computing where mobiles are being used in place of traditional computers. Mobile devices are small, handy devices that can be carried around by the user very easily. A user holding the mobile device will have access to the information even at the places where no internet terminal is available. Due to this reason, they are heavily being used in the business environment in managing application, e-mail correspondence, accessing the remote corporate data, handling voice calls, etc. But the mobile devices are still lack-in most important security features such as user authentication, content encryption, virus protection, confidentiality, integrity, etc. The sensitive information stored in the mobile devices is not secure (can be accessed by an unauthorized user). Mobile device poses limited storage and processing power, and the low battery-power. It is also tedious to implement the cryptographic algorithms on mobile devices because they need he...
OSAP: Online Smartphone’s User Authentication Protocol
2017
Internet services have become an essential part of our daily activities. Due to rapid technical progress mobile web browsing has become a reality now. User authentication is a vital component in most systems that need to assure security of services and data. A weak authentication mechanism enables hackers to steal user information or bypass authentication. In some services, such as online banking, strong authentication is needed to protect the service provider as well as the users of the services. In this research paper, a user authentication scheme for mobile devices has been proposed for Smartphone applications. The results clearly indicate that the proposed authentication scheme provide protection from attacks such as man-in-the-middle attack, shoulder surfing attack, dictionary attack, spoofing and manipulation. It also overcomes the drawbacks of internet banking authentication system and WhatsApp such as PIN eavesdropping and time synchronization. Also it authenticates the user...
Enhanced Mutual Authentication System in Mobile Cloud Environments
International Journal of Engineering & Technology
Security is one of the significant worries of all associations which utilizes online methods for interchanges particularly banks. Of this, customer side is most defenseless against hacking, as the framework can't be totally shut when use over web by a typical customer is to be permitted. Most frameworks utilize a static password– based verification strategy which is anything but difficult to hack. There are different other validation strategies existing like cards, biometric recognizable proof, and so on. These strategies give better security, however are not material to online customer correspondence as these techniques require extraordinary gadgets for their usage. One conceivable technique for applying an upgraded factor of verification for online access to the framework is a dynamic secret word. In this venture we can plan the validation framework in light of key age, confirmation age and OTP based framework. The keys are created progressively utilizing Mobile IMEI number an...
A Provably Secure Android-Based Mobile Banking Protocol
International Journal of Security and Its Applications, 2017
The rising vogue of smart phones and tablets has led users to complete their daily works (such as M-Banking) with these devices. Therefore, mobile banking needs to become more proper, reliable, effective; and secure. Security is the most crucial requirement in mobile banking, since all the communications are via unsecure networks such as the Internet. Providing main security services; Confidentiality, Integrity, and Authentication (CIA) between any two communicating parties must be ensured and guaranteed. Many vulnerabilities may make Users' confidential information vulnerable to risks. These vulnerabilities can take different shapes, such as fixed values-based security techniques, one factor authentication, separate hard token-based authentication, hardware thievery, and Android OS based attacks. This paper proposes a new secure scheme for mobile banking applications to overcome these risks. Then, the proposed scheme is analyzed, and compared to the most powered approaches. Finally, performance key identifiers are assessed and validated.
An Overview on Authentication Approaches and Their Usability in Conjunction with Internet and Mobile Applications
The usage of sensitive online services and applications such as online banking, e-commerce etc is increasing day by day. These technologies have tremendously improved making our daily life easier. However, these developments have been accompanied by E-piracy where attackers try to get access to services illegally. As sensitive information flow through Internet, they need support for security properties such as authentication, authorization, data confidentiality. Perhaps static password (User ID & password) is the most common and widely accepted authentication method. Online applications need strong password such as a combination of alphanumeric with special characters. In general, having one password for a single service may be easy to remember, but controlling many passwords for different services poses a tedious task on users online applications . Usually users try to use same password for different services or make slight changes in the password which can be easy for attacker to guess adding increased security threat. In order to overcome this, stronger authentication solutions need to be suggested and adapted for services based network.
Online Authentication Using Smart-Card Technology in Mobile Phone Infrastructure
2011
The widespread of Internet usage has resulted in a greater number and variety of applications involving different types of private information. In order to diminish privacy concerns and strengthen user trust, security improvements in terms of authentication are necessary. The solutions need to be convenient, entailing ease of use and higher mobility. The suggested approach is to make use of the already popular mobile phone and to involve the mobile network, benefiting from Subscriber Identity Module (SIM) card's tamper resistance to become trusted entities guarding personal information and identifying users. Mobile phone's SIM card is convenient for safely storing security parameters essential for secured communication. It becomes secure entity compulsory for getting access to privacy sensitive Internet applications, like those involving money transfers. Utilizing the NFC interface passes the personal user keys only when needed, giving additional strength to the traditional public key cryptography approach in terms of security and portability.
Authorization and Authentication in Mobile Devices
International Journal for Research in Applied Science & Engineering Technology (IJRASET), 2022
With the rapid evolution of the wireless communication technology, user authorization and authentication is important in order to ensure the security of the wireless communication technology. Password play an important role in the process of authentication. In the process of authentication, the password enter by the user will be transmitted along the traffic to the authentication server in order to allow the server to grant access to the authorized user. The attackers will use the chance to attempt sniff others person password in order to perform some illegal activities by using others person password in order to perform some illegal activities by using others identitity to keep them safe from trouble. Due to the issues, there are many solutions has been proposed to improve the security of wireless communication technology. In this paper. The previously proposed solution will be used to enhance the security of the system.. For mobile apps , we need to make a clear distinction between user authentication and app authentication. User authentication is about how users prove that they are the legitimate apps users. App authentication covers how the app authenticates towards the backend. Sometimes device authentication also mentioned, is accessible to all apps running on your phone and generally easy to spoofs.
Two Way Mobile Authentication System
2010
The ever increasing use of internet around the world has without doubt increased the usage of internet based services, e-business models, easier ways of communication and information sharing. Such drastic increase in usage of network based systems has made the current cyber security systems old dated as the hackers and attackers of networked systems is on the rise with new and modern attack methodologies. This has necessitated the need of more secure ways of communications. The issues of Confidentiality, Integrity and the Availability of systems are of prime importance and more research towards these issues has been called for around the world. One of the major areas of security improvement is the way in which authentication of users is carried out. Even though many organizations still rely on static ID and password authentication system, this method is getting old and there is a requirement for a better way of authentication which is required. One of the solutions for this issue is...
Multi Factor Authentication Using Mobile Phones
2009
This paper describes a method of implementing two factor authentication using mobile phones. The proposed method guarantees that authenticating to services, such as online banking or ATM machines, is done in a very secure manner. The proposed system involves using a mobile phone as a software token for One Time Password generation. The generated One Time Password is valid for only a short user-defined period of time and is generated by factors that are unique to both, the user and the mobile device itself. Additionally, an SMSbased mechanism is implemented as both a backup mechanism for retrieving the password and as a possible mean of synchronization. The proposed method has been implemented and tested. Initial results show the success of the proposed method.
MOBILE BASED SECURE AUTHENTICATION USING TLS AND OFFLINE OTP
Data sharing and storing over the cloud network using internet becoming a movement. Need for securing the data over the internet is increasing. Use of smart phone has increased. People like to exchange data over the internet using smart phones. Smartphone based web applications are developed to provide ease to the users. Hacking the web application servers is also complicated as compared to getting access to the user system in parliamentary procedure to steal data. Hence, attacks normally happen at the user terminal. The major goal of net security is to prevent unauthorized access to data and resources. Various cryptographic techniques are applied by clients and servers to keep the confidentiality of data [1]. Authentication is the heart of every security model. It is the process to confirm the user's identity (or a machine), attempting to gain access to a system or resource. Password based authentication is the most often utilized and trusted authentication mechanism. User needs to insert the required login credentials (username and password), to acquire access to a resource or computer, the supplied credentials are then matched against a database which contains the list of all authorized users and their passwords. Many advances have been suggested for proper strategies of securing and using passwords [1][2]. The user is suggested to maintain strong passwords, however number of problems persists in password based authentication mechanism.
Security Vulnerabilities of Popular Multifactor Authentication Methods and a Remedy
Journal of Network and Information Security, 2023
Authentication is of paramount importance for online services. Many online services are still using password as single authentication method, but this is not considered secure any more. Many others have switched to multifactor authentication mechanism. Nowadays many online service providers use One-time Password (OTP) as a supplementary authentication method to verify identity of the user. There are two major methods to generate OTPs: Time-based One-time Password (TOTP) and HMAC-based One-time Password (HOTP). We notice that there are several limitations or weaknesses with both. In this work, we first show some security vulnerabilities of TOTP and HOTP, then we present security improvement methods. We analyze and discuss the security features of proposed solution. The solution is generic to all platforms and operating systems, and our analysis demonstrates that it addresses security vulnerabilities of them.
Two aspect authentication system using secure mobile devices
International Journal of Wireless Communications and Mobile Computing, 2013
Mobile devices are becoming more pervasive and more advanced with respect to their processing power and memory size. Relying on the personalized and trusted nature of such devices, security features can be deployed on them in order to uniquely identify a user to a service provider. In this paper, we present a strong authentication mechanism that exploits the use of mobile devices to provide a two-aspect authentication system. Our approach uses a combination of onetime passwords, as the first authentication aspect, and credentials stored on a mobile device, as the second aspect, to offer a strong and secure authentication approach. By Adding an SMS-based mechanism is implemented as both a backup mechanism for retrieving the password and as a possible mean of synchronization. We also present an analysis of the security and usability of this mechanism. The security protocol is analyzed against an adversary model; this evaluation proves that our method is safe against various attacks, most importantly key logging, shoulder surfing, and phishing attacks. Our simulation result evaluation shows that, although our technique does add a layer of indirectness that lessens usability; participants were willing to trade-off that usability for enhanced security once they became aware of the potential threats when using an untrusted computer.
MULTI-TIMES MUTUAL AUTHENTICATION SCHEME FOR MOBILE USERRS
Mobile Cloud Computing is the merge of obscure compute, mobile computing and wireless network to suggest rich computational property to mobile customers, arrange administrators, and in adding cloud computing suppliers. A perfect purpose of M-CC is to authorize implementation of rich mobile applications on an abundance of mobile gadgets, with a rich customer encounter. Mobile Computing is a novelty that permit broadcast of in order, tone and record through earnings of a P-C or a number of additional wireless empower thing amajig with no organism connected by a complete physical link. In this document, we mean to suggest one more controlling strange ordinary authentication contrive for mobile cloud situation. In this project, together the mobile customers and cloud advantage require expressing their legality and at the selected time it assists the approved mobile cloud customer by means of enjoying period all the ubiquitous organizations in a secluded and valuable method, where the opinion of 'n' may distinction in sight of the main the user has paid for. The safety of the anticipated plot is carefully analyzed using both official and in count in formal safety research.
Design, Formal Specification and Analysis of Multi-Factor Authentication Solutions with a Single Sign-On Experience
2018
Over the last few years, there has been an almost exponential increase of the number of mobile applications that deal with sensitive data, such as applications for e-commerce or health. When dealing with sensitive data, classical authentication solutions based on username-password pairs are not enough, and multi-factor authentication solutions that combine two or more authentication elements of different categories are required. Many different such solutions are available, but they usually cover the scenario of a user accessing web applications on their laptops, whereas in this paper we focus on native mobile applications. This changes the exploitable attack surface and thus requires a specific analysis. In this paper, we present the design, the formal specification and the security analysis of a solution that allows users to access different mobile applications through a multi-factor authentication solution providing a Single Sign-On experience. The formal and automated analysis th...
Secure Scheme For User Authentication And Authorization In Android Environment
Providing ultimate security in sensitive transaction and communication of online premium application is still a question mark of standardization in the area of networking and security. It has been seen that currently majority of the authentication and authorization techniques are usually designed on the top of One Time Password on user trusted hand held device. However, due to various lethal threats on mobile security systems, it can be said that existing security is not sufficient. Keeping in viewpoint of security on effective authentication and authorization, this paper proposes a technique that exponentially minimizes the operational cost by using secure hash algorithms that has the potential to generate mobile-based One Time Passwords (OTPs) scheme on Android environment ensuring enhanced protection with respect to password security. Experimented on java platform, the implementation techniques discussed in the paper are found to be very robust
Computing and Information Systems]: Security and Protection – Authentication
2008
Short Message Service (SMS) has grown in popularity over the years and it has become a common way of communication. SMS is usually used to transport unclassified information, but with the rise of mobile commerce it has become a popular tool for transmitting sensitive information between the business and its clients. By default SMS does not guarantee confidentiality and integrity to the message content. Therefore SMS is not totally secure and reliable. This affects the Wireless Messaging API (WMA)- an optional package for Java 2 Micro Edition that enables SMS messaging on Java-enabled cellular phones. This paper proposes a protocol that can be used to secure a SMS connection between a WMA client and SMS-based server.
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.