• DocumentCode
    172451
  • Title

    Loxin — A solution to password-less universal login

  • Author

    Bo Zhu ; Xinxin Fan ; Guang Gong

  • Author_Institution
    Dept. of Electr. & Comput. Eng., Univ. of Waterloo, Waterloo, ON, Canada
  • fYear
    2014
  • fDate
    April 27 2014-May 2 2014
  • Firstpage
    488
  • Lastpage
    493
  • Abstract
    As the easiest and cheapest way of authenticating an end user, password based authentication methods have been consistently chosen by almost every new cloud service. Unfortunately, the explosive growth of cloud services and web applications has made it impossible for users to manage dozens of passwords for accessing different cloud services. The situation is even worse considering the potential application of massively parallel computing devices such as GPU and ASIC for efficient password cracking. Hence, from a usability viewpoint, passwords may have reached the end of their useful life. Motivated by a number of recent industry initiatives for online authentication, we present Loxin, an innovative solution for password-less universal login. Loxin aims to improve on passwords with respect to both usability and security. Loxin takes advantages of push message services for mobile devices and enables users to access multiple cloud services by using pre-owned identities, such as email addresses, together with few taps on their mobile devices. In particular, the Loxin server cannot generate users´ login credentials, thereby eliminating the potential risk of server compromises. Loxin is resistant to the most common attacks on cloud services such as replay attacks and man-in-the-middle attacks. We also discuss possible extensions for protecting Loxin from vendor lock-in and single point of failure, in order to ensure Loxin to be an open and stable authentication system. The application of the proposed Loxin security framework to the recent MintChip Challenge demonstrates the power of Loxin for building a real-world password-less mobile payment solution.
  • Keywords
    authorisation; cloud computing; mobile computing; private key cryptography; public key cryptography; ASIC; GPU; Loxin security framework; Loxin server; MintChip Challenge; cloud services; man-in-the-middle attacks; mobile devices; online authentication; open stable authentication system; parallel computing devices; password cracking; password-less universal login; push message services; real-world password-less mobile payment solution; replay attacks; usability viewpoint; vendor lock-in; web applications; Authentication; Computers; Electronic mail; Public key; Servers; Smart phones;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Communications Workshops (INFOCOM WKSHPS), 2014 IEEE Conference on
  • Conference_Location
    Toronto, ON
  • Type

    conf

  • DOI
    10.1109/INFCOMW.2014.6849280
  • Filename
    6849280