Mobile Authentication Secure Against Man-In-The-Middle Attacks

Bicakci K., Unal D., Ascioglu N., Adalier O.

11th International Conference on Mobile Systems and Pervasive Computing (MobiSPC), Niagara Falls, Canada, 17 - 20 August 2014, vol.34, pp.323-329 identifier identifier

  • Publication Type: Conference Paper / Full Text
  • Volume: 34
  • Doi Number: 10.1016/j.procs.2014.07.031
  • City: Niagara Falls
  • Country: Canada
  • Page Numbers: pp.323-329
  • Keywords: authentication, phishing, Man-In-The-Middle attack, secure element, mobile signature, security protocol
  • Istanbul Technical University Affiliated: No

Abstract

Current mobile authentication solutions put a cognitive burden on users to detect and avoid Man-In-The-Middle attacks. In this paper, we present a mobile authentication protocol named Mobile-ID which prevents Man-In-The-Middle attacks without relying on a human in the loop. With Mobile-ID, the message signed by the secure element on the mobile device incorporates the context information of the connected service provider. Hence, upon receiving the signed message the Mobile-ID server could easily identify the existence of an on-going attack and notify the genuine service provider. (c) 2014 The Authors. Published by Elsevier B.V.