Method of Secure App user Authentication from Auto-Login in the Mobile Device

Authenticating users to secure systems is a crucial task for security experts to solve a password problem, where user should able to memorize a password or secret and password should be hard to guess and crack by adversaries. In general, Most of the secure systems were designed with text passwords along with additional factors such as tokens like smart card, mobile device. Text passwords are not resistant to dictionary, brute-force and guessing attacks. This paper proposes a novel graphical password method, which solves the password problem and secure against all password vulnerabilities. Theoretically, graphical passwords are easy to memorize and recall them easily for long term and resistant to dictionary and brute-force search attacks

Download Full-text

An Ultra-low-power Mixed-mode Face Recognition Processor for Always-on User Authentication in Mobile Device

JSTS Journal of Semiconductor Technology and Science ◽

10.5573/jsts.2020.20.6.499 ◽

2020 ◽

Vol 20 (6) ◽

pp. 499-509

Author(s):

Ji-Hoon Kim ◽

Changhyeon Kim ◽

Kwantae Kim ◽

Juhyoung Lee ◽

Hoi-Jun Yoo ◽

...

Keyword(s):

Face Recognition ◽

Low Power ◽

Mobile Device ◽

Mixed Mode ◽

User Authentication ◽

Ultra Low Power

Download Full-text

An Efficient User Authentication Scheme with Mobile Device in Wireless Network Environment

Journal of the Korea Institute of Information Security and Cryptology ◽

10.13089/jkiisc.2013.23.2.169 ◽

2013 ◽

Vol 23 (2) ◽

pp. 169-179

Author(s):

Soobok Shin ◽

Hongjin Yeh ◽

Kangseok Kim

Keyword(s):

Wireless Network ◽

Mobile Device ◽

User Authentication ◽

Authentication Scheme ◽

Network Environment ◽

User Authentication Scheme

Download Full-text

Biometric-Based Remote Mutual Authentication Scheme for Mobile Device

10.21203/rs.3.rs-454092/v1 ◽

2021 ◽

Author(s):

Sheng-Kai Chen ◽

Jenq-Shiou Leu ◽

Hsieh Wen-Bin ◽

Jui-Tang Wang ◽

Tian Song

Keyword(s):

Smart Card ◽

Mobile Device ◽

Communication Channel ◽

User Authentication ◽

Mutual Authentication ◽

Authentication Scheme ◽

Mobile Payment ◽

Remote Authentication ◽

Authentication Schemes ◽

Remote User

Abstract Remote user authentication schemes provide a system to verify the legitimacy of remote users’ authentication request over insecure communication channel. In last years, many authentication schemes using password and smart card have been proposed. However, password might be revealed or forgotten and smart card might be shared, lost or stolen. In contrast, the biometrics, such as face, ﬁngerprint or iris, have no such weakness. With the trend of mobile payment, more and more applications of mobile payment use biometrics to replace password and smart card. In this paper, we propose a biometric-based remote authentication scheme substituting biometric and mobile device bounded by user for password and smart card. This scheme is more convenient, suitable and securer than the schemes using smart cards on mobile payment environment.

Download Full-text

Adversary Models for Mobile Device Authentication

ACM Computing Surveys ◽

10.1145/3477601 ◽

2022 ◽

Vol 54 (9) ◽

pp. 1-35

Author(s):

René Mayrhofer ◽

Stephan Sigg

Keyword(s):

Mobile Device ◽

User Authentication ◽

Security Analysis ◽

Highly Active ◽

Remote Authentication ◽

Security Properties ◽

Active Research ◽

Adversary Model ◽

Vast Range

Mobile device authentication has been a highly active research topic for over 10 years, with a vast range of methods proposed and analyzed. In related areas, such as secure channel protocols, remote authentication, or desktop user authentication, strong, systematic, and increasingly formal threat models have been established and are used to qualitatively compare different methods. However, the analysis of mobile device authentication is often based on weak adversary models, suggesting overly optimistic results on their respective security. In this article, we introduce a new classification of adversaries to better analyze and compare mobile device authentication methods. We apply this classification to a systematic literature survey. The survey shows that security is still an afterthought and that most proposed protocols lack a comprehensive security analysis. The proposed classification of adversaries provides a strong and practical adversary model that offers a comparable and transparent classification of security properties in mobile device authentication.

Download Full-text

Option of Control of Access to Information Resources Based on Implicit Authentication

Proceedings of Southwest State University ◽

10.21869/2223-1560-2020-24-2-108-121 ◽

2020 ◽

Vol 24 (2) ◽

pp. 108-121

Author(s):

A. L. Marukhlenko ◽

A. V. Plugatarev ◽

M. O. Tanygin ◽

L. O. Marukhlenko ◽

M. Yu. Shashkov

Keyword(s):

Mobile Device ◽

User Authentication ◽

Experimental Studies ◽

Threshold Value ◽

Mean Value ◽

Mobile Users ◽

Behavioral Factors ◽

Public Data ◽

Device User ◽

Current Block

Purpose of research is to build a model of a system for effective authentication of mobile users based on public data of the user and his behavioral factors as well as to study algorithms for calculating the threshold value at which the authentication of a mobile device user is considered successful.Methods. When analyzing the behavioral factors of a user who needs to be authenticated when interacting with mobile devices, application of the following methods for calculating the threshold value are proposed: dynamic methods for determining the threshold value of user authentication based on the standard deviation and the calculation of the aggregate mean score; the method based on the standard when the system divides the aggregate flow of estimates into several blocks of the same length, where the first block is used for training, and the calculated threshold is used in the second block (this sequence of actions is repeated continuously, that is, the previous block provides training results for calculating the threshold for the current block); a method for calculating the aggregate mean score, where instead of using a single total score as input, the system uses the mean value of the current block, and the new calculated threshold is used as the threshold for decision making for the next block. A mathematical model that balances the speed and reliability of mobile users authentication is proposed.Results. The result of the research is the development of an effective system for calculating the threshold value of successful authentication of a mobile device user based on behavioural features which adapts to changes of the user's behavioural factors. Experimental studies and comparisons with analogs confirming the completeness and correctness were carried out as well as various variants of the proposed solutions.Conclusion. The proposed method of implicit authentication for mobile access control is easy to implement, easy to use, and adaptive to changes in input data. Options for calculating the threshold value at which implicit authentication is considered successful are also proposed.

Download Full-text

Design of a Simple User Authentication Scheme Using QR-Code for Mobile Device

Lecture Notes in Electrical Engineering - Information Technology Convergence, Secure and Trust Computing, and Data Management ◽

10.1007/978-94-007-5083-8_30 ◽

2012 ◽

pp. 241-247 ◽

Cited By ~ 3

Author(s):

Youngsook Lee ◽

Jeeyeon Kim ◽

Woongryul Jeon ◽

Dongho Won

Keyword(s):

Mobile Device ◽

User Authentication ◽

Authentication Scheme ◽

Qr Code ◽

User Authentication Scheme

Download Full-text

Towards User Authentication Requirements for Mobile Computing

Innovative Solutions for Access Control Management - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-0448-1.ch006 ◽

2016 ◽

pp. 160-196

Author(s):

Yaira K. Rivera Sánchez ◽

Steven A. Demurjian

Keyword(s):

Social Network ◽

Mobile Computing ◽

Mobile Device ◽

User Authentication ◽

Network Communication ◽

Healthcare Applications ◽

Security Issues ◽

Mobile Healthcare ◽

Wide Range ◽

Health And Fitness

The emergence and ubiquity of mobile computing has placed powerful capabilities in one's hand providing a wide range of applications such as email, calendar, photos, browsers, social network, communication, shopping, health and fitness, games etc., which were once restricted to traditional platforms. Such applications on a single mobile device raise critical security issues related to managing identity, re-authenticating users that stay active for long periods of time, protecting sensitive PII and PHI against access and misuse, insuring secure transactions, and protecting the physical device. This chapter explores user authentication requirements for mobile computing by: evaluating alternative user authentication requirements in order to make recommendations on their usage in authentication; identifying authentication methods used in mobile healthcare applications; and proposing a set of requirements for user authentication to handle the situation when a user seeks to be securely authenticated across a set of applications that are placed into context within a framework.

Download Full-text

Strengthen user authentication on mobile devices by using user’s touch dynamics pattern

Journal of Ambient Intelligence and Humanized Computing ◽

10.1007/s12652-019-01654-y ◽

2019 ◽

Vol 11 (10) ◽

pp. 4019-4039 ◽

Cited By ~ 4

Author(s):

Pin Shen Teh ◽

Ning Zhang ◽

Syh-Yuan Tan ◽

Qi Shi ◽

Wee How Khoh ◽

...

Keyword(s):

Success Rate ◽

Mobile Devices ◽

Mobile Device ◽

User Authentication ◽

Touch Screen ◽

Usable Security ◽

Sensitive Data ◽

Identity Verification ◽

Security Services ◽

Knowledge Based

AbstractMobile devices, particularly the touch screen mobile devices, are increasingly used to store and access private and sensitive data or services, and this has led to an increased demand for more secure and usable security services, one of which is user authentication. Currently, mobile device authentication services mainly use a knowledge-based method, e.g. a PIN-based authentication method, and, in some cases, a fingerprint-based authentication method is also supported. The knowledge-based method is vulnerable to impersonation attacks, while the fingerprint-based method can be unreliable sometimes. To overcome these limitations and to make the authentication service more secure and reliable for touch screen mobile device users, we have investigated the use of touch dynamics biometrics as a mobile device authentication solution by designing, implementing and evaluating a touch dynamics authentication method. This paper describes the design, implementation, and evaluation of this method, the acquisition of raw touch dynamics data, the use of the raw data to obtain touch dynamics features, and the training of the features to build an authentication model for user identity verification. The evaluation results show that by integrating the touch dynamics authentication method into the PIN-based authentication method, the protection levels against impersonation attacks is greatly enhanced. For example, if a PIN is compromised, the success rate of an impersonation attempt is drastically reduced from 100% (if only a 4-digit PIN is used) to 9.9% (if both the PIN and the touch dynamics are used).

Download Full-text

A study on usability and security features of the Android pattern lock screen

Information and Computer Security ◽

10.1108/ics-01-2015-0001 ◽

2016 ◽

Vol 24 (1) ◽

pp. 53-72 ◽

Cited By ~ 6

Author(s):

Panagiotis Andriotis ◽

George Oikonomou ◽

Alexios Mylonas ◽

Theo Tryfonas

Keyword(s):

Mobile Device ◽

User Authentication ◽

Hard Copy ◽

Security Assessment ◽

Android Application ◽

Content Type ◽

Graphical Passwords ◽

Shoulder Surfing ◽

Survey Results ◽

Future Work

Purpose – The Android pattern lock screen (or graphical password) is a popular user authentication method that relies on the advantages provided by the visual representation of a password, which enhance its memorability. Graphical passwords are vulnerable to attacks (e.g. shoulder surfing); thus, the need for more complex passwords becomes apparent. This paper aims to focus on the features that constitute a usable and secure pattern and investigate the existence of heuristic and physical rules that possibly dictate the formation of a pattern. Design/methodology/approach – The authors conducted a survey to study the users’ understanding of the security and usability of the pattern lock screen. The authors developed an Android application that collects graphical passwords, by simulating user authentication in a mobile device. This avoids any potential bias that is introduced when the survey participants are not interacting with a mobile device while forming graphical passwords (e.g. in Web or hard-copy surveys). Findings – The findings verify and enrich previous knowledge for graphical passwords, namely, that users mostly prefer usability than security. Using the survey results, the authors demonstrate how biased input impairs security by shrinking the available password space. Research limitations/implications – The sample’s demographics may affect our findings. Therefore, future work can focus on the replication of our work in a sample with different demographics. Originality/value – The authors define metrics that measure the usability of a pattern (handedness, directionality and symmetry) and investigate their impact to its formation. The authors propose a security assessment scheme using features in a pattern (e.g. the existence of knight moves or overlapping nodes) to evaluate its security strengths.

Download Full-text