ACM Transactions on Computer Systems (TOCS)
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Beamauth: two-factor web authentication with a bookmark
Proceedings of the 14th ACM conference on Computer and communications security
Hi-index | 0.00 |
As authentication provides crucial online identity, it is the basis of data security. In this paper, a session based authentication is proposed and the long unique un-guessable session identifier is used as a parameter of an authentication token. It has the advantages of one-timeness, short-lived and no prior knowledge requirement. The session model is established with detailed implementation of communication protocol. The security of this protocol is then analyzed formally and the results show that the protocol can resist various attacks, e.g. session hijacking, message replay and pharming attacks etc. Finally, a case is studied and the performance of the application is evaluated, which indicates that the proposed scheme is simpler and more efficient than the existing schemes.