The Experts below are selected from a list of 7896 Experts worldwide ranked by ideXlab platform
Ivar Jørstad - One of the best experts on this subject based on the ideXlab platform.
-
Strong Authentication for web services with mobile universal identity
Lecture Notes in Computer Science, 2015Co-Authors: Do Van Thanhe, Ivar Jørstad, Do Van ThuanAbstract:To access services on the Web, users need quite often to have accounts, i.e. user names and passwords. This becomes a problem when the number of accounts keeps increasing at the same time password is a very weak form of Authentication exposing the users to fraud and abuses. To address both mentioned issues we propose a Mobile Universal identity, which by combining Internet identifiers with mobile identifiers is capable of delivering Strong Authentication for Internet services. By introducing an identity provider, the solution enables the user to employ the Mobile Universal identity for multiple service providers. By federation with other identities, Mobile Universal identity can be used with service providers worldwide.
-
MobiWIS - Strong Authentication for Web services with Mobile Universal Identity
Mobile Web and Intelligent Information Systems, 2015Co-Authors: Van Thanhe, Ivar Jørstad, Van ThuanAbstract:To access services on the Web, users need quite often to have accounts, i.e. user names and passwords. This becomes a problem when the number of accounts keeps increasing at the same time password is a very weak form of Authentication exposing the users to fraud and abuses. To address both mentioned issues we propose a Mobile Universal identity, which by combining Internet identifiers with mobile identifiers is capable of delivering Strong Authentication for Internet services. By introducing an identity provider, the solution enables the user to employ the Mobile Universal identity for multiple service providers. By federation with other identities, Mobile Universal identity can be used with service providers worldwide.
-
MASS - Strong Authentication with mobile phone as security token
2009 IEEE 6th International Conference on Mobile Adhoc and Sensor Systems, 2009Co-Authors: Van Thanh, Tore Jonvik, Ivar Jørstad, Van ThuanAbstract:The protection of digital identities is getting more and more crucial. The usage of passwords for Authentication is no longer sufficient and Stronger Authentication schemes are necessary. Strong Authentication solutions using two identification factors require often an additional device, which could be inconvenient for the user and costly for the service providers. To avoid the usage of additional device, the mobile phone is adopted as security token. This paper provides a study of the various ways the mobile phone can be used as an Authentication token towards service providers on the Internet. It starts with discussing the need for a Strong Authentication scheme, and the motivation for using the mobile phone to improve on several aspects of the current Authentication processes. Thereafter, the general architecture for Authentication with mobile phones is presented. Several different Authentication solutions using the mobile phone as Authentication token are then described, where the solutions vary in complexity, strength and user-friendliness. The paper ends with an evaluation of the different solutions, and a discussion of the most probable attacks. A classification of the solutions is also provided, according to defined criteria.
-
GLOBECOM - Simple Strong Authentication for Internet Applications Using Mobile Phones
IEEE GLOBECOM 2008 - 2008 IEEE Global Telecommunications Conference, 2008Co-Authors: D. Van Thanh, Do van Thuan, Tore Jonvik, Boning Feng, Ivar JørstadAbstract:This paper describes thoroughly an Authentication solution that is adequately Strong, user-friendly and cost efficient. The idea is to use the mobile phone and its SIM (subscriber identity module) as an Authentication token in the Authentication of the user for all Internet applications. The proposed solution is generic and offers Authentication for any Internet applications on any devices connected to any networks. It is combining several standard Strong Authentication schemes like ISIM, generic bootstrapping architecture (GBA) with the innovative SIM Strong Authentication mechanisms.
-
Simple Strong Authentication for Internet Applications Using Mobile Phones
IEEE GLOBECOM 2008 - 2008 IEEE Global Telecommunications Conference, 2008Co-Authors: D. Van Thanh, Do van Thuan, Tore Jonvik, Boning Feng, Ivar JørstadAbstract:This paper describes thoroughly an Authentication solution that is adequately Strong, user-friendly and cost efficient. The idea is to use the mobile phone and its SIM (subscriber identity module) as an Authentication token in the Authentication of the user for all Internet applications. The proposed solution is generic and offers Authentication for any Internet applications on any devices connected to any networks. It is combining several standard Strong Authentication schemes like ISIM, generic bootstrapping architecture (GBA) with the innovative SIM Strong Authentication mechanisms.
Do Van Thuan - One of the best experts on this subject based on the ideXlab platform.
-
Strong Authentication for web services with mobile universal identity
Lecture Notes in Computer Science, 2015Co-Authors: Do Van Thanhe, Ivar Jørstad, Do Van ThuanAbstract:To access services on the Web, users need quite often to have accounts, i.e. user names and passwords. This becomes a problem when the number of accounts keeps increasing at the same time password is a very weak form of Authentication exposing the users to fraud and abuses. To address both mentioned issues we propose a Mobile Universal identity, which by combining Internet identifiers with mobile identifiers is capable of delivering Strong Authentication for Internet services. By introducing an identity provider, the solution enables the user to employ the Mobile Universal identity for multiple service providers. By federation with other identities, Mobile Universal identity can be used with service providers worldwide.
-
Strong Authentication with mobile phone as security token
2009 IEEE 6th International Conference on Mobile Adhoc and Sensor Systems MASS '09, 2009Co-Authors: Do Van Thanh, Ivar J??rstad, Tore J??nvik, Do Van ThuanAbstract:The protection of digital identities is getting more and more crucial. The usage of passwords for Authentication is no longer sufficient and Stronger Authentication schemes are necessary. Strong Authentication solutions using two identification factors require often an additional device, which could be inconvenient for the user and costly for the service providers. To avoid the usage of additional device, the mobile phone is adopted as security token. This paper provides a study of the various ways the mobile phone can be used as an Authentication token towards service providers on the Internet. It starts with discussing the need for a Strong Authentication scheme, and the motivation for using the mobile phone to improve on several aspects of the current Authentication processes. Thereafter, the general architecture for Authentication with mobile phones is presented. Several different Authentication solutions using the mobile phone as Authentication token are then described, where the solutions vary in complexity, strength and user-friendliness. The paper ends with an evaluation of the different solutions, and a discussion of the most probable attacks. A classification of the solutions is also provided, according to defined criteria.
Do Van Thanh - One of the best experts on this subject based on the ideXlab platform.
-
Strong Authentication using dual SIM
Intelligence in Next Generation Networks, 2009. ICIN 2009. 13th International Conference on, 2009Co-Authors: Do van Thuan, T Jnvik, I Jrstad, Feng Boning, Do Van ThanhAbstract:Access to Internet services and home services demand proper Authentication due to the increase of threats in the Internet. Passwords are not sufficiently Strong while Stronger Authentication schemes are quite often expensive and complicated. This paper proposes a Strong Authentication scheme called Dual SIM Authentication which makes use of two identical (u)SIMs in the Authentication of the user upon access to services provided by a service provider or by himself from his home computer network. One SIM card located on the service side is used in the generation of Authentication data while the other one located on the user side is participating to the Authentication.
-
A Generic Authentication System based on SIM
International Conference on Internet Surveillance and Protection ICISP06, 2006Co-Authors: Audun Wangensteen, Lunde Lunde, Ivar Jørstad, Do Van ThanhAbstract:Today the Internet is mostly used for services that require low or none security. The commercial and governmental applications have started to emerge but met problems since they require Strong Authentication, which is both difficult and costly to realize. The SIM card used in mobile phones is a tamper resistant device that contains Strong Authentication mechanisms, and if Internet services could use the Strong Authentications of the SIM card it would be very convenient and cost-efficient. This paper presents an analysis and a design of a generic Authentication system based on SIM. The proposed system supports different types of Authentication methods to target the various security requirements of the services; OTP Authentication, GSM/UMTS Authentication, and PIG Authentication. Another feature of the proposed system is that it can easily be extended as the Authentication mechanism used in a single sign-on system
-
NETp1-09: Enhancing Internet Service Security Using GSM SIM Authentication
IEEE Global Telecommunications Conference, 2006. GLOBECOM '06, 2006Co-Authors: Do Van Thanh, Do van Thuan, Tore Jonvik, Ivar JørstadAbstract:This paper describes thoroughly a service called SIM Strong Authentication which is aiming to provide Strong and user-friendly Authentication to the Internet Web services. The idea is to extend the usage of the current SIM Authentication used in GSM to Internet Web services. The idea of making the mobile phone and its SIM card a universal Authentication token is compelling since the mobile phone is definitely the most used device nowadays and the GSM network is currently the largest mobile network and is ubiquitous in much of the world. This service is available anywhere and can support any Internet services. It is ideal for services like Internet Banking, eAdministration or enterprise internal Web pages. The SIM Strong Authentication service is both user-friendly and cost efficient, with a low deployment threshold.
Hoon-jae Lee - One of the best experts on this subject based on the ideXlab platform.
-
A Strong Authentication Scheme with User Privacy for Wireless Sensor Networks
ETRI Journal, 2013Co-Authors: Pardeep Kumar, Andrei Gurtov, Mika Ylianttila, Sanggon Lee, Hoon-jae LeeAbstract:Wireless sensor networks (WSNs) are used for many real-time applications. User Authentication is an important security service for WSNs to ensure only legitimate users can access the sensor data within the network. In 2012, Yoo and others proposed a security-performance-balanced user Authentication scheme for WSNs, which is an enhancement of existing schemes. In this paper, we show that Yoo and others' scheme has security flaws, and it is not efficient for real WSNs. In addition, this paper proposes a new Strong Authentication scheme with user privacy for WSNs. The proposed scheme not only achieves end-party mutual Authentication (that is, between the user and the sensor node) but also establishes a dynamic session key. The proposed scheme preserves the security features of Yoo and others' scheme and other existing schemes and provides more practical security services. Additionally, the efficiency of the proposed scheme is more appropriate for real-world WSNs applications.
-
e sap efficient Strong Authentication protocol for healthcare applications using wireless medical sensor networks
Sensors, 2012Co-Authors: Pardeep Kumar, Sanggon Lee, Hoon-jae LeeAbstract:A wireless medical sensor network (WMSN) can sense humans’ physiological signs without sacrificing patient comfort and transmit patient vital signs to health professionals’ hand-held devices. The patient physiological data are highly sensitive and WMSNs are extremely vulnerable to many attacks. Therefore, it must be ensured that patients’ medical signs are not exposed to unauthorized users. Consequently, Strong user Authentication is the main concern for the success and large scale deployment of WMSNs. In this regard, this paper presents an efficient, Strong Authentication protocol, named E-SAP, for healthcare application using WMSNs. The proposed E-SAP includes: (1) a two-factor (i.e., password and smartcard) professional Authentication; (2) mutual Authentication between the professional and the medical sensor; (3) symmetric encryption/decryption for providing message confidentiality; (4) establishment of a secure session key at the end of Authentication; and (5) professionals can change their password. Further, the proposed protocol requires three message exchanges between the professional, medical sensor node and gateway node, and achieves efficiency (i.e., low computation and communication cost). Through the formal analysis, security analysis and performance analysis, we demonstrate that E-SAP is more secure against many practical attacks, and allows a tradeoff between the security and the performance cost for healthcare application using WMSNs.
Arturo Ribagorda - One of the best experts on this subject based on the ideXlab platform.
-
a Strong Authentication protocol based on portable one time dynamic urls
Web Intelligence, 2010Co-Authors: E Galan, Julio C Hernandezcastro, Almudena Alcaide, Arturo RibagordaAbstract:This work proposes a new Strong Authentication protocol for the prevention of identity and private personal data theft suffered by users in the Internet. Identity theft is a problem of rising impact amongst Internet users and service providers and it occurs, very frequently, through techniques like phishing. The main reason for the high rates of success is user unexperience and their inability to pay attention to the details that allow them to tell a legitimate site from its fake version. In this paper we present a new Strong 3–phaseAuthentication protocol which makes use of Portable One–TimeDynamic URLs for the prevention of identity theft over the Internet. Moreover, a prototype of such a scheme has been implemented to measure the usability and scalability of the proposal.
-
Web Intelligence - A Strong Authentication Protocol Based on Portable One-Time Dynamic URLs
2010 IEEE WIC ACM International Conference on Web Intelligence and Intelligent Agent Technology, 2010Co-Authors: E Galan, Almudena Alcaide, Julio C. Hernandez-castro, Arturo RibagordaAbstract:This work proposes a new Strong Authentication protocol for the prevention of identity and private personal data theft suffered by users in the Internet. Identity theft is a problem of rising impact amongst Internet users and service providers and it occurs, very frequently, through techniques like phishing. The main reason for the high rates of success is user unexperience and their inability to pay attention to the details that allow them to tell a legitimate site from its fake version. In this paper we present a new Strong 3–phaseAuthentication protocol which makes use of Portable One–TimeDynamic URLs for the prevention of identity theft over the Internet. Moreover, a prototype of such a scheme has been implemented to measure the usability and scalability of the proposal.
