Mobile authentication secure against man-in-the-middle attacks


Bicakci K., Unal D., Ascioglu N., Adalier O.

2nd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering, MobileCloud 2014, Oxford, Birleşik Krallık, 7 - 10 Nisan 2014, ss.273-276 identifier

  • Yayın Türü: Bildiri / Tam Metin Bildiri
  • Doi Numarası: 10.1109/mobilecloud.2014.43
  • Basıldığı Şehir: Oxford
  • Basıldığı Ülke: Birleşik Krallık
  • Sayfa Sayıları: ss.273-276
  • Anahtar Kelimeler: Authentication, Man-In-The-Middle attack, Mobile signature, Phishing, Secure element, Security protocol
  • İstanbul Teknik Üniversitesi Adresli: Hayır

Özet

Current mobile authentication solutions puts a cognitive burden on users to detect and avoid Man-In-The-Middle attacks. In this paper, we present a mobile authentication protocol named Mobile-ID which prevents Man-In-The-Middle attacks without relying on a human in the loop. With Mobile-ID, the message signed by the secure element on the mobile device incorporates the context information of the connected service provider. Hence, upon receiving the signed message the Mobile-ID server could easily identify the existence of an on-going attack and notify the genuine service provider. © 2014 IEEE.