Tsuyoshi Abe
ABSTRACT
We have implemented an identity provider (IdP), which is defined by the Liberty Alliance on a mobile phone. We propose an authentication method, which uses this personal IdP as a security token to prevent password leakage. In our method, the personal IdP on a mobile phone issues a security assertion signed by a private key on a Universal Subscriber Identifier Module (USIM). There are some authentication solutions that require special hardware tokens to prevent password leakage incidents, but their disadvantage is a higher distribution cost. In our method, there is no need for distribution of special hardware tokens because mobile phones are widespread personal devices. There are other authentication methods that use mobile phone terminals, but our method has the advantage that there is no need for installation of special software on PCs. In addition, users are able to carry out single sign-on (SSO) with our method by using the Liberty Alliance architecture. Compared with ordinary SSO where the IdP is a server computer, our method has a unique feature that the initial authentication is performed on a user's mobile phone with the key pad as an input device and LCD as an output device. Therefore, the credential for initial authentication is not transmitted from the mobile phone, and we can avoid the risk of password theft. If the mobile phone has its own security feature like fingerprint authentication, the feature can be used for SSO too. In this paper, we also discuss implementation issues on a mobile phone network and security issues regarding the man-in-the-middle attack. Results of the performance test of a prototype system are also described.
- RSA SecureID Token for Mobile Phones, RSA Security Inc., http://www.rsa.com/node.aspx?id=1314Google Scholar
- FirstPass, NTT DoCoMo Inc., http://www.nttdocomo.co.jp/service/other/firstpass/ (Japanese OnlyGoogle Scholar
- Liberty Alliance Project. http://www.projectliberty.org/Google Scholar
- Security Assertion Markup Language (SAML) V2.0. Version 2.0. OASIS Standards. http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=securityGoogle Scholar
- Universal Subscriber Identity Module (USIM) conformance test specification. 3GPP TS 31.122. http://www.3gpp.org/Google Scholar
- Trust Models Guidelines, OASIS, http://www.oasis-open.org/committees/download.php/6158/sstc-saml-trustmodels-2.0-draft-01.pdfGoogle Scholar
- OpenID, http://openid.net/Google Scholar
- i-appli, NTT DoCoMo Inc., http://www.nttdocomo.co.jp/english/service/imode/make/content/iappli/index.htmlGoogle Scholar
- FOMA F903i, NTT DoCoMo Inc., http://www.nttdocomo.co.jp/english/product/foma/903i/f903i/index.htmlGoogle Scholar
- Renesas Technology's SH-Mobile G1 Chip to be Selected for FOMA 903i Series Handsets, http://america.renesas.com/fmwk.jsp?cnt=press_release000696.htm&fp=/company_info/news_and_events/press_releasesGoogle Scholar
- Liberty Reverse HTTP Binding for SOAP Specification, http://www.projectliberty.org/liberty/content/download/909/6303/file/liberty-paos-v2.0.pdfGoogle Scholar
- XML-Signature Syntax and Processing, W3C Recommendation, http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/Google Scholar
- RFC 2315 - PKCS #7: Cryptographic Message Syntax Version 1.5, http://www.faqs.org/rfcs/rfc2315.htmlGoogle Scholar
Index Terms
- Implementing identity provider on mobile phone
Recommendations
Portable Personal Identity Provider in Mobile Phones
TRUSTCOM '13: Proceedings of the 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and CommunicationsThis paper analyses the prospect of having a Portable Personal Identity Provider (PPIdP, in short) in the mobile phone. The ubiquitous presence of powerful mobile phones equipped with high speed networks can be utilised to make the mobile phone act as a ...
Mobile Agents and Their Ontology Serving a Federated Identity Platform
ICONS '09: Proceedings of the 2009 Fourth International Conference on SystemsLike the Web services, federated identity wins gradually businesses. The creation of an infrastructure of federated identity is a viable alternative to current systems.For employees or users, a federated identity leads to a better experience of the ...
A Mobile Phone Ecosystem: MIT and Nokia's Joint Research Venture
In the near future, the mobile phone will likely become the primary means for accessing services such as personal banking, onlinepurchasing, mobile entertainment, and multiplayer online games. It might also someday replace wallets full of credit cards, ...
Comments