Abstract
The implementation of services that process confidential data in a mobile environment requires an adequate level of security with the strictest possible mechanisms of information protection. The dominance of mobile devices as client applications of distributed systems has led to the development of new techniques that combine traditional methods of protection with protocols leveraging the potential of numerous interfaces available from a smartphone. For this reason, an upward trend in the use of biometrics-based methods and dynamically generated OTP secrets can be observed. Mobile devices are increasingly used in complex business processes that require strong user authentication methods, which, according to the European Commission (Regulation), must use at least two authentication factors belonging to different categories. Therefore, on the basis of the analysis of the solutions presented so far, a distributed protocol has been proposed. It enables user authentication using three authentication factors: possession, knowledge, and inherence. The described authentication scheme refers to the possibility of carrying out the process in the mobile environment of the Android platform with guaranteed authentication support.
Highlights
One of the mechanisms of increasing the level of security of authorized access to resources relies on the use of multifactor authentication processes
Similar requirements are presented in NIST publications [2], [3]; ‘‘Electronic Authentication Guideline’’ [2] and ‘‘Digital Identity Guidelines’’ [3] describe a high security level of authentication process based on two authenticators
The aim of the present research was to analyze the possible implementations of multifactor authentication and choose the best authentication factor from each category to use in a mobile environment
Summary
One of the mechanisms of increasing the level of security of authorized access to resources relies on the use of multifactor authentication processes. According to the Commission Implementing Regulation (EU) 2015/1502 [1], a strong authentication process involves the use of at least two authentication factors belonging to different categories This criterion indicates that strong authentication systems can use any combination of factors: {knowledge, inherence}, {knowledge, possession}, {possession, inherence}, or all them {knowledge, possession, inherence}. Similar requirements are presented in NIST publications [2], [3]; ‘‘Electronic Authentication Guideline’’ [2] and ‘‘Digital Identity Guidelines’’ [3] describe a high security level of authentication process based on two authenticators (authentication factors). All of these documents indicate a relationship between the security level and the number of authentication factors used.
Published Version (Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have