Protecting secret keys with personal entropy
Future Generation Computer Systems - Special issue on security on the Web
Secure Human Identification Protocols
ASIACRYPT '01 Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Two-factor authentication: too little, too late
Communications of the ACM - Transforming China
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Cognitive Authentication Schemes Safe Against Spyware (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
A Generic Authentication System based on SIM
ICISP '06 Proceedings of the International Conference on Internet Surveillance and Protection
Secured enterprise access with strong SIM authentication
EDOC '06 Proceedings of the 10th IEEE International Enterprise Distributed Object Computing Conference
Delegate: A Proxy Based Architecture for Secure Website Access from an Untrusted Machine
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
SmartSiren: virus detection and alert for smartphones
Proceedings of the 5th international conference on Mobile systems, applications and services
Déjà Vu: a user study using images for authentication
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Stronger password authentication using browser extensions
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
The design and analysis of graphical passwords
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
The Emperor's New Security Indicators
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Cryptanalysis of a Cognitive Authentication Scheme (Extended Abstract)
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Using the mobile phone as a security token for unified authentication
ICSNC '07 Proceedings of the Second International Conference on Systems and Networks Communications
Pocket Hypervisors: Opportunities and Challenges
HOTMOBILE '07 Proceedings of the Eighth IEEE Workshop on Mobile Computing Systems and Applications
Behavioral detection of malware on mobile handsets
Proceedings of the 6th international conference on Mobile systems, applications, and services
Designing System-Level Defenses against Cellphone Malware
SRDS '09 Proceedings of the 2009 28th IEEE International Symposium on Reliable Distributed Systems
Using a personal device to strengthen password authentication from an untrusted computer
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Phoolproof phishing prevention
FC'06 Proceedings of the 10th international conference on Financial Cryptography and Data Security
Kerberos: an authentication service for computer networks
IEEE Communications Magazine
| Hi-index | 0.00 |
Web authentication that is both secure and usable remains a challenge. Passwords are vulnerable to phishing attacks, while physical tokens face deployment obstacles. We propose to leverage the authentication infrastructure of cellular networks to enhance Web authentication. We design WebCallerID, a Web authentication scheme that uses cell phones as physical tokens and uses cellular networks as trusted identity providers. Since WebCallerID requires no user participation during authentication, it prevents security mistakes by users. WebCallerID also prevents rogue websites from replaying authentication assertions or stealing users' identities. We have implemented a prototype of WebCallerID using the OpenID framework. The prototype shows that WebCallerID seamlessly integrates into OpenID-capable Web authentication while avoiding phishing problems in OpenID and simplifying user participation.