User Authentication and Authorization in the Java(tm) Platform
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Architectural styles and the design of network-based software architectures
Architectural styles and the design of network-based software architectures
Dissecting Android Malware: Characterization and Evolution
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
AdSplit: separating smartphone advertising from applications
Security'12 Proceedings of the 21st USENIX conference on Security symposium
| Hi-index | 0.00 |
Mobile devices create new opportunities and challenges for authentication. On one hand, the readily-available sensors provide new opportunities for authentication credentials, such as biometrics and context of the device. On the other hand, mobile applications rely on network services to create rich functionality that often require protection of their sensitive data. The ability for the mobile application developer to adopt a wide range of authentication protocols and techniques is an intractable challenge for adopting new authentication technologies. In this paper, we propose a flexible framework that enables an out-of-band authentication channel for mobile applications. The framework allows applications to delegate authentication to an independent security service on the client that, in turn, supports an extensible range of authentication protocols. Importantly, the approach presented in this paper does not require any modification of the underlying system, thus not requiring support from the operating system or hardware vendor. Our server-driven approach supports administration and enablement of new authentication techniques and security policies with minimal to no client application modifications. We show the viability of our design by means of a framework prototype and integrating it with a representative authentication system built in-house. We also discuss security and non-security challenges of realizing this approach.