Mobile device authentication has been a highly active research topic for over 10 years, with a vast range of methods proposed and analyzed. In related areas, such as secure channel protocols, remote authentication, or desktop user authentication, strong, systematic, and increasingly formal threat models have been established and are used to qualitatively compare different methods. However, the analysis of mobile device authentication is often based on weak adversary models, suggesting overly optimistic results on their respective security. In this article, we introduce a new classification of adversaries to better analyze and compare mobile device authentication methods. We apply this classification to a systematic literature survey. The survey shows that security is still an afterthought and that most proposed protocols lack a comprehensive security analysis. The proposed classification of adversaries provides a strong and practical adversary model that offers a comparable and transparent classification of security properties in mobile device authentication.
This paper proposes using a WiFi-based identification system, Wi-ID, to identify users from their unique hand gestures. Hand gestures from the popular game rock-paper-scissors are utilized for the system’s user authentication commands. The whole feature of three hand gestures is extracted instead of the single gesture feature extracted by the existing methods. Dynamic time warping (DTW) is utilized to analyze the amplitude information in the time domain based on linear discriminant analysis (LDA), while extract amplitude kurtosis (AP-KU) and shape skewness (SP-SK) are utilized to analyze the Wi-Fi signals energy distribution in the frequency domain. Based on the contributions of the extracted features, the random forests algorithm is utilized for weight inputs in the LSTM model. The experiment is conducted on a computer installed with an Intel 5300 wireless networking card to evaluate the effectiveness and robustness of the Wi-ID system. The experiment results showed the accuracy of the proposed Wi-ID system has a personal differentiation accuracy rate over 92%, and with an average accuracy of 96%. Authorized persons who performed incomplete hand gestures are identified with an accuracy of 92% and hostile intruders can be identified with a probability of 90%. Such performance demonstrates that the Wi-ID system achieved the aim of user authentication.
As the Internet has been developed, various online services such as social media services are introduced and widely used by many people. Traditionally, many online services utilize self-certification methods that are made using public certificates or resident registration numbers, but it is found that the existing methods pose the risk of recent personal information leakage accidents. The most popular authentication method to compensate for these problems is biometric authentication technology. The biometric authentication techniques are considered relatively safe from risks like personal information theft, forgery, etc. Among many biometric-based methods, we studied the speaker recognition method, which is considered suitable to be used as a user authentication method of the social media service usually accessed in the smartphone environment. In this paper, we first propose a speaker recognition-based authentication method that identifies and authenticates individual voice patterns, and we also present a synthesis speech detection method that is used to prevent a masquerading attack using synthetic voices.
User Authentication plays a crucial role in smart card based systems. Multi-application smart cards are easy to use as a single smart card supports more than one application. These cards are broadly divided into single identity cards and Multi-identity cards. In this paper we have tried to provide a secure Multi-identity Multi-application Smart Card Authentication Scheme. Security is provided to user’s data by using dynamic tokens as verifiers and nested cryptography. A new token is generated after every successful authentication for next iteration. Anonymity is also provided to data servers which provides security against availability attacks. An alternate approach to store data on servers is explored which further enhances the security of the underlying system.
Abstract: Identity theft is a frightening and often very serious concern to everyone. A novel risk-mitigation algorithm, the Hybrid Transaction Algorithm, is given in an effort to provide individuals with peace of mind (HTA). With the random codes, the proposed HTA aims to implement two-factor authentication. This kind of user authentication has been generally recognized, and many businesses have begun to employ it as a security feature. This may be used to identify people and provide a secure method of buying products online. The suggested method involves using mobile devices to log into card accounts using an application in order to examine the randomly generated code. This is then entered when required on an online retailer's website in order to verify the person making the transaction. This reduces the chance of an unauthorized user using someone else's details to make fraudulent transactions. Identity thieves cannot use stolen card information to make transactions unless they have a valid code. This, in turn, protects both the customer and the credit card companies, who may be financially affected. We give one case study to demonstrate the security of our methodology in order to better understand how it may safeguard someone from having a stolen credit card used. Keywords: Two-Factor Authentication; Hybrid Transaction Algorithm (HTA); AES Encryption; SHA–256.