International Journal of Network Security & Its Applications (IJNSA) - ERA, WJCI Indexed

International Journal of Network Security & Its Applications (IJNSA) - ERA, WJCI Indexed

ISSN: 0974 - 9330 (Online); 0975 - 2307 (Print)

Webpage URL: https://airccse.org/journal/ijnsa.html

A Bastion Mobile ID-Based Authentication Technique (BMBAT)

Abdelmunem Abuhasan and Adwan Yasin, Arab American University, Palestine

Abstract

Despite their proven security breaches, text passwords have been dominating all other methods of human authentication over the web for tens of years, however, the frequent successful attacks that exploit the passwords vulnerable model raises the need to enhance web authentication security. This paper proposes BMBAT; a new authentication technique to replace passwords, that leverages the pervasive user mobile devices, QR codes and the strength of symmetric and asymmetric cryptography. In BMBAT, the user’s mobile device acts as a user identity prover and a verifier for the server; it employs a challenge-response model with a dual mode of encryption using AES and RSA keys to mutually authenticate the client to the server and vice-versa. BMBAT combats a set of attack vectors including phishing attacks, man in the middle attacks, eavesdropping and session hijacking. A prototype of BMBAT has been developed and evaluated; the evaluation results show that BMBAT is a feasible and competitive alternative to passwords.

Keywords

Web Authentication, Mobile Authentication, phishing, User Identity, Password

Original Source URL: https://aircconline.com/ijnsa/V8N6/8616ijnsa03.pdf

Volume URL: https://airccse.org/journal/jnsa16_current.html