Enhancing cardspace authentication using a mobile device

Authors:
Haitham S. Al-Sinani;Chris J. Mitchell
Affiliations:
Information Security Group, Royal Holloway, University of London;Information Security Group, Royal Holloway, University of London
Venue:
DBSec'11 Proceedings of the 25th annual IFIP WG 11.3 conference on Data and applications security and privacy
Year:
2011

Citing 10
Cited 1

Web proxy servers

Web proxy servers
Mobile Application Development with SMS and the Sim Toolkit

Mobile Application Development with SMS and the Sim Toolkit
Mobile Messaging Technologies and Services: SMS, EMS and MMS

Mobile Messaging Technologies and Services: SMS, EMS and MMS
Delegate: A Proxy Based Architecture for Secure Website Access from an Untrusted Machine

ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Beginning Windows CardSpace: From Novice to Professional

Beginning Windows CardSpace: From Novice to Professional
Understanding windows cardspace: an introduction to the concepts and challenges of digital identities

Understanding windows cardspace: an introduction to the concepts and challenges of digital identities
One-Time Password Access to Any Server without Changing the Server

ISC '08 Proceedings of the 11th international conference on Information Security
CardSpace-liberty integration for CardSpace users

Proceedings of the 9th Symposium on Identity and Trust on the Internet
Using a personal device to strengthen password authentication from an untrusted computer

FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Website credential storage and two-factor web authentication with a java SIM

WISTP'10 Proceedings of the 4th IFIP WG 11.2 international conference on Information Security Theory and Practices: security and Privacy of Pervasive Systems and Smart Devices

Extending the Scope of cardspace

Proceedings of the 4th international conference on Security of information and networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper we propose a simple, novel scheme for using a mobile device to enhance CardSpace authentication. During the process of user authentication on a PC using CardSpace, a random and shortlived one-time password is sent to the user's mobile device; this must then be entered into the PC by the user when prompted. The scheme does not require any changes to login servers, the CardSpace identity selector, or to the mobile device itself. We specify the scheme and give details of a proof-of-concept prototype. Security and operational analyses are also provided.