Abstract
Current mobile authentication solutions put a cognitive burden on users to detect and avoid Man-In-The-Middle attacks. In this paper, we present a mobile authentication protocol named Mobile-ID which prevents Man-In-The-Middle attacks without relying on a human in the loop. With Mobile-ID, the message signed by the secure element on the mobile device incorporates the context information of the connected service provider. Hence, upon receiving the signed message the Mobile-ID server could easily identify the existence of an on-going attack and notify the genuine service provider.
Original language | English |
---|---|
Pages (from-to) | 323-329 |
Number of pages | 7 |
Journal | Procedia Computer Science |
Volume | 34 |
DOIs | |
Publication status | Published - 2014 |
Externally published | Yes |
Event | 9th International Conference on Future Networks and Communications, FNC 2014 and the 11th International Conference on Mobile Systems and Pervasive Computing, MobiSPC 2014 - Niagara Falls, ON, Canada Duration: 17 Aug 2014 → 20 Aug 2014 |
Keywords
- Authentication
- Man-In-The-Middle attack
- Mobile signature
- Phishing
- Secure element
- Security protocol