ABSTRACT
Conventional password-based authentication has been widely used due to its simplicity, familiarity, and cost effectiveness. However, the conventional password-based authentication has a fundamental weak-point that cleartext passwords are kept on client-side devices and networks. In order to acquire a user's password securely, we suggest a novel method that splits the roles of user interface onto two devices. With our method, cleartext passwords are neither stored on any devices nor transmitted over communication channels. Finally, we implement a demo application and analyze our method in the aspects of usability, deployability, and security.
- J. Bonneau, C. Herley, P. C. Van Oorschot, and F. Stajano. The quest to replace passwords: A framework for comparative evaluation of web authentication schemes. In Security and Privacy (SP), 2012 IEEE Symposium on, pages 553--567. IEEE, 2012. Google ScholarDigital Library
- C. Herley. So long, and no thanks for the externalities: the rational rejection of security advice by users. In Proceedings of the 2009 workshop on New security paradigms workshop, pages 133--144. ACM, 2009. Google ScholarDigital Library
- Q. Yan, J. Han, Y. Li, J. Zhou, and R. H. Deng. Designing leakage-resilient password entry on touchscreen mobile devices. In Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security, pages 37--48. ACM, 2013. Google ScholarDigital Library
Index Terms
- POSTER: A Password-based Authentication by Splitting Roles of User Interface
Recommendations
POSTER: Can We Use Biometric Authentication on Cloud?: Fingerprint Authentication Using Homomorphic Encryption
ASIACCS '18: Proceedings of the 2018 on Asia Conference on Computer and Communications SecurityEven though biometric authentication such as fingerprint authentication is popularly used, there are few network services supporting biometric authentication because many users have serious privacy concerns about leakage of the biometric data on a ...
Investigating Handedness in Air Signatures for Magnetic 3D Gestural User Authentication
MobileHCI '15: Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services AdjunctBalancing usability and security in user authentication is essential to the adoption of any authentication method. Magnet-based Around Device Interaction (ADI), in allowing 3D gestural signatures around the device, has been shown to be a secure method ...
A hash-based strong-password authentication scheme without using smart cards
So far, many strong-password authentication schemes have been proposed, however, none is secure enough. In 2003, Lin, Shen, and Hwang proposed a strong-password authentication scheme using smart cards, and claimed that their scheme can resist the ...
Comments