Protecting Touch: Authenticated App-To-Server channels for mobile devices using NFC tags

Detalhes bibliográficos
Autor(a) principal: Carvalho Ota, Fernando Kaway
Data de Publicação: 2017
Outros Autores: Roland, Michael, Hölzl, Michael, Mayrhofer, René, Manacero, Aleardo [UNESP]
Tipo de documento: Artigo
Idioma: eng
Título da fonte: Repositório Institucional da UNESP
Texto Completo: http://dx.doi.org/10.3390/info8030081
http://hdl.handle.net/11449/169908
Resumo: Traditional authentication methods (e.g., password, PIN) often do not scale well to the context of mobile devices in terms of security and usability. However, the adoption of Near Field Communication (NFC) on a broad range of smartphones enables the use of NFC-enabled tokens as an additional authentication factor. This additional factor can help to improve the security, as well as usability of mobile apps. In this paper, we evaluate the use of different types of existing NFC tags as tokens for establishing authenticated secure sessions between smartphone apps and web services. Based on this evaluation, we present two concepts for a user-friendly secure authentication mechanism for mobile apps, the Protecting Touch (PT) architectures. These two architectures are designed to be implemented with either end of the spectrum of inexpensive and widely-available NFC tags while maintaining a reasonable trade-off between security, availability and cost.
id UNSP_77af5b7fdcd5366a7953078eb442cdf5
oai_identifier_str oai:repositorio.unesp.br:11449/169908
network_acronym_str UNSP
network_name_str Repositório Institucional da UNESP
repository_id_str 2946
spelling Protecting Touch: Authenticated App-To-Server channels for mobile devices using NFC tagsAndroidMobile securityNear field communication (NFC)Secure channelTwo-factor authenticationTraditional authentication methods (e.g., password, PIN) often do not scale well to the context of mobile devices in terms of security and usability. However, the adoption of Near Field Communication (NFC) on a broad range of smartphones enables the use of NFC-enabled tokens as an additional authentication factor. This additional factor can help to improve the security, as well as usability of mobile apps. In this paper, we evaluate the use of different types of existing NFC tags as tokens for establishing authenticated secure sessions between smartphone apps and web services. Based on this evaluation, we present two concepts for a user-friendly secure authentication mechanism for mobile apps, the Protecting Touch (PT) architectures. These two architectures are designed to be implemented with either end of the spectrum of inexpensive and widely-available NFC tags while maintaining a reasonable trade-off between security, availability and cost.Banco do Brasil S.AUniversity of Applied Sciences Upper AustriaInstitute of Networks and Security Johannes Kepler University LinzDepartment of Computer Science and Statistics São Paulo State University-UNESPDepartment of Computer Science and Statistics São Paulo State University-UNESPBanco do Brasil S.AUniversity of Applied Sciences Upper AustriaJohannes Kepler University LinzUniversidade Estadual Paulista (Unesp)Carvalho Ota, Fernando KawayRoland, MichaelHölzl, MichaelMayrhofer, RenéManacero, Aleardo [UNESP]2018-12-11T16:48:09Z2018-12-11T16:48:09Z2017-07-06info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articleapplication/pdfhttp://dx.doi.org/10.3390/info8030081Information (Switzerland), v. 8, n. 3, 2017.2078-2489http://hdl.handle.net/11449/16990810.3390/info80300812-s2.0-850221970672-s2.0-85022197067.pdfScopusreponame:Repositório Institucional da UNESPinstname:Universidade Estadual Paulista (UNESP)instacron:UNESPengInformation (Switzerland)0,222info:eu-repo/semantics/openAccess2023-10-22T06:07:48Zoai:repositorio.unesp.br:11449/169908Repositório InstitucionalPUBhttp://repositorio.unesp.br/oai/requestopendoar:29462023-10-22T06:07:48Repositório Institucional da UNESP - Universidade Estadual Paulista (UNESP)false
dc.title.none.fl_str_mv Protecting Touch: Authenticated App-To-Server channels for mobile devices using NFC tags
title Protecting Touch: Authenticated App-To-Server channels for mobile devices using NFC tags
spellingShingle Protecting Touch: Authenticated App-To-Server channels for mobile devices using NFC tags
Carvalho Ota, Fernando Kaway
Android
Mobile security
Near field communication (NFC)
Secure channel
Two-factor authentication
title_short Protecting Touch: Authenticated App-To-Server channels for mobile devices using NFC tags
title_full Protecting Touch: Authenticated App-To-Server channels for mobile devices using NFC tags
title_fullStr Protecting Touch: Authenticated App-To-Server channels for mobile devices using NFC tags
title_full_unstemmed Protecting Touch: Authenticated App-To-Server channels for mobile devices using NFC tags
title_sort Protecting Touch: Authenticated App-To-Server channels for mobile devices using NFC tags
author Carvalho Ota, Fernando Kaway
author_facet Carvalho Ota, Fernando Kaway
Roland, Michael
Hölzl, Michael
Mayrhofer, René
Manacero, Aleardo [UNESP]
author_role author
author2 Roland, Michael
Hölzl, Michael
Mayrhofer, René
Manacero, Aleardo [UNESP]
author2_role author
author
author
author
dc.contributor.none.fl_str_mv Banco do Brasil S.A
University of Applied Sciences Upper Austria
Johannes Kepler University Linz
Universidade Estadual Paulista (Unesp)
dc.contributor.author.fl_str_mv Carvalho Ota, Fernando Kaway
Roland, Michael
Hölzl, Michael
Mayrhofer, René
Manacero, Aleardo [UNESP]
dc.subject.por.fl_str_mv Android
Mobile security
Near field communication (NFC)
Secure channel
Two-factor authentication
topic Android
Mobile security
Near field communication (NFC)
Secure channel
Two-factor authentication
description Traditional authentication methods (e.g., password, PIN) often do not scale well to the context of mobile devices in terms of security and usability. However, the adoption of Near Field Communication (NFC) on a broad range of smartphones enables the use of NFC-enabled tokens as an additional authentication factor. This additional factor can help to improve the security, as well as usability of mobile apps. In this paper, we evaluate the use of different types of existing NFC tags as tokens for establishing authenticated secure sessions between smartphone apps and web services. Based on this evaluation, we present two concepts for a user-friendly secure authentication mechanism for mobile apps, the Protecting Touch (PT) architectures. These two architectures are designed to be implemented with either end of the spectrum of inexpensive and widely-available NFC tags while maintaining a reasonable trade-off between security, availability and cost.
publishDate 2017
dc.date.none.fl_str_mv 2017-07-06
2018-12-11T16:48:09Z
2018-12-11T16:48:09Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/article
format article
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://dx.doi.org/10.3390/info8030081
Information (Switzerland), v. 8, n. 3, 2017.
2078-2489
http://hdl.handle.net/11449/169908
10.3390/info8030081
2-s2.0-85022197067
2-s2.0-85022197067.pdf
url http://dx.doi.org/10.3390/info8030081
http://hdl.handle.net/11449/169908
identifier_str_mv Information (Switzerland), v. 8, n. 3, 2017.
2078-2489
10.3390/info8030081
2-s2.0-85022197067
2-s2.0-85022197067.pdf
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv Information (Switzerland)
0,222
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.source.none.fl_str_mv Scopus
reponame:Repositório Institucional da UNESP
instname:Universidade Estadual Paulista (UNESP)
instacron:UNESP
instname_str Universidade Estadual Paulista (UNESP)
instacron_str UNESP
institution UNESP
reponame_str Repositório Institucional da UNESP
collection Repositório Institucional da UNESP
repository.name.fl_str_mv Repositório Institucional da UNESP - Universidade Estadual Paulista (UNESP)
repository.mail.fl_str_mv
_version_ 1799964655495413760

Registros relacionados