Smartphone-based authentication: apps

1,950 views
1,794 views

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,950
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
24
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Smartphone-based authentication: apps

  1. 1. 1 Smartphone-based authentication: apps WisCy workshop 2011
  2. 2. 2 Overview • Introduction • Motivation • Approach 1: IDM architecture • Approach 2: Idemix • Comparison • Demos
  3. 3. 3 Introduction Service Identity User provider provider • Wants ubiquitous • Google, Facebook,… • Provide reliable access to Web • Offers a service (partial) user info services • Wants to obtain • Authenticated • Concerned about reliable user info provisioning security & privacy • Personalised services
  4. 4. 4 Introduction Service Identity User provider provider • Wants ubiquitous • Google, Facebook,… • Provide reliable access to Web • Offers a service (partial) user info services Example: Shibboleth IDP • Wants to obtain • Authenticated • Concerned about reliable user info provisioning security & privacy • Personalised services
  5. 5. 5 Motivation: Web authentication Passwords • Weak security • Theft by malware • Human memory limitations • No attribute provisioning
  6. 6. 6 Motivation: Web authentication (2) Smartcards • Suitable hardware required • Proliferation vs. Usability • Trust in workstation (PIN)
  7. 7. 7 Motivation: Web authentication (3) Security tokens • Hardware cost • Software tokens prone to malware • Proliferation vs. usability • No selective attribute disclosure
  8. 8. 8 Motivation: Web authentication (4) 2-factor SMS authentication • Password/token mgmt • 2G GSM security questionable • Part of credentials still malware-prone
  9. 9. 9 Motivation: Web authentication (5) Federated Identity Management (FIM) • Limited user control • Identity provider can profile users • One identity provider per user • User impersonation • Password/token mgmt
  10. 10. 10 Motivation: recent trends More mobility & Smartphones Mobile Internet more computers omnipresent penetration
  11. 11. 11 2 approaches, 2 apps IDM architec- ture Secure µSD Secure µSD Approach Approach Android Android 1 2
  12. 12. 12 Approach 1 Service User Trusted module Workstation provider 1. Get resource 2. Request access to resource 3. Auth challenge (QR) 4. Auth challenge (Scan QR) 5. Ask for consent 6. Review & give consent alt [consent given] 7. Resolve query 8. Mutually authenticate (out-of-band) 9. Confirm authentication [else] 8. Abort
  13. 13. 13 Approach 2 Service User Smartphone Workstation provider 1. Get resource 2. Request access to resource 3. Auth challenge (QR) 4. Auth challenge (Scan QR) 5. Show available policies 6. Select policy 7. Generate proof alt [policy specifies HTTP channel] 8. Send proof (out-of-band) [policy specifies QR channel] 8. Transfer proof (Scan QR) 9. Send proof
  14. 14. 14 Comparison Idemix IDM architecture Technology Idemix JavaCard Response Zero-knowledge proofs Queries Revocation By verifier By card check Master secrets • 1 per user • 1 per user • 1 per group
  15. 15. 15 Advantages / drawbacks Idemix IDM architecturePlatform portability Less More (no adjustments in µSD)Flexibility Highly flexible zero- Less flexible queries knowledge proofsAttribute provisioning At time of issuance At time of issuance + realtimePerformance on same Slower Fasterplatform Computational Expensive Lightweight Revocation cost Realtime? Yes Small vulnerability intervalTrust in phone More Less (mostly in µSD)
  16. 16. 16 Extensions IDM architecture Idemix • Automate decisions • Master secret on (policies) secure µSD
  17. 17. 17 Extensions (2) • Trusted environment on phone • Standards interoperability • Integration in advanced Web apps • Other short-range protocols (NFC, Bluetooth,…) • Registration, backup and revocation strategies
  18. 18. 18 Demo
  19. 19. 19 Questions?

×