Research Article
UAuth: A Strong Authentication Method from Personal Devices to Multi-accounts
@INPROCEEDINGS{10.1007/978-3-319-23829-6_7, author={Yazhe Wang and Mingming Hu and Chen Li}, title={UAuth: A Strong Authentication Method from Personal Devices to Multi-accounts}, proceedings={International Conference on Security and Privacy in Communication Networks. 10th International ICST Conference, SecureComm 2014, Beijing, China, September 24-26, 2014, Revised Selected Papers, Part I}, proceedings_a={SECURECOMM}, year={2015}, month={11}, keywords={Authentication Mobile terminal Multi-accounts}, doi={10.1007/978-3-319-23829-6_7} }- Yazhe Wang
Mingming Hu
Chen Li
Year: 2015
UAuth: A Strong Authentication Method from Personal Devices to Multi-accounts
SECURECOMM
Springer
DOI: 10.1007/978-3-319-23829-6_7
Abstract
In this paper we present UAuth, a two-layer authentication framework that provides more security assurances than two-factor authentication while offering a simpler authentication experience. When authenticating, users first verified their static credentials (such as password, fingerprint, etc.) in the local layer, then submit the OTP-signed response generated by their device to the server to complete the server-layer authentication. We also propose the three-level account association mechanism, which completes the association of devices, users and services, establishing a mapping from a user’s device to the user’s accounts in the Internet. Users can easily gain access to different service via a single personal device. Our goal is to provide a quick and convenient SSO-like login process on the basis of security authentication. To meet the goal, we implement our UAuth, and evaluate our designs.