1 / 22

NFC based Two-Pass Mobile Authentication

NFC based Two-Pass Mobile Authentication. Jagannadh Vempati (Jags). Agenda. Introduction Motivation Proposal Advantages Limitations Applications Queries. Introduction. Authentication is the cornerstone of information security. It is accepted that authentication uses one of these:.

yves
Download Presentation

NFC based Two-Pass Mobile Authentication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. NFC based Two-Pass Mobile Authentication Jagannadh Vempati (Jags)

  2. Agenda • Introduction • Motivation • Proposal • Advantages • Limitations • Applications • Queries

  3. Introduction • Authentication is the cornerstone of information security. • It is accepted that authentication uses one of these: • The user’s knowledge, such as password and PIN • User’s information, such as fingerprint • User’s behavior, like signature and voice • User’s possessions, such as smart card and token • Password based authentication is most widely used. • A one time password solves the problems of reusable passwords.

  4. The Basics… “Something you have” “Something you know”

  5. The regular PIN and PWD… Are they Secure?? • PINS or passwords are transparent. • They are not enough for a secure transaction. • Man in middle attack

  6. Solution

  7. Near Field Communication(NFC) • Near Field Communication (NFC) is a short-range wireless technology compatible with contactless smart cards (ISO/IEC 14443) and radio-frequency Identification(RFID) • NFC communicates on the 13.56 MHz frequency band at a distance of less than 4 cm • It uses magnetic induction between two loop antennas located within each other's near field, effectively forming an air-core transformer

  8. Motivation: • One-Time Password (OTP) is a secure authentication system that provides an additional layer of security for sensitive data and information  • Latest mobile devices come with NFC chips • Being a contactless technology that works with mere touch or a distance of less than an inch, makes it a lucrative solution for mobile authentication • Current authentication system use SMS as a medium to send one time password

  9. Traditional Man in Middle Attack EVE Attack Eves Dropping Communication BOB ALICE

  10. Gotham City is Safe!! EVE NFC Communication BOB ALICE

  11. Proposal

  12. Event Flow Chart

  13. Security Analysis Random Cipher-Text: • The encryption algorithm used has random cipher text, which provides a secure channel Time-Stamp: • The time stamp is used for the particular session. • It is impossible for the attacker to hack the encryption within the given time of 4-5 seconds One-Time Password: • True random 8 digit number generated by server • Lifespan is 10 seconds Coercion Attacks: • Coercion attacks can be avoided by having a different second PIN • Entering that PIN would be matched in the database and alert the security personnel

  14. Comparison of mobile authentication techniques [3]

  15. Advantages • Today’s technology is merging to mobile centric applications. This proposal will make the user mobile. • Security level is high due to the encoding system and two way authentication • High recognition speed, and low recognition error

  16. Limitations • The Mobile should be NFC enabled (feel sorry for IPhone Users  !! ) • The PIN should be entered within 5 sec for the authentication • If the PIN and mobile are stolen the account is vulnerable to be attacked

  17. Applications • ATM’s for money transactions • Health Care centers for Patient Identification • Secure bank lockers • Contact-less Payment

  18. Queries

  19. References Jagannadh Vempati, Garima Bajwa, and Dr. Ram Dantu, "NFC Based Two-Pass Mobile Authentication," In S. Angelos, and W. Charles (Eds.): Research in Attacks, Intrusions, and Defenses (RAID) 2013, Volume 8145 of Lecture Notes in Computer Science, pp. 467–470, 2013. Haselsteiner, E., Breitfuß, K.: Security in near field communication (nfc). In: Workshop on RFID Security RFIDSec. (2006) Mulliner, C.: Vulnerability analysis and attacks on nfc-enabled mobile phones. In: Availability, Reliability and Security, 2009. ARES’09. International Conference on, IEEE (2009) 695–700 Saeed, M.Q.: Improvements to nfc mobile transaction and authentication protocol. Cryptology ePrint Archive, Report 2013/035 (2013)

More Related