Abstract
Traditional authentication methods (e.g., password, PIN) often do not scale well to the context of mobile devices in terms of security and usability. However, the adoption of Near Field Communication (NFC) on a broad range of smartphones enables the use of NFC-enabled tokens as an additional authentication factor. This additional factor can help to improve the security, as well as usability of mobile apps. In this paper, we evaluate the use of different types of existing NFC tags as tokens for establishing authenticated secure sessions between smartphone apps and web services. Based on this evaluation, we present two concepts for a user-friendly secure authentication mechanism for mobile apps, the Protecting Touch (PT) architectures. These two architectures are designed to be implemented with either end of the spectrum of inexpensive and widely-available NFC tags while maintaining a reasonable trade-off between security, availability and cost.
Highlights
One of the most wide-spread security mechanisms to authenticate users against online services are username and password combinations
The data for PT1 are packed into an NFC Data Exchange Format (NDEF) message that can be stored on any Near Field Communication (NFC) tag
Based on the requirements of an exemplary mobile banking app, we created the Protecting Touch (PT) architectures, two concepts for a user-friendly secure authentication mechanism for mobile apps and their backend systems based on NFC tags
Summary
One of the most wide-spread security mechanisms to authenticate users against online services are username and password combinations. The malware on a smartphone could both eavesdrop on keystrokes to record passwords, as well as intercept received SMS messages to get hold of one-time passwords transmitted over the secondary channel (see Konoth et al [4]) This suggests that different methods are needed to implement two-factor authentication for services targeting mobile devices. An NFC tag could be used as the storage for the secret key material that is used for authentication and to secure communication between mobile apps and their online backend services. In order to remain with the previously-mentioned example of online banking, we focus our considerations on an exemplary mobile banking app This app, targeting smartphones and tablets, gives users access to their bank account. Two concepts for a user-friendly secure authentication mechanism for mobile apps based on NFC tags, the Protecting Touch (PT) architectures, are outlined. We focus on the requirements of our exemplary mobile banking app, but these concepts could be applied to other app-to-backend communication use-cases with similar security requirements, as well
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.