liu.seSearch for publications in DiVA
Change search
ReferencesLink to record
Permanent link

Direct link
Contributions to Web Authentication for Untrusted Computers
Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology. (ADIT)
2011 (English)Licentiate thesis, monograph (Other academic)
Abstract [en]

Authentication methods offer varying levels of security. Methods with one-time credentials generated by dedicated hardware tokens can reach a high level of security, whereas password-based authentication methods have a low level of security since passwords can be eavesdropped and stolen by an attacker. Password-based methods are dominant in web authentication since they are both easy to implement and easy to use. Dedicated hardware, on the other hand, is not always available to the user, usually requires additional equipment and may be more complex to use than password-based authentication.

Different services and applications on the web have different requirements for the security of authentication.  Therefore, it is necessary for designers of authentication solutions to address this need for a range of security levels. Another concern is mobile users authenticating from unknown, and therefore untrusted, computers. This in turn raises issues of availability, since users need secure authentication to be available, regardless of where they authenticate or which computer they use.

We propose a method for evaluation and design of web authentication solutions that takes into account a number of often overlooked design factors, i.e. availability, usability and economic aspects. Our proposed method uses the concept of security levels from the Electronic Authentication Guideline, provided by NIST.

We focus on the use of handheld devices, especially mobile phones, as a flexible, multi-purpose (i.e. non-dedicated) hardware device for web authentication. Mobile phones offer unique advantages for secure authentication, as they are small, flexible and portable, and provide multiple data transfer channels. Phone designs, however, vary and the choice of channels and authentication methods will influence the security level of authentication. It is not trivial to maintain a consistent overview of the strengths and weaknesses of the available alternatives. Our evaluation and design method provides this overview and can help developers and users to compare and choose authentication solutions.

Place, publisher, year, edition, pages
Linköping: Linköping University Electronic Press , 2011. , 51 p.
Linköping Studies in Science and Technology. Thesis, ISSN 0280-7971 ; 1481
Keyword [en]
Authentication, security levels, identity management, 2-clickAuth, information security
National Category
Computer Science
URN: urn:nbn:se:liu:diva-67274ISBN: 978-91-7393-172-4OAI: diva2:416574
2011-06-13, Alan Turing, Hus E, Campus Valla, Linköpings universitet, Linköping, 13:15 (English)
Available from: 2011-05-13 Created: 2011-04-07 Last updated: 2013-05-15Bibliographically approved

Open Access in DiVA

Contributions to Web Authentication for Untrusted Computers(979 kB)1561 downloads
File information
File name FULLTEXT01.pdfFile size 979 kBChecksum SHA-512
Type fulltextMimetype application/pdf
cover(175 kB)32 downloads
File information
File name COVER01.pdfFile size 175 kBChecksum SHA-512
Type coverMimetype application/pdf

Search in DiVA

By author/editor
Vapen, Anna
By organisation
Database and information techniquesThe Institute of Technology
Computer Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 1561 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 386 hits
ReferencesLink to record
Permanent link

Direct link