Smartphone Ownership and Location Checking Scheme for Fixing the Vulnerabilities of SMS-Based Authentication

Seong-Jae Kwon; Jun-Cheol Park

Smartphone Ownership and Location Checking Scheme for Fixing the Vulnerabilities of SMS-Based Authentication

Seong-Jae Kwon

Jun-Cheol Park

Vol. 42, No. 2, pp. 349-357, Feb. 2017

PDF

Abstract

Many Web sites adopt SMS(Short Message Service)-based user authentication when a user loses her password or approves an online payment. In SMS-based authentication, the authentication server sends a text in plaintext to a user’s phone, and it allows an attacker who eavesdrops or intercepts the text to impersonate a valid user(victim). We propose a challenge-response scheme to prove to the authentication server that a user is in a certain place at the moment with her smartphone beside her. The proposed scheme generates a response using a challenge by the server, user’s current location, and a secret on the user’s smartphone all together. Consequently, the scheme is much more secure than SMS-based authentication that simply asks a user to send the same text arrived on her phone back to the server. In addition to entering the response, which substitutes the SMS text, the scheme also requests a user to input a passphrase to get the authentication process started. We believe, however, the additional typing should be tolerable to most users considering the enhanced security level of the scheme.

Statistics

Cumulative Counts from November, 2022
Multiple requests among the same browser session are counted as one view. If you mouse over a chart, the values of data points will be shown.

Cite this article

[IEEE Style]

S. Kwon and J. Park, "Smartphone Ownership and Location Checking Scheme for Fixing the Vulnerabilities of SMS-Based Authentication," The Journal of Korean Institute of Communications and Information Sciences, vol. 42, no. 2, pp. 349-357, 2017. DOI: .

[ACM Style]

Seong-Jae Kwon and Jun-Cheol Park. 2017. Smartphone Ownership and Location Checking Scheme for Fixing the Vulnerabilities of SMS-Based Authentication. The Journal of Korean Institute of Communications and Information Sciences, 42, 2, (2017), 349-357. DOI: .

[KICS Style]

Seong-Jae Kwon and Jun-Cheol Park, "Smartphone Ownership and Location Checking Scheme for Fixing the Vulnerabilities of SMS-Based Authentication," The Journal of Korean Institute of Communications and Information Sciences, vol. 42, no. 2, pp. 349-357, 2. 2017.

Smartphone Ownership and Location Checking Scheme for Fixing the Vulnerabilities of SMS-Based Authentication

Submenu

Search
(IN TITLE, AUTHOR, ABSTRACT,KEYWORDS)

Advanced Search

Recent Publications
(LAST 3 YEARS)

Smartphone Ownership and Location Checking Scheme for Fixing the Vulnerabilities of SMS-Based Authentication

Submenu

Search (IN TITLE, AUTHOR, ABSTRACT,KEYWORDS)

Advanced Search

POPULAR KEYWORDS(TOP 10 KEYWORDS)

Recent Publications(LAST 3 YEARS)

Search
(IN TITLE, AUTHOR, ABSTRACT,KEYWORDS)

POPULAR KEYWORDS
(TOP 10 KEYWORDS)

Recent Publications
(LAST 3 YEARS)