liu.seSearch for publications in DiVA
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Securing Credentials on Untrusted Clients
Linköping University, Department of Computer and Information Science.
2010 (English)Independent thesis Advanced level (degree of Master (One Year)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

IT systems rely on correct authentication of their users in order to provide confidentiality and integrity of data. When accessing systems remotely, for instance over the Internet, no assumptions can be made regarding the level of security on the computer used. Such computers may be exposed to malware, keyloggers and other threats and must therefore generally be considered as untrusted.

To increase security when users connect remotely from untrusted clients various authentication mechanisms can be used. Usability must however be considered when deploying new mechanisms. Protection must also be balanced to the load put on users.

This thesis gives a presentation of common authentication mechanisms available and enumerates the main attack vectors threatening correct authentication and credentials. Furthermore a ranking method is proposed in order to evaluate authentication mechanisms in relation to each other.

Using the outcome of the ranking of existing methods an authentication system called Smokey (Synchronizable Mobile Key) is proposed and implemented. Smokey uses Java capable cell phones as hardware tokens generating short time valid one time passwords. Whereas traditional tokens may cease to work under certain circumstances Smokey provides users the ability to synchronize with the authentication server aiming for high usability.

Place, publisher, year, edition, pages
2010. , 130 p.
National Category
Engineering and Technology
Identifiers
URN: urn:nbn:se:liu:diva-54560ISRN: LIU-IDA/LITH-EX-A--10/003--SEOAI: oai:DiVA.org:liu-54560DiVA: diva2:305427
Presentation
2010-01-21, 10:00 (English)
Uppsok
Technology
Supervisors
Examiners
Available from: 2010-03-25 Created: 2010-03-23 Last updated: 2010-03-30Bibliographically approved

Open Access in DiVA

fulltext(2519 kB)537 downloads
File information
File name FULLTEXT01.pdfFile size 2519 kBChecksum SHA-512
6f3db029063ef6eaab5eec1603426a5a8945f1c8286220f9890001be083cf4459b3dd35cb62ea5af39174438cb602aec963023b972bce7655794a7141a2ff8c7
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Hassmund, Johannes
By organisation
Department of Computer and Information Science
Engineering and Technology

Search outside of DiVA

GoogleGoogle Scholar
Total: 537 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 469 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf