Protecting Touch: Authenticated App-To-Server Channels for Mobile Devices Using NFC Tags
1
Banco do Brasil S.A., 70790-125 Brasília, Brazil
2
University of Applied Sciences Upper Austria, 4232 Hagenberg, Austria
3
Institute of Networks and Security, Johannes Kepler University Linz, 4040 Linz, Austria
4
Department of Computer Science and Statistics, São Paulo State University—UNESP, 15054-000 São José do Rio Preto, Brazil
*
Authors to whom correspondence should be addressed.
Information 2017, 8(3), 81; https://doi.org/10.3390/info8030081
Received: 26 May 2017
/
Revised: 27 June 2017
/
Accepted: 28 June 2017
/
Published: 6 July 2017
(This article belongs to the Special Issue Mobile Systems, Mobile Networks and Mobile Cloud: Security, Privacy and Digital Forensics)
Traditional authentication methods (e.g., password, PIN) often do not scale well to the context of mobile devices in terms of security and usability. However, the adoption of Near Field Communication (NFC) on a broad range of smartphones enables the use of NFC-enabled tokens as an additional authentication factor. This additional factor can help to improve the security, as well as usability of mobile apps. In this paper, we evaluate the use of different types of existing NFC tags as tokens for establishing authenticated secure sessions between smartphone apps and web services. Based on this evaluation, we present two concepts for a user-friendly secure authentication mechanism for mobile apps, the Protecting Touch (PT) architectures. These two architectures are designed to be implemented with either end of the spectrum of inexpensive and widely-available NFC tags while maintaining a reasonable trade-off between security, availability and cost.
View Full-Text
Keywords:
secure channel; two-factor authentication; Near Field Communication (NFC); Android; mobile security
▼
Show Figures
Figure 1
This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
MDPI and ACS Style
Carvalho Ota, F.K.; Roland, M.; Hölzl, M.; Mayrhofer, R.; Manacero, A. Protecting Touch: Authenticated App-To-Server Channels for Mobile Devices Using NFC Tags. Information 2017, 8, 81. https://doi.org/10.3390/info8030081
AMA Style
Carvalho Ota FK, Roland M, Hölzl M, Mayrhofer R, Manacero A. Protecting Touch: Authenticated App-To-Server Channels for Mobile Devices Using NFC Tags. Information. 2017; 8(3):81. https://doi.org/10.3390/info8030081
Chicago/Turabian StyleCarvalho Ota, Fernando Kaway, Michael Roland, Michael Hölzl, René Mayrhofer, and Aleardo Manacero. 2017. "Protecting Touch: Authenticated App-To-Server Channels for Mobile Devices Using NFC Tags" Information 8, no. 3: 81. https://doi.org/10.3390/info8030081
Find Other Styles
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.
