Abstract
Strong authentication for online service access typically requires some kind of hardware device for generating dynamic access credentials that are often used in combination with static passwords. This practice have the side effect that users fill up their pockets with more and more devices and their heads with more and more passwords. This situation becomes increasinlgy difficult to manage which in turn degrades the usability of online services. In order to cope with this situation users often adopt insecure ad hoc practices that enable them to practically manage their different identities and credentials. This paper explores how one single device can be used for authentication of user to service providers and server to users, as well as provide a range of other security services.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Alzomai, M., Alfayyadh, B., Jøsang, A.: Display Security for Online Transactions. In: The 5th International Conference for Internet Technology and Secured Transactions, ICITST 2010 (2010)
Arends, R., et al.: Protocol Modifications for the DNS Security Extensions. RFC 4035 (Proposed Standard). Updated by RFCs 4470, 6014. Internet Engineering Task Force (March 2005), http://www.ietf.org/rfc/rfc4035.txt
Arends, R., et al.: Resource Records for the DNS Security Extensions. RFC 4034 (Proposed Standard). Updated by RFCs 4470, 6014. Internet Engineering Task Force (March 2005), http://www.ietf.org/rfc/rfc4034.txt
Baker, N.: ZigBee and Bluetooth strengths and weaknesses for industrial applications. Computing Control Engineering Journal 16(2), 20–25 (2005)
Diffie, W., Hellman, M.: New directions in cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)
Ferdous, M.S., Jøsang, A., Singh, K., Borgaonkar, R.: Security Usability of Petname Systems. In: Jøsang, A., Maseng, T., Knapskog, S.J. (eds.) NordSec 2009. LNCS, vol. 5838, pp. 44–59. Springer, Heidelberg (2009)
Ferdous, M.S., Jøsang, A.: Entity Authentication & Trust Validation in PKI using Petname Systems. In: Elçi, A., et al. (eds.) Theory and Practice of Cryptography Solutions for Secure Information Systems (CRYPSIS). IGI Global (2013) ISBN: 9781466640306
Franks, J., et al.: HTTP Authentication: Basic and Digest Access Authentication. RFC 2617 (Draft Standard). Internet Engineering Task Force (June 1999), http://www.ietf.org/rfc/rfc2617.txt
Hoffman, P., Schlyter, J.: The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA. RFC 6698 Proposed Standard. Internet Engineering Task Force (August 2012), http://www.ietf.org/rfc/rfc6698.txt
Identification cards - Integrated circuit cards - Part 4: Organization, security and commands for interchange. Norm (2005), http://www.iso.org/iso/iso_catalogue_catalogue_tc/catalogue_detail.htm?csnumber=36134 (visited on April 01, 2013)
ISO. Information technology – Telecommunications and information exchange between systems – Near Field Communication – Interface and Protocol (NFCIP-1). ISO 18092. International Organization for Standardization, Geneva, Switzerland (2004)
Jøsang, A., et al.: Service provider authentication assurance. In: 2012 Tenth Annual International Conference on Privacy, Security and Trust (PST), pp. 203–210 (2012)
Jøsang, A.: Trust Extortion on the Internet. In: Meadows, C., Fernandez-Gago, C. (eds.) STM 2011. LNCS, vol. 7170, pp. 6–21. Springer, Heidelberg (2012)
Jøsang, A., Pope, S.: User Centric Identity Management. In: AusCERT Conference 2005 (2005)
Inc. Juniper Networks. Juniper Mobile Threat Report 2011. Tech. rep. Juniper Networks, Inc. (2011)
Klevjer, H., Varmedal, K.A., Jøsang, A.: Extended HTTP Digest Access Authentication. In: Fischer-Hübner, S., de Leeuw, E., Mitchell, C. (eds.) IDMAN 2013. IFIP AICT, vol. 396, pp. 83–96. Springer, Heidelberg (2013)
Laurie, B., Singer, A.: Choose the red pill and the blue pill: a position paper. In: Proceedings of the 2008 Workshop on New Security Paradigms, pp. 127–133. ACM (2009)
Jøsang, A., AlZomai, M., AlFayyadh, B., McCullagh, A.: An Experimental Investigation of the Usability of Transaction Authorization in Online Bank Security Systems. In: Proceedings of the Australasian Information Security Conference (AISC 2008), vol. 81, Wollongong, Australia (2008)
M’Raihi, D., et al.: HOTP: An HMAC-Based One-Time Password Algorithm. RFC 4226 (Informational). Internet Engineering Task Force (December 2005), http://www.ietf.org/rfc/rfc4226.txt
M’Raihi, D., et al.: TOTP: Time-Based One-Time Password Algorithm. RFC 6238 (Informational). Internet Engineering Task Force (May 2011), http://www.ietf.org/rfc/rfc6238.txt
Stajano, F.: Pico: No More Passwords! In: Christianson, B., Crispo, B., Malcolm, J., Stajano, F. (eds.) Security Protocols 2011. LNCS, vol. 7114, pp. 49–81. Springer, Heidelberg (2011)
Stiegler, M.: An Introduction to Petname Systems (2005), http://www.skyhunter.com/marcs/petnames/IntroPetNames.html (visited on December 04, 2012)
TazTag. Mobility Products, http://taztag.com/index.php?option=com_content&view=article&id=104 (visited on November 20, 2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Varmedal, K.A., Klevjer, H., Hovlandsvåg, J., Jøsang, A., Vincent, J., Miralabé, L. (2013). The OffPAD: Requirements and Usage. In: Lopez, J., Huang, X., Sandhu, R. (eds) Network and System Security. NSS 2013. Lecture Notes in Computer Science, vol 7873. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38631-2_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-38631-2_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38630-5
Online ISBN: 978-3-642-38631-2
eBook Packages: Computer ScienceComputer Science (R0)