Open Access
Subscription Access
Using a PTD to Strengthen Remote Authentication from an Untrusted Computer
Abstract
Unsecured public terminals are problematic for use with Internet services that require security, especially those used by financial institutions. Malicious software and phishing attacks on unsecured computers can extract user credentials or other personal sensitive information and can be used for unauthorized access of user accounts. Although many systems utilize sophisticated one-time passwords or challenge-response techniques to counter these attacks, most proposed schemes are vulnerable to session hijacking. To address this problem, we propose a novel authentication protocol for remote authentication using personal trusted device (PTD) with fingerprint biometrics to protect shared secrets between users and servers. Moreover, our approach allows users to input sensitive information from a personal, trusted device to prevent malicious software attacks; and we facilitate a transaction phase to prevent session hijacking. We also use hashing functions to implement a robust authentication with a low computational cost.
Keywords
Security; Mobile device; Authentication; Attack; Transaction
Citation Format:
Chin-Ling Chen, Cheng-Chi Lee, Neng-Chung Wang, Chao-Yung Hsu, "Using a PTD to Strengthen Remote Authentication from an Untrusted Computer," Journal of Internet Technology, vol. 13, no. 5 , pp. 725-736, Sep. 2012.
Chin-Ling Chen, Cheng-Chi Lee, Neng-Chung Wang, Chao-Yung Hsu, "Using a PTD to Strengthen Remote Authentication from an Untrusted Computer," Journal of Internet Technology, vol. 13, no. 5 , pp. 725-736, Sep. 2012.
Refbacks
- There are currently no refbacks.
Published by Executive Committee, Taiwan Academic Network, Ministry of Education, Taipei, Taiwan, R.O.C
JIT Editorial Office, Office of Library and Information Services, National Dong Hwa University
No. 1, Sec. 2, Da Hsueh Rd., Shoufeng, Hualien 974301, Taiwan, R.O.C.
Tel: +886-3-931-7314 E-mail: jit.editorial@gmail.com