TY - GEN
T1 - SESAME
T2 - 2013 International Conference on Computing, Networking and Communications, ICNC 2013
AU - Sanzziri, Ameva
AU - Nandugudi, Anandatirtha
AU - Upadhyaya, Shambhu
AU - Qiao, Chunming
PY - 2013
Y1 - 2013
N2 - In this paper we present a smartphone based architecture to secure user access to web services which require password entry. Our architecture takes advantage of biometric sensors that are present in today's smartphones when authenticating a smartphone user in order to ensure that her identity cannot be masqueraded by anyone else. The user can then access web services using a complex password stored in her smartphone but without having to manually enter the complex password. As a result, the architecture overcomes many security limitations of today's password based authentication approaches, and in particular, resolves the current dilemma associated with the use of complex passwords. In addition, the proposed architecture not only works seamlessly with today's web services since it requires no changes to the existing authentication mechanisms used by the servers, but also can be extended to directly use a person's biometrics as credentials instead of passwords when accessing web services and cyber-physical devices in the future.
AB - In this paper we present a smartphone based architecture to secure user access to web services which require password entry. Our architecture takes advantage of biometric sensors that are present in today's smartphones when authenticating a smartphone user in order to ensure that her identity cannot be masqueraded by anyone else. The user can then access web services using a complex password stored in her smartphone but without having to manually enter the complex password. As a result, the architecture overcomes many security limitations of today's password based authentication approaches, and in particular, resolves the current dilemma associated with the use of complex passwords. In addition, the proposed architecture not only works seamlessly with today's web services since it requires no changes to the existing authentication mechanisms used by the servers, but also can be extended to directly use a person's biometrics as credentials instead of passwords when accessing web services and cyber-physical devices in the future.
UR - https://www.scopus.com/pages/publications/84877604364
U2 - 10.1109/ICCNC.2013.6504205
DO - 10.1109/ICCNC.2013.6504205
M3 - Conference contribution
SN - 9781467352888
T3 - 2013 International Conference on Computing, Networking and Communications, ICNC 2013
SP - 879
EP - 883
BT - 2013 International Conference on Computing, Networking and Communications, ICNC 2013
Y2 - 28 January 2013 through 31 January 2013
ER -