Return to search

Securing Credentials on Untrusted Clients

<p>IT systems rely on correct authentication of their users in order to provide confidentiality and integrity of data. When accessing systems remotely, for instance over the Internet, no assumptions can be made regarding the level of security on the computer used. Such computers may be exposed to malware, keyloggers and other threats and must therefore generally be considered as untrusted.</p><p>To increase security when users connect remotely from untrusted clients various authentication mechanisms can be used. Usability must however be considered when deploying new mechanisms. Protection must also be balanced to the load put on users.</p><p>This thesis gives a presentation of common authentication mechanisms available and enumerates the main attack vectors threatening correct authentication and credentials. Furthermore a ranking method is proposed in order to evaluate authentication mechanisms in relation to each other.</p><p>Using the outcome of the ranking of existing methods an authentication system called Smokey (Synchronizable Mobile Key) is proposed and implemented. Smokey uses Java capable cell phones as hardware tokens generating short time valid one time passwords. Whereas traditional tokens may cease to work under certain circumstances Smokey provides users the ability to synchronize with the authentication server aiming for high usability.</p>

Identiferoai:union.ndltd.org:UPSALLA/oai:DiVA.org:liu-54560
Date January 2010
CreatorsHassmund, Johannes
PublisherLinköping University, Department of Computer and Information Science
Source SetsDiVA Archive at Upsalla University
LanguageEnglish
Detected LanguageEnglish
TypeStudent thesis, text

Page generated in 0.0017 seconds