File Download
There are no files associated with this item.
Links for fulltext
(May Require Subscription)
- Publisher Website: 10.3233/JCS-2011-0424
- Scopus: eid_2-s2.0-81255134913
- Find via
Supplementary
-
Citations:
- Scopus: 0
- Appears in Collections:
Article: WebCallerID: Leveraging cellular networks for Web authentication
| Title | WebCallerID: Leveraging cellular networks for Web authentication |
|---|---|
| Authors | |
| Keywords | Authentication cellular networks mobile authentication OpenID phishing single sign on usable security Web authentication |
| Issue Date | 2011 |
| Citation | Journal of Computer Security, 2011, v. 19, n. 5, p. 869-893 How to Cite? |
| Abstract | Web authentication that is both secure and usable remains a challenge. Passwords are vulnerable to phishing attacks, while physical tokens face deployment obstacles. We propose to leverage the authentication infrastructure of cellular networks to enhance Web authentication. We design WebCallerID, a Web authentication scheme that uses cell phones as physical tokens and uses cellular networks as trusted identity providers. Since WebCallerID requires no user participation during authentication, it prevents security mistakes by users. WebCallerID also prevents rogue websites from replaying authentication assertions or stealing users' identities. We have implemented a prototype of WebCallerID using the OpenID framework. The prototype shows that WebCallerID seamlessly integrates into OpenID-capable Web authentication while avoiding phishing problems in OpenID and simplifying user participation. © 2011-IOS Press and the authors. All rights reserved. |
| Persistent Identifier | http://hdl.handle.net/10722/346559 |
| ISSN | 2023 Impact Factor: 0.9 2023 SCImago Journal Rankings: 0.340 |
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Hsu, Francis | - |
| dc.contributor.author | Chen, Hao | - |
| dc.contributor.author | MacHiraju, Sridhar | - |
| dc.date.accessioned | 2024-09-17T04:11:43Z | - |
| dc.date.available | 2024-09-17T04:11:43Z | - |
| dc.date.issued | 2011 | - |
| dc.identifier.citation | Journal of Computer Security, 2011, v. 19, n. 5, p. 869-893 | - |
| dc.identifier.issn | 0926-227X | - |
| dc.identifier.uri | http://hdl.handle.net/10722/346559 | - |
| dc.description.abstract | Web authentication that is both secure and usable remains a challenge. Passwords are vulnerable to phishing attacks, while physical tokens face deployment obstacles. We propose to leverage the authentication infrastructure of cellular networks to enhance Web authentication. We design WebCallerID, a Web authentication scheme that uses cell phones as physical tokens and uses cellular networks as trusted identity providers. Since WebCallerID requires no user participation during authentication, it prevents security mistakes by users. WebCallerID also prevents rogue websites from replaying authentication assertions or stealing users' identities. We have implemented a prototype of WebCallerID using the OpenID framework. The prototype shows that WebCallerID seamlessly integrates into OpenID-capable Web authentication while avoiding phishing problems in OpenID and simplifying user participation. © 2011-IOS Press and the authors. All rights reserved. | - |
| dc.language | eng | - |
| dc.relation.ispartof | Journal of Computer Security | - |
| dc.subject | Authentication | - |
| dc.subject | cellular networks | - |
| dc.subject | mobile authentication | - |
| dc.subject | OpenID | - |
| dc.subject | phishing | - |
| dc.subject | single sign on | - |
| dc.subject | usable security | - |
| dc.subject | Web authentication | - |
| dc.title | WebCallerID: Leveraging cellular networks for Web authentication | - |
| dc.type | Article | - |
| dc.description.nature | link_to_subscribed_fulltext | - |
| dc.identifier.doi | 10.3233/JCS-2011-0424 | - |
| dc.identifier.scopus | eid_2-s2.0-81255134913 | - |
| dc.identifier.volume | 19 | - |
| dc.identifier.issue | 5 | - |
| dc.identifier.spage | 869 | - |
| dc.identifier.epage | 893 | - |