Skip navigation
Please use this identifier to cite or link to this item: http://repository.iitr.ac.in/handle/123456789/15640
Title: A new secure authentication scheme for web login using BLE smart devices
Authors: Varshney G.
Misra, Manoj
Atrey P.
Dong J.
Zhou J.
Guo D.
Published in: Proceedings of the International Conference on Anti-Counterfeiting, Security and Identification, ASID
Abstract: Existing user authentication schemes used for login to a website are incapable of handling recent phishing attacks such as real time (RT) / control relay (CR) man in the middle (MITM) attack and attacks launched via covertly installed malicious browser extensions (MEs). Two factor authentication schemes such as Google 2 Step verification, SAASPASS, QR code, graphical password and push notification based login schemes can be compromised using RT / CR MITM phishing attacks. Hardware token based schemes are safe but the extra cost of the hardware token makes them unattractive to users. Therefore, there is a need to develop new authentication schemes which are hard for an attacker to compromise but easy for users to understand and utilize. This paper analyzes existing authentication schemes to identify the research gaps and then proposes a secure authentication scheme which uses Bluetooth Low Energy (BLE, BT 4.0+ version) devices for user identification and which can handle RT/CR MITM phishing attacks, attacks launched via malicious browser extensions and app spoofing via attackers. The proposed scheme is location/client system independent and is secure from Bluetooth address spoofing attacks. © 2017 IEEE.
Citation: Proceedings of the International Conference on Anti-Counterfeiting, Security and Identification, ASID, (2018), 95- 98
URI: https://doi.org/10.1109/ICASID.2017.8285751
http://repository.iitr.ac.in/handle/123456789/15640
Issue Date: 2018
Publisher: IEEE Computer Society
Keywords: Authentication
BLE
Bluetooth
Login
Malicious browser extension
Phishing
ISBN: 9.78154E+12
ISSN: 21635048
Author Scopus IDs: 57196839517
56223635000
6603382021
Author Affiliations: Varshney, G., Department of CSE, Indian Institute of Technology, Roorkee, Uttarakhand, 247667, India
Misra, M., Department of CSE, Indian Institute of Technology, Roorkee, Uttarakhand, 247667, India
Atrey, P., Computer Science Department, State University of New York, Albany, NY, United States
Appears in Collections:Conference Publications [CS]

Files in This Item:
There are no files associated with this item.
Show full item record


Items in Repository are protected by copyright, with all rights reserved, unless otherwise indicated.