Abstract
The growing integration of mobile applications for user authentication has revolutionized user interactions with digital platforms, offering novel possibilities in user experience (UX). However, this paradigm shift poses significant security challenges. Leveraging smartphones for authentication purposes provides convenient and swift access to services, streamlining user interactions with various platforms through simple taps. Several institutions adopt static QR Codes generated from primary, unchanging user data (e.g., individual citizen national identification numbers) for physical authentication procedures like access turnstiles. However, relying on static data introduces critical security vulnerabilities as this data is susceptible to compromise. Implementing an One-Time Authentication Code (OTAC) approach appears promising in addressing these issues. Nevertheless, the absence of an integrated solution for developing a physical authentication process using OTAC leads to suboptimal API user experiences (UX APIs) and subsequent security vulnerabilities. In response to this challenge, we introduce Auth4App, a protocol set designed for identification and authentication using mobile applications. Auth4App comprises two core protocols: one dedicated to linking user credentials to mobile devices (i.e., identification), and the other for generating OTAC. We showcase the adaptability and practicality of Auth4App through three distinct case studies: a mobile-only scenario, integration of mobile devices with a turnstile, and integration of Auth4App with FIDO2. To ensure the robustness of the security protocols, Auth4App is evaluated using automated verification tools and argument proofs, solidifying the system’s reliability.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.