Combined Web/mobile authentication for secure Web access control

Author

Al-Qayedi, Ali ; Adi, Wael ; Zahro, Ahmed ; Mabrouk, Ali

Author_Institution

Etisalat Coll. of Eng., United Arab Emirates

Volume

2

fYear

2004

fDate

21-25 March 2004

Firstpage

677

Abstract

Previous Web access authentication systems have used either the Web or the mobile channel individually to confirm the claimed identity of the remote user. Both approaches proved to be insecure when used in isolation. An investigation is presented into the enhanced security of a new combined Web/mobile authentication system. The hybrid system enables a strong authentication by augmenting the traditional Web-based username/password approach with a mobile-based challenge/response authentication. Experiments show that the combined system is relatively immune to eavesdropping attacks and provides a trade-off between security and usability of the remote authentication system. The system is promising for current as well as for future 3G mobile and pervasive computing environments [A. Al-Qayedi et al., 2003].

Keywords

Internet; message authentication; mobile communication; telecommunication channels; telecommunication control; telecommunication security; Web access control; Web-based username-password approach; Web-mobile authentication system; eavesdropping attacks; mobile channel; mobile security; mobile-based challenge-response authentication; remote authentication system; Access control; Authentication; Communication channels; Communication system security; Educational institutions; Internet; Mobile computing; Protocols; Usability; World Wide Web;

fLanguage

English

Publisher

ieee

Conference_Titel

Wireless Communications and Networking Conference, 2004. WCNC. 2004 IEEE

ISSN

1525-3511

Print_ISBN

0-7803-8344-3

Type

conf

DOI

10.1109/WCNC.2004.1311267

Filename

1311267