Using a Smart Phone to Strengthen Password-Based Authentication

Author

Han, Weili ; Cao, Ye ; Lei, Chang

Author_Institution

Software Sch., Fudan Univ., Shanghai, China

fYear

2011

fDate

19-22 Oct. 2011

Firstpage

372

Lastpage

379

Abstract

The authentication based on user´s username and password is one of the most popular ways to verify a user when he or she enters an information system. Thus, in recent years, many attackers, e.g. phishers, aim to steal passwords to intrude information systems. To strengthen the password-based authentication, we introduce a method, named SmartID, where we use a Bluetooth-enabled Smart Phone as a platform to store user´s username, password and their relevant information of login interface. SmartID can help a user authenticate both his or her identify and validity of login interfaces of web sites and desktops. The experiment and analysis show that SmartID can offer an excellent recall rate, and an acceptable precision rate for anti-phishing and anti-pharming. Thus, SmartID is applicable to strengthen password-based authentication.

Keywords

Bluetooth; Web sites; computer crime; information systems; message authentication; smart phones; Bluetooth-enabled smart phone; SmartID; Web site; antipharming; antiphishing; information system; login interface; password-based authentication; Authentication; Bluetooth; Data communication; Delay; Operating systems; Smart phones; Web sites; Anti-Phishing; Individual White-List; Login User Interface; Password Management; SmartID;

fLanguage

English

Publisher

ieee

Conference_Titel

Internet of Things (iThings/CPSCom), 2011 International Conference on and 4th International Conference on Cyber, Physical and Social Computing

Conference_Location

Dalian

Print_ISBN

978-1-4577-1976-9

Type

conf

DOI

10.1109/iThings/CPSCom.2011.64

Filename

6142259