DocumentCode
172451
Title
Loxin — A solution to password-less universal login
Author
Bo Zhu ; Xinxin Fan ; Guang Gong
Author_Institution
Dept. of Electr. & Comput. Eng., Univ. of Waterloo, Waterloo, ON, Canada
fYear
2014
fDate
April 27 2014-May 2 2014
Firstpage
488
Lastpage
493
Abstract
As the easiest and cheapest way of authenticating an end user, password based authentication methods have been consistently chosen by almost every new cloud service. Unfortunately, the explosive growth of cloud services and web applications has made it impossible for users to manage dozens of passwords for accessing different cloud services. The situation is even worse considering the potential application of massively parallel computing devices such as GPU and ASIC for efficient password cracking. Hence, from a usability viewpoint, passwords may have reached the end of their useful life. Motivated by a number of recent industry initiatives for online authentication, we present Loxin, an innovative solution for password-less universal login. Loxin aims to improve on passwords with respect to both usability and security. Loxin takes advantages of push message services for mobile devices and enables users to access multiple cloud services by using pre-owned identities, such as email addresses, together with few taps on their mobile devices. In particular, the Loxin server cannot generate users´ login credentials, thereby eliminating the potential risk of server compromises. Loxin is resistant to the most common attacks on cloud services such as replay attacks and man-in-the-middle attacks. We also discuss possible extensions for protecting Loxin from vendor lock-in and single point of failure, in order to ensure Loxin to be an open and stable authentication system. The application of the proposed Loxin security framework to the recent MintChip Challenge demonstrates the power of Loxin for building a real-world password-less mobile payment solution.
Keywords
authorisation; cloud computing; mobile computing; private key cryptography; public key cryptography; ASIC; GPU; Loxin security framework; Loxin server; MintChip Challenge; cloud services; man-in-the-middle attacks; mobile devices; online authentication; open stable authentication system; parallel computing devices; password cracking; password-less universal login; push message services; real-world password-less mobile payment solution; replay attacks; usability viewpoint; vendor lock-in; web applications; Authentication; Computers; Electronic mail; Public key; Servers; Smart phones;
fLanguage
English
Publisher
ieee
Conference_Titel
Computer Communications Workshops (INFOCOM WKSHPS), 2014 IEEE Conference on
Conference_Location
Toronto, ON
Type
conf
DOI
10.1109/INFCOMW.2014.6849280
Filename
6849280
Link To Document