• DocumentCode
    3716768
  • Title

    Using Dropped Call as an Authentication Factor

  • Author

    Balwinder Sodhi

  • Author_Institution
    Dept. of Comput. Sci. &
  • fYear
    2015
  • Firstpage
    2031
  • Lastpage
    2035
  • Abstract
    Increasing numbers of remotely accessed software applications are adopting Two Factor Authentication (TFA) methods, particularly when performing sensitive actions such as payment transactions. TFA methods, though addressed several weaknesses of purely password based authentication systems, have their own challenges such as their adverse effect on usability and, most notably, the operating cost. For instance, in a TFA mechanism that relies on sending a one-time password(OTP) to user´s phone via SMS, the cost of just sending OTPs can be prohibitive for high volume transactions e.g. in case of an e-commerce payment gateway. We introduce "dropped call" initiated from a user´s phone as a new authentication factor (AF), and present a novel authentication system that uses this new AF. We refer to a phone call which is instantaneously rejected by the callee as a dropped call. This system eliminates operational costs associated with a second factor of authentication. The proposed system can also be used as a sole authentication factor to build a passwordless authentication system. Analysis and evaluation of proposed system w.r.t various attack scenarios, performance and cost implications has been discussed. We show that cost savings in comparison to SMS based OTP transmission system are proportional to the volume of transactions. Considering a volume of 50,000 daily transactions and current pricing of sending bulk SMS (in UK), the cost of proposed system is less than 1% of the SMS based OTP alternative. An actual implementation of this system is deployed at: http://www.dcauth.in.
  • Keywords
    "Authentication","Servers","Software","Telephony","Logic gates","Electronic mail","Hardware"
  • Publisher
    ieee
  • Conference_Titel
    Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM), 2015 IEEE International Conference on
  • Type

    conf

  • DOI
    10.1109/CIT/IUCC/DASC/PICOM.2015.301
  • Filename
    7363347