UbiKiMa: Ubiquitous authentication using a smartphone, migrating from passwords to strong cryptography

Maarten Everts, Jaap-Henk Hoepman, Johanneke Siljee

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

6 Citations (Scopus)

Abstract

Passwords are the only ubiquitous form of authentication currently available on the web. Unfortunately, passwords are insecure. In this paper we therefore propose the use of strong cryptography, using the fact that users increasingly own a smartphone that can perform the required cryptographic operations on their behalf. This is not as trivial as it sounds. Services will not migrate to new forms of authentication if few users have the means to use it. Similarly, users will not acquire the means if there are few services that accept them. Moreover, enabling one's smartphone to seamlessly sign in at a website when browsing on an arbitrary PC is non-trivial. We propose a system, based on a smartphone app, that can be used to sign in with username and password to arbitrary websites using an arbitrary PC or laptop. We describe the protocol and implementation to achieve this without the need for typing usernames and passwords. Furthermore, we propose an authentication protocol based on public key cryptography, integrated in the same smartphone app. This allows websites to seamlessly migrate towards a much more secure authentication method on the web, independently of each other. A prototype of our system has been developed.

Original languageEnglish
Title of host publicationDIM 2013 - Proceedings of the 2013 ACM Workshop on Digital Identity Management, Co-located with CCS 2013
PublisherAssociation for Computing Machinery
Pages19-24
Number of pages6
ISBN (Print)9781450324939
DOIs
Publication statusPublished - 2013
Externally publishedYes
Event8th ACM Workshop on Digital Identity Management: Identity at the Crossroads, DIM 2013 - Berlin, Germany
Duration: 8 Nov 20138 Nov 2013
Conference number: 8

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
PublisherACM
Volume2013
ISSN (Print)1543-7221

Conference

Conference8th ACM Workshop on Digital Identity Management: Identity at the Crossroads, DIM 2013
Abbreviated titleDIM 2013
Country/TerritoryGermany
CityBerlin
Period8/11/138/11/13
OtherCo-located with the 20th ACM Conference on Computer and Communications Security, CCS 2013

Keywords

  • Identity management
  • Passwords
  • Strong authentication
  • n/a OA procedure

Fingerprint

Dive into the research topics of 'UbiKiMa: Ubiquitous authentication using a smartphone, migrating from passwords to strong cryptography'. Together they form a unique fingerprint.

Cite this