Title :
Combined Web/mobile authentication for secure Web access control
Author :
Al-Qayedi, Ali ; Adi, Wael ; Zahro, Ahmed ; Mabrouk, Ali
Author_Institution :
Etisalat Coll. of Eng., United Arab Emirates
Abstract :
Previous Web access authentication systems have used either the Web or the mobile channel individually to confirm the claimed identity of the remote user. Both approaches proved to be insecure when used in isolation. An investigation is presented into the enhanced security of a new combined Web/mobile authentication system. The hybrid system enables a strong authentication by augmenting the traditional Web-based username/password approach with a mobile-based challenge/response authentication. Experiments show that the combined system is relatively immune to eavesdropping attacks and provides a trade-off between security and usability of the remote authentication system. The system is promising for current as well as for future 3G mobile and pervasive computing environments [A. Al-Qayedi et al., 2003].
Keywords :
Internet; message authentication; mobile communication; telecommunication channels; telecommunication control; telecommunication security; Web access control; Web-based username-password approach; Web-mobile authentication system; eavesdropping attacks; mobile channel; mobile security; mobile-based challenge-response authentication; remote authentication system; Access control; Authentication; Communication channels; Communication system security; Educational institutions; Internet; Mobile computing; Protocols; Usability; World Wide Web;
Conference_Titel :
Wireless Communications and Networking Conference, 2004. WCNC. 2004 IEEE
Print_ISBN :
0-7803-8344-3
DOI :
10.1109/WCNC.2004.1311267
