Skip to main content
SpringerLink
Log in

Virtual World Authentication Using the Smart Card Web Server

  • Conference paper
Security in Computing and Communications (SSCC 2013)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 377))

Included in the following conference series:

Abstract

Virtual Worlds (VWs) are persistent, immersive digital environments, in which people utilise digital representation of themselves. Current management of VW identity is very limited, and security issues arise, such as identity theft. This paper proposes a two-factor user authentication scheme based on One Time Passwords (OTPs), exploiting a Smart Card Web Server (SCWS) hosted on the tamper-resistant Subscriber Identity Module (SIM) within the user’s mobile phone. Additionally, geolocation attributes are used to compare phone and PC locations, introducing another obstacle for an attacker. A preliminary security analysis is done on the protocol, and future work is identified.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bell, M.: Virtual Worlds Research: Past, Present & Future July 2008: Toward a definition of “Virtual Worlds” (2008)

    Google Scholar 

  2. KZero: Virtual worlds: Industry and user data universe (March 2012)

    Google Scholar 

  3. Second Life Official Website, http://www.secondlife.com/

  4. World of Warcraft, http://eu.battle.net/wow/en/

  5. McGraw, G., Chow, M.: Guest editors’ introduction: Securing online games: Safeguarding the future of software security: How world of warcraft almost ruined my credit rating. IEEE Security & Privacy, 11–12 (2009)

    Google Scholar 

  6. Jorstad, I., Jonvik, T., et al.: Strong authentication with mobile phone as security token. In: Mobile Adhoc and Sensor Systems, MASS 2009, pp. 777–782. IEEE (2009)

    Google Scholar 

  7. Vapen, A., Byers, D., Shahmehri, N.: 2-clickauth optical challenge-response authentication. In: Availability, Reliability, and Security, ARES 2010, pp. 79–86. IEEE (2010)

    Google Scholar 

  8. Juniper Networks Inc.: Mobile Threats Report (2011)

    Google Scholar 

  9. Open Mobile Alliance: Smartcard-Web-Server, Candidate Version 1.2, OMA-TS-Smartcard_Web_Server-V1_1_2-20120927-C, Open Mobile Alliance (OMA), Version 1.2 (September 27, 2012)

    Google Scholar 

  10. Neustar: IP Geolocation: A Valuable Weapon to Fight Online Card-Not-Present Payment Fraud, http://www.neustar.biz/enterprise/docs/whitepapers/ip-intelligence/geolocation-detecting-card-not-present-fraud.pdf

  11. Mayes, K.E., Markantonakis, K. (eds.): Smart Cards, Tokens, Security and Applications. Springer (2008)

    Google Scholar 

  12. Calvin, J., Dickens, A., Gaines, B., Metzger, P., Miller, D., Owen, D.: The SIMNET virtual world architecture. In: Virtual Reality Annual International Symposium, pp. 450–455. IEEE (1993)

    Google Scholar 

  13. Frecon, E., Stenius, M.: DIVE: A scaleable network architecture for distributed virtual environments. In: Distributed Systems Engineering 5.3 (1998)

    Google Scholar 

  14. Fernandes, S., Antonello, R., Moreira, J., Kamienski, C., Sadok, D.: Traffic analysis beyond this world: the case of Second Life. In: 17th International Workshop on Network and Operating Systems Support for Digital Audio and Video. University of Illinois, Urbana-Champaign (2007)

    Google Scholar 

  15. RFC 2818: Hypertext Transfer Protocol over TLS protocol (May 2000), http://www.ietf.org/rfc/rfc2818.txt

  16. Oracle: Javacard v3.0 specifications, http://www.oracle.com/technetwork/java/javame/javacard/download/overview/index.html

  17. GlobalPlatform: Remote Application Management over HTTP Card Specification v2.2 Amendment B Version 1.1.1 (2012)

    Google Scholar 

  18. RFC 4226: HOTP: An HMAC-Based One-Time Password Algorithm (December 2005), http://www.ietf.org/rfc/rfc4226.txt

  19. OWASP, The Open Web Application Security Project: OWASP Top Ten Project, https://www.owasp.org

  20. Shetty, S.: Symantec: Introduction to Spyware Keyloggers (November 2010), http://www.symantec.com/connect/articles/introduction-spyware-keyloggers

  21. Goodin, D.: Crack in Internet’s foundation of trust allows HTTPS session hijacking (September 2012), http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/

  22. SANS Institute InfoSec Reading Room: Introduction to IP Spoofing (November 2000)

    Google Scholar 

  23. Gill, P., Ganjali, Y., Wong, B., Lie, D.: Dude, where’s that IP? Circumventing measurement-based IP geolocation. In: Proceedings of the 19th USENIX Conference on Security, Berkeley, CA, USA (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Smart Card Centre, Information Security Group, Royal Holloway, Univ. of London, Egham, Surrey, UK, TW20 0EX

    Lazaros Kyrillidis, Graham Hili, Sheila Cobourne, Keith Mayes & Konstantinos Markantonakis

Authors
  1. Lazaros Kyrillidis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Graham Hili
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sheila Cobourne
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Keith Mayes
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Konstantinos Markantonakis
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Indian Institute of Information Technology and Management, Technopark Campus, 695581, Trivandrum, Kerala, India

    Sabu M. Thampi

  2. Department of Applied Computer Science, The University of Winnipeg, 515 Portage Avenue, R3B 2E9, Winnipeg, MB, Canada

    Pradeep K. Atrey

  3. Electrical and Computer Science Engineering Building, National Sun Yat-sen University, Kaohsiung, Taiwan R.O.C.

    Chun-I Fan

  4. Facultad de Informatica, Campus de Espinardo, s/n, 30.100, Murcia, Spain

    Gregorio Martinez Perez

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kyrillidis, L., Hili, G., Cobourne, S., Mayes, K., Markantonakis, K. (2013). Virtual World Authentication Using the Smart Card Web Server. In: Thampi, S.M., Atrey, P.K., Fan, CI., Perez, G.M. (eds) Security in Computing and Communications. SSCC 2013. Communications in Computer and Information Science, vol 377. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40576-1_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-40576-1_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-40575-4

  • Online ISBN: 978-3-642-40576-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation