A new secure authentication scheme for web login using BLE smart devices

Gaurav Varshney; Manoj Misra; Pradeep Atrey

doi:10.1109/ICASID.2017.8285751

A new secure authentication scheme for web login using BLE smart devices

Gaurav Varshney
, Manoj Misra
, Pradeep Atrey

Computer Science

University at Albany

Indian Institute of Technology Roorkee

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

5 Scopus citations

Abstract

Existing user authentication schemes used for login to a website are incapable of handling recent phishing attacks such as real time (RT) / control relay (CR) man in the middle (MITM) attack and attacks launched via covertly installed malicious browser extensions (MEs). Two factor authentication schemes such as Google 2 Step verification, SAASPASS, QR code, graphical password and push notification based login schemes can be compromised using RT / CR MITM phishing attacks. Hardware token based schemes are safe but the extra cost of the hardware token makes them unattractive to users. Therefore, there is a need to develop new authentication schemes which are hard for an attacker to compromise but easy for users to understand and utilize. This paper analyzes existing authentication schemes to identify the research gaps and then proposes a secure authentication scheme which uses Bluetooth Low Energy (BLE, BT 4.0+ version) devices for user identification and which can handle RT/CR MITM phishing attacks, attacks launched via malicious browser extensions and app spoofing via attackers. The proposed scheme is location/client system independent and is secure from Bluetooth address spoofing attacks.

Original language	English
Title of host publication	Proceedings of 2017 11th IEEE International Conference on Anti-Counterfeiting, Security, and Identification, ASID 2017
Editors	Jianyang Zhou, Donghui Guo, Jiyang Dong
Publisher	IEEE Computer Society
Pages	95-98
Number of pages	4
ISBN (Electronic)	9781538605325
DOIs	https://doi.org/10.1109/ICASID.2017.8285751
State	Published - Jul 2 2017
Event	11th IEEE International Conference on Anti-Counterfeiting, Security, and Identification, ASID 2017 - Xiamen, China Duration: Oct 27 2017 → Oct 29 2017

Publication series

Name	Proceedings of the International Conference on Anti-Counterfeiting, Security and Identification, ASID
Volume	2017-October

Conference

Conference	11th IEEE International Conference on Anti-Counterfeiting, Security, and Identification, ASID 2017
Country/Territory	China
City	Xiamen
Period	10/27/17 → 10/29/17

Keywords

Authentication
BLE
Bluetooth
Login
Malicious browser extension
Phishing

Access to Document

10.1109/ICASID.2017.8285751

Cite this

Varshney, G., Misra, M., & Atrey, P. (2017). A new secure authentication scheme for web login using BLE smart devices. In J. Zhou, D. Guo, & J. Dong (Eds.), Proceedings of 2017 11th IEEE International Conference on Anti-Counterfeiting, Security, and Identification, ASID 2017 (pp. 95-98). (Proceedings of the International Conference on Anti-Counterfeiting, Security and Identification, ASID; Vol. 2017-October). IEEE Computer Society. https://doi.org/10.1109/ICASID.2017.8285751

Varshney, Gaurav ; Misra, Manoj ; Atrey, Pradeep. / A new secure authentication scheme for web login using BLE smart devices. Proceedings of 2017 11th IEEE International Conference on Anti-Counterfeiting, Security, and Identification, ASID 2017. editor / Jianyang Zhou ; Donghui Guo ; Jiyang Dong. IEEE Computer Society, 2017. pp. 95-98 (Proceedings of the International Conference on Anti-Counterfeiting, Security and Identification, ASID).

@inproceedings{2b10e417f3ed47a6a62ebe248cc13c0d,

title = "A new secure authentication scheme for web login using BLE smart devices",

abstract = "Existing user authentication schemes used for login to a website are incapable of handling recent phishing attacks such as real time (RT) / control relay (CR) man in the middle (MITM) attack and attacks launched via covertly installed malicious browser extensions (MEs). Two factor authentication schemes such as Google 2 Step verification, SAASPASS, QR code, graphical password and push notification based login schemes can be compromised using RT / CR MITM phishing attacks. Hardware token based schemes are safe but the extra cost of the hardware token makes them unattractive to users. Therefore, there is a need to develop new authentication schemes which are hard for an attacker to compromise but easy for users to understand and utilize. This paper analyzes existing authentication schemes to identify the research gaps and then proposes a secure authentication scheme which uses Bluetooth Low Energy (BLE, BT 4.0+ version) devices for user identification and which can handle RT/CR MITM phishing attacks, attacks launched via malicious browser extensions and app spoofing via attackers. The proposed scheme is location/client system independent and is secure from Bluetooth address spoofing attacks.",

keywords = "Authentication, BLE, Bluetooth, Login, Malicious browser extension, Phishing",

author = "Gaurav Varshney and Manoj Misra and Pradeep Atrey",

note = "Publisher Copyright: {\textcopyright} 2017 IEEE.; 11th IEEE International Conference on Anti-Counterfeiting, Security, and Identification, ASID 2017 ; Conference date: 27-10-2017 Through 29-10-2017",

year = "2017",

month = jul,

day = "2",

doi = "10.1109/ICASID.2017.8285751",

language = "English",

series = "Proceedings of the International Conference on Anti-Counterfeiting, Security and Identification, ASID",

publisher = "IEEE Computer Society",

pages = "95--98",

editor = "Jianyang Zhou and Donghui Guo and Jiyang Dong",

booktitle = "Proceedings of 2017 11th IEEE International Conference on Anti-Counterfeiting, Security, and Identification, ASID 2017",

}

Varshney, G, Misra, M & Atrey, P 2017, A new secure authentication scheme for web login using BLE smart devices. in J Zhou, D Guo & J Dong (eds), Proceedings of 2017 11th IEEE International Conference on Anti-Counterfeiting, Security, and Identification, ASID 2017. Proceedings of the International Conference on Anti-Counterfeiting, Security and Identification, ASID, vol. 2017-October, IEEE Computer Society, pp. 95-98, 11th IEEE International Conference on Anti-Counterfeiting, Security, and Identification, ASID 2017, Xiamen, China, 10/27/17. https://doi.org/10.1109/ICASID.2017.8285751

A new secure authentication scheme for web login using BLE smart devices. / Varshney, Gaurav; Misra, Manoj; Atrey, Pradeep.
Proceedings of 2017 11th IEEE International Conference on Anti-Counterfeiting, Security, and Identification, ASID 2017. ed. / Jianyang Zhou; Donghui Guo; Jiyang Dong. IEEE Computer Society, 2017. p. 95-98 (Proceedings of the International Conference on Anti-Counterfeiting, Security and Identification, ASID; Vol. 2017-October).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A new secure authentication scheme for web login using BLE smart devices

AU - Varshney, Gaurav

AU - Misra, Manoj

AU - Atrey, Pradeep

PY - 2017/7/2

Y1 - 2017/7/2

N2 - Existing user authentication schemes used for login to a website are incapable of handling recent phishing attacks such as real time (RT) / control relay (CR) man in the middle (MITM) attack and attacks launched via covertly installed malicious browser extensions (MEs). Two factor authentication schemes such as Google 2 Step verification, SAASPASS, QR code, graphical password and push notification based login schemes can be compromised using RT / CR MITM phishing attacks. Hardware token based schemes are safe but the extra cost of the hardware token makes them unattractive to users. Therefore, there is a need to develop new authentication schemes which are hard for an attacker to compromise but easy for users to understand and utilize. This paper analyzes existing authentication schemes to identify the research gaps and then proposes a secure authentication scheme which uses Bluetooth Low Energy (BLE, BT 4.0+ version) devices for user identification and which can handle RT/CR MITM phishing attacks, attacks launched via malicious browser extensions and app spoofing via attackers. The proposed scheme is location/client system independent and is secure from Bluetooth address spoofing attacks.

AB - Existing user authentication schemes used for login to a website are incapable of handling recent phishing attacks such as real time (RT) / control relay (CR) man in the middle (MITM) attack and attacks launched via covertly installed malicious browser extensions (MEs). Two factor authentication schemes such as Google 2 Step verification, SAASPASS, QR code, graphical password and push notification based login schemes can be compromised using RT / CR MITM phishing attacks. Hardware token based schemes are safe but the extra cost of the hardware token makes them unattractive to users. Therefore, there is a need to develop new authentication schemes which are hard for an attacker to compromise but easy for users to understand and utilize. This paper analyzes existing authentication schemes to identify the research gaps and then proposes a secure authentication scheme which uses Bluetooth Low Energy (BLE, BT 4.0+ version) devices for user identification and which can handle RT/CR MITM phishing attacks, attacks launched via malicious browser extensions and app spoofing via attackers. The proposed scheme is location/client system independent and is secure from Bluetooth address spoofing attacks.

KW - Authentication

KW - BLE

KW - Bluetooth

KW - Login

KW - Malicious browser extension

KW - Phishing

UR - https://www.scopus.com/pages/publications/85045250984

U2 - 10.1109/ICASID.2017.8285751

DO - 10.1109/ICASID.2017.8285751

M3 - Conference contribution

T3 - Proceedings of the International Conference on Anti-Counterfeiting, Security and Identification, ASID

SP - 95

EP - 98

BT - Proceedings of 2017 11th IEEE International Conference on Anti-Counterfeiting, Security, and Identification, ASID 2017

A2 - Zhou, Jianyang

A2 - Guo, Donghui

A2 - Dong, Jiyang

PB - IEEE Computer Society

T2 - 11th IEEE International Conference on Anti-Counterfeiting, Security, and Identification, ASID 2017

Y2 - 27 October 2017 through 29 October 2017

ER -

Varshney G, Misra M, Atrey P. A new secure authentication scheme for web login using BLE smart devices. In Zhou J, Guo D, Dong J, editors, Proceedings of 2017 11th IEEE International Conference on Anti-Counterfeiting, Security, and Identification, ASID 2017. IEEE Computer Society. 2017. p. 95-98. (Proceedings of the International Conference on Anti-Counterfeiting, Security and Identification, ASID). doi: 10.1109/ICASID.2017.8285751

A new secure authentication scheme for web login using BLE smart devices

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this