Security and Privacy in Communication Networks. 11th International Conference, SecureComm 2015, Dallas, TX, USA, October 26-29, 2015, Revised Selected Papers

Research Article

KeyPocket - Improving Security and Usability for Provider Independent Login Architectures with Mobile Devices

  • @INPROCEEDINGS{10.1007/978-3-319-28865-9_3,
        author={Andr\^{e} Ebert and Chadly Marouane and Benno Rott and Martin Werner},
        title={KeyPocket - Improving Security and Usability for Provider Independent Login Architectures with Mobile Devices},
        proceedings={Security and Privacy in Communication Networks. 11th International Conference, SecureComm 2015, Dallas, TX, USA, October 26-29, 2015, Revised Selected Papers},
        proceedings_a={SECURECOMM},
        year={2016},
        month={2},
        keywords={Multi-factor authentication Mobile-based login architectures Security Usability},
        doi={10.1007/978-3-319-28865-9_3}
    }
    
  • André Ebert
    Chadly Marouane
    Benno Rott
    Martin Werner
    Year: 2016
    KeyPocket - Improving Security and Usability for Provider Independent Login Architectures with Mobile Devices
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-319-28865-9_3
André Ebert1,*, Chadly Marouane2,*, Benno Rott,*, Martin Werner,*
  • 1: Ludwig-Maximilians-University
  • 2: Virality GmbH
*Contact email: andre.ebert@ifi.lmu.de, marouane@virality.de, rott@virality.de, martin.werner@ifi.lmu.de

Abstract

Nowadays, many daily duties being of a private as well as of a business nature are handled with the help of online services. Due to migrating formerly local desktop applications into clouds (e.g., Microsoft Office Online, etc.), services become available by logging in into a user account through a web browser. But possibilities for authenticating a user in a web browser are limited and employing a username with a password is still de facto standard, disregarding open security or usability issues. Notwithstanding new developments on that subject, there is no sufficient alternative available. In this paper, we specify the requirements for a secure, easy-to-use, and third-party-independent authentication architecture. Moreover, we present KeyPocket, a user-centric approach aligned to these requirements with the help of the user’s smartphone. Subsequently, we present its state of implementation and discuss its individual capabilities and features.