Abstract
Traditional textual password authentication techniques have numerous well documented security and usability flaws, yet have seen near universal deployment due to their desirable efficiency properties. As a result, many users who may prefer alternative authentication approaches are forced to use passwords or PINs on a daily basis due to a lack of control over third party servers. This work explores the use of a mobile device as a proxy for password management in an attempt to improve remote password authentication without making changes to remote servers.
A universal proxy-based authentication framework is presented which allows users to employ a method of their own choice to authenticate locally to their mobile devices (e.g., biometrics or graphical passwords). The framework is also compatible with many communication channels between the mobile proxy and local terminal (e.g., Bluetooth or audio). To demonstrate the practicality of this general framework, a concrete implementation using an “out-of-band” audio channel, called PIN-Audio, is also provided. While existing password management solutions may provide a reasonable level of security for commonplace services, PIN-Audio is recommended for a user-friendly deployment for security critical applications, such as online banking.
Keywords
References
Karole, A., Saxena, N., Christin, N.: A Comparative Usability Evaluation of Traditional Password Managers. In: Rhee, K.-H., Nyang, D. (eds.) ICISC 2010. LNCS, vol. 6829, pp. 233–251. Springer, Heidelberg (2011)
Partow, A.: Schifra Reed-Solomon Error Correcting Code Library (2010), http://www.schifra.com
Lopes, C.: Digital Voices (2003), http://www.ics.uci.edu/~lopes/dv/dv.html
Lopes, C., Aguiar, P.: Acoustic Modems for Ubiquitous Computing. In: Pervasive Computing (2003)
Sperle, C.: KeePassMobile (2010), http://www.keepassmobile.com
Balzarotti, D., Cova, M., Vigna, G.: ClearShot: Eavesdropping on Keyboard Input from Video. In: Symposium on Security and Privacy (2008)
Zhuang, L., Zhou, F., Tygar, J.: Keyboard Acoustic Emanations Revisited. In: Conference on Computer and Communications Security (2005)
LastPass Corporation. LastPass Password Manager (2010), https://lastpass.com
Mozilla Corporation. Firefox Browser (2010), http://www.mozilla.com/firefox
Mozilla Corporation. Weave Sync. (2010), http://labs.mozilla.com/projects/weave
OpenIntents UG. OpenIntents Safe (2009), http://www.openintents.org/en/node/205
Kim, R.: The World’s a Cell-phone Stage. In: The San Fransisco Chronicle (2006), http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2006/02/27/BUG2IHECTO1.DTL
Siber Systems. RoboForm Password Manager (2010), http://www.roboform.com
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Saxena, N., Voris, J. (2012). Exploring Mobile Proxies for Better Password Authentication. In: Chim, T.W., Yuen, T.H. (eds) Information and Communications Security. ICICS 2012. Lecture Notes in Computer Science, vol 7618. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34129-8_26
Download citation
DOI: https://doi.org/10.1007/978-3-642-34129-8_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-34128-1
Online ISBN: 978-3-642-34129-8
eBook Packages: Computer ScienceComputer Science (R0)