SlideShare una empresa de Scribd logo

The Smartphone as Mobile Authorization Proxy

Distributed Multimodal Information Processing Group
Distributed Multimodal Information Processing Group

We present a novel approach to use a mobile device for authentication and authorization purposes, where the user is able to authenticate and authorize himself for access on a public terminal. The concept is based on an extension of a Single-Sign On solution for mobile and public terminals.

Tecnología
1 de 32
Descargar para leer sin conexión
Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München The Smartphone as a Mobile Authorization Proxy - Towards Authentication Using Smartphones Luis Roalter, Matthias Kranz, Stefan Diewald, Andreas Möller, Kåre Synnes February 14, 2013 MCPT Workshop at Eurocast 2013
Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Daily routines… 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 2
Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Scenario Starting your work •  Login into the computer •  You must know your username and password Reading your mails •  Login into your mailserver •  You must know another username and password (probably) Scientific Research •  Login for your library •  You must know another username and password 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 3
Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Overview Motivation System architecture Current implementation Problems and Outlook 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 4
Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Past Scenario Situation •  Various platforms •  Different user name / password combinations •  No unified login mask Problems •  Many credentials to remember •  No overview •  Multiple accounts to maintain •  Phishing 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 5
Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 6
Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Recent Scenario Situation •  Various platforms •  Usage of distributed login methods (LDAP, ADS, NIS, …) •  Mostly no unified login mask •  Only one username to remember Problems •  One credential opens everything •  Phishing causes loss of complete system •  Public terminals / displays 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 7
Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 8
Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Future Motivation Situation •  Various platforms •  Usage of distributed login methods (LDAP, ADS, NIS, …) •  Unified login mask è replace it with a QR code •  No username to remember •  Smartphone is your identity provider •  Phishing is hardly possible Requirements/Problems •  Need of a smartphone with internet connection •  More involved parties; trust 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 9
Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München The standard login… 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 10
Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Novel approach with QR codes… 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 11
Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Ideas Single Sign-On •  Reduce number of different credentials •  Substitute other authentication methods •  Substitute many individual logins by one •  Works especially for organizations with many services Motivation •  Easy usage at different services •  Global sign-off •  Privacy 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 12
Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Existing Single Sign-On Solutions OpenID •  De-centralized authentication system •  OpenID identity provided by OpenID provider •  “Relying party” accepts identity as login •  Prone to phishing attacks as redirect is required •  Used by e.g. Yahoo, Microsoft, Facebook, Google Shibboleth •  Identity provider, service provider and discovery service •  Used mainly in university and educational context 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 13
Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Single Sign-On Goals for Single Sign-On with mobile devices •  Improved usability & utility: faster authentication process, less error-prone, … •  Improved security (no overseeing of credentials input when typed on on-screen keyboard) •  Separation of private and public devices/data (no Bluetooth link for password input) •  No own login/password management •  No typing on a public display! (no keyboard substitution!) •  Better than direct login for public terminals (might be hacked as hardware is public) 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 14
Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Overview Motivation System architecture Current implementation Problems and Outlook 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 15
Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Concept Service  1 Service  2 Service  n Service  1 Service  2 Service  n Authenticate Authenticate Authenticate Username  2 Password  2 SSO  Server Username  1 Username  n Password  1 Password  n Username Password User User 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 16
Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München How does single sign-on work? Service SSO  Server 4.  Grant  Access  for  User  at  Service 5.  User  Information 1.  Access Service 2.  Redirect  to  SSO 3.  Authenticate 6.  Get  Information From  Service Client 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 17
Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Introducing QR codes Why make use of QR codes? •  Fast and easy transfer of ASCII/binary data to a smartphone •  Move forms to a trusted device (my smartphone) Why smartphones? •  Independent connection to the internet •  Storage of personal information •  Usage for other auxiliary services (to read from and write to) 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 18
Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Integrating the smartphone Service 5.  Grant  Access  for  User  at  Service SSO  Server 6.  User  Information 2.  Register  Token 3.  Print  QR  Code 1.  Access Service 4.  Send  Data  from  QR  Code 7.  Get  Information From  Service Client 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 19
Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Overview Motivation System architecture Current implementation Problems and Outlook 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 20
Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Current Implementation Platform •  TomCat Server for RPC •  LDAP for user management •  SQL DB for service and session management Mobile Client •  Android Smartphone •  UMTS/WiFi Connection •  SSL secured communication 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 21
Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Android Application: Registration Registration / Login •  Your account (username, password) •  Your hardware: mobile unique ID (MUID), can be e.g. IMEI (direct device identification) or be calculated from hardware parameters for no direct relation to a device •  MUID is used to identify the device to transfer the session to, or for history information (who authenticated a SID) What will be stored? •  Login name •  (hashed) MUID •  (hashed) password is just transferred once and discarded afterwards 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 22
Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Android Application: Profile / Management Features •  Visualize running sessions •  Maintain your profile and personal information •  Recognize hijacking of account •  Logout session(s) •  Transparency to the user Ideas •  Transfer sessions between devices (from desktop to mobile) •  Not only authenticating on public terminals, but improve mobility 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 23
Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Example Use Case: Room Reservation and Access •  Tablet PC as door sign for meeting rooms •  See when room is occupied or available •  Book a room through the public display –  Needs authentication (who reserves the room?) –  Single-Sign-On with QR Code does not require to type credentials on public display •  Allows even room access (digital lock) 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 24
Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Android Application: Authentication Go to a (public or private) terminal •  Request service, e.g. open the login page of the service •  Wait for SSO authentication (e.g. QR code) Terminal sends •  Session ID (SID) to SSO server •  Creates QR Code with that information and displays it on the terminal’s screen Mobile Device •  Scans QR code, gets: SID, service, SSO Server •  Authenticates SID at SSO Server •  SSO Server authenticates session both on mobile and public terminal 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 25
Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Overview Motivation System architecture Current implementation Problems and Outlook 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 26
Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Analysis Improvements compared to traditional Single Sign-On •  No password input (direct or indirect) on a potentially insecure terminal •  Faster, less error-prone, more convenient identification •  Lost mobile – de-authenticate all sessions, deactivate MUID (SSO admin interface required) •  SSO server hard coded (typed in as preference on the mobile, substituting server in QR Code) •  No phishing login sites (as mobile always uses preferred SSO server) •  Additional hardware binding (one piece more of information) •  Additional channel for authentication (terminal, SSO server; mobile SSO server) 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 27
Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Analysis Equal (or at least not worse) •  Only identification (ID verification), no access control yet (authorization)! •  “Fake” MUID (assuming algorithm is known), that is: send “copied” hashed MUID: as with lost physical key, as mobile has no trusted computing platform (TPM) module •  Both: at least accounting of active SIDs, monitoring “key usage” 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 28
Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Outlook and Future Work Usability •  PAM module for QR code authentication •  Operating system login using QR codes •  Transfer sessions between terminals Security •  Full encrypted connections (tokens already present) User study •  Acceptance / Usability concept •  Novel applications (public displays) •  etc. 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 29
Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Thank you for your attention! Questions? ? ? andreas.moeller@tum.de roalter@tum.de www.vmi.ei.tum.de/ 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 30
Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Paper Reference •  Please find the associated paper at: https://vmi.lmt.ei.tum.de/publications/2013/MCPT2013-IndoorNav_preprint.pdf •  Please cite this work as follows: •  L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes Decision-Point Panorama-Based Indoor Navigation In: 14th International Conference on Computer Aided Systems Theory (EUROCAST 2013), pp. 306-307, Las Palmas de Gran Canaria, Spain, February 2013 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 31
Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München If you use BibTex, please use the following entry to cite this work: @INPROCEEDINGS{MCPT13MobAuth, author = {Luis Roalter and Matthias Kranz and Stefan Diewald and Andreas M{"o}ller}, title = {{The Smartphone as Mobile Authorization Proxy}}, booktitle = {14th International Conference on Computer Aided Systems Theory (EUROCAST 2013)}, editor = {Alexis Quesada-Arencibia and Jos'{e} Carlos Rodriguez and Roberto Moreno-Diaz jr. and Roberto Moreno-Diaz}, year = {2013}, month = feb, pages = {306--307}, ISBN = {978-84-695-6971-9}, location = {Las Palmas de Gran Canaria, Spain}, } 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 32

Recomendados

Stateless authentication for microservices - GR8Conf 2015
Stateless authentication for microservices - GR8Conf 2015Stateless authentication for microservices - GR8Conf 2015
Stateless authentication for microservices - GR8Conf 2015
Alvaro Sanchez-Mariscal
 
Stateless authentication for microservices - Spring I/O 2015
Stateless authentication for microservices - Spring I/O 2015Stateless authentication for microservices - Spring I/O 2015
Stateless authentication for microservices - Spring I/O 2015
Alvaro Sanchez-Mariscal
 
Authentication: Cookies vs JWTs and why you’re doing it wrong
Authentication: Cookies vs JWTs and why you’re doing it wrongAuthentication: Cookies vs JWTs and why you’re doing it wrong
Authentication: Cookies vs JWTs and why you’re doing it wrong
Derek Perkins
 
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Alvaro Sanchez-Mariscal
 
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldAn Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices World
VMware Tanzu
 
MobiMed: Comparing Object Identification Techniques on Smartphones
MobiMed: Comparing Object Identification Techniques on SmartphonesMobiMed: Comparing Object Identification Techniques on Smartphones
MobiMed: Comparing Object Identification Techniques on Smartphones
Distributed Multimodal Information Processing Group
 
Decision-Point Panorama-Based Indoor Navigation
Decision-Point Panorama-Based Indoor NavigationDecision-Point Panorama-Based Indoor Navigation
Decision-Point Panorama-Based Indoor Navigation
Distributed Multimodal Information Processing Group
 
Visual Authentication - A Secure Single Step Authentication for User Authoriz...
Visual Authentication - A Secure Single Step Authentication for User Authoriz...Visual Authentication - A Secure Single Step Authentication for User Authoriz...
Visual Authentication - A Secure Single Step Authentication for User Authoriz...
EISLab
 

Recomendados

Stateless authentication for microservices - GR8Conf 2015
Stateless authentication for microservices - GR8Conf 2015Stateless authentication for microservices - GR8Conf 2015
Stateless authentication for microservices - GR8Conf 2015
Alvaro Sanchez-Mariscal
 
Stateless authentication for microservices - Spring I/O 2015
Stateless authentication for microservices - Spring I/O 2015Stateless authentication for microservices - Spring I/O 2015
Stateless authentication for microservices - Spring I/O 2015
Alvaro Sanchez-Mariscal
 
Authentication: Cookies vs JWTs and why you’re doing it wrong
Authentication: Cookies vs JWTs and why you’re doing it wrongAuthentication: Cookies vs JWTs and why you’re doing it wrong
Authentication: Cookies vs JWTs and why you’re doing it wrong
Derek Perkins
 
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Alvaro Sanchez-Mariscal
 
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldAn Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices World
VMware Tanzu
 
MobiMed: Comparing Object Identification Techniques on Smartphones
MobiMed: Comparing Object Identification Techniques on SmartphonesMobiMed: Comparing Object Identification Techniques on Smartphones
MobiMed: Comparing Object Identification Techniques on Smartphones
Distributed Multimodal Information Processing Group
 
Decision-Point Panorama-Based Indoor Navigation
Decision-Point Panorama-Based Indoor NavigationDecision-Point Panorama-Based Indoor Navigation
Decision-Point Panorama-Based Indoor Navigation
Distributed Multimodal Information Processing Group
 
Visual Authentication - A Secure Single Step Authentication for User Authoriz...
Visual Authentication - A Secure Single Step Authentication for User Authoriz...Visual Authentication - A Secure Single Step Authentication for User Authoriz...
Visual Authentication - A Secure Single Step Authentication for User Authoriz...
EISLab
 
Visual Authentication - A Secure Single Step Authentication for User Authoriz...
Visual Authentication - A Secure Single Step Authentication for User Authoriz...Visual Authentication - A Secure Single Step Authentication for User Authoriz...
Visual Authentication - A Secure Single Step Authentication for User Authoriz...
Distributed Multimodal Information Processing Group
 
Experience Design Framework for securing Large Scale Information and Communic...
Experience Design Framework for securing Large Scale Information and Communic...Experience Design Framework for securing Large Scale Information and Communic...
Experience Design Framework for securing Large Scale Information and Communic...
Omar Sosa-Tzec
 
Posn private information protection in online social networks 2
Posn private information protection in online social networks 2Posn private information protection in online social networks 2
Posn private information protection in online social networks 2
IAEME Publication
 
Posn private information protection in online social networks 2
Posn private information protection in online social networks 2Posn private information protection in online social networks 2
Posn private information protection in online social networks 2
IAEME Publication
 
Mm11 nyemedier-15-02-2011
Mm11 nyemedier-15-02-2011Mm11 nyemedier-15-02-2011
Mm11 nyemedier-15-02-2011
Christian Bech
 
AN EFFICIENT SEMANTIC DATA ALIGNMENT BASED FCM TO INFER USER SEARCH GOALS USI...
AN EFFICIENT SEMANTIC DATA ALIGNMENT BASED FCM TO INFER USER SEARCH GOALS USI...AN EFFICIENT SEMANTIC DATA ALIGNMENT BASED FCM TO INFER USER SEARCH GOALS USI...
AN EFFICIENT SEMANTIC DATA ALIGNMENT BASED FCM TO INFER USER SEARCH GOALS USI...
pharmaindexing
 
Data mining in security: Ja'far Alqatawna
Data mining in security: Ja'far AlqatawnaData mining in security: Ja'far Alqatawna
Data mining in security: Ja'far Alqatawna
Maribel García Arenas
 
From Research to Applications: What Can We Extract with Social Media Sensing?
From Research to Applications: What Can We Extract with Social Media Sensing?From Research to Applications: What Can We Extract with Social Media Sensing?
From Research to Applications: What Can We Extract with Social Media Sensing?
Yiannis Kompatsiaris
 
Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11
Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11
Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11
DaliaCulbertson719
 
Android security a survey of issues, malware penetration, and defenses
Android security a survey of issues, malware penetration, and defensesAndroid security a survey of issues, malware penetration, and defenses
Android security a survey of issues, malware penetration, and defenses
LeMeniz Infotech
 
Core News Values in Digital Age
Core News Values in Digital AgeCore News Values in Digital Age
Core News Values in Digital Age
JIMSVKII
 
Sensor Networks and Ambiente Intelligence
Sensor Networks and Ambiente IntelligenceSensor Networks and Ambiente Intelligence
Sensor Networks and Ambiente Intelligence
Rui M. Barreira
 
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONSCYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
IAEME Publication
 
A Mobile Indoor Navigation System Interface Adapted to Vision-Based Localization
A Mobile Indoor Navigation System Interface Adapted to Vision-Based LocalizationA Mobile Indoor Navigation System Interface Adapted to Vision-Based Localization
A Mobile Indoor Navigation System Interface Adapted to Vision-Based Localization
Distributed Multimodal Information Processing Group
 
Bagesh_Data Privacy and Security.pdf
Bagesh_Data Privacy and Security.pdfBagesh_Data Privacy and Security.pdf
Bagesh_Data Privacy and Security.pdf
AyushSingh224545
 
User types of the Mobile Internet
User types of the Mobile InternetUser types of the Mobile Internet
User types of the Mobile Internet
Petter Bae Brandtzæg
 
Ambient Intelligence: Definitions and Application Areas
Ambient Intelligence: Definitions and Application AreasAmbient Intelligence: Definitions and Application Areas
Ambient Intelligence: Definitions and Application Areas
Fulvio Corno
 
D01112030
D01112030D01112030
D01112030
IOSR Journals
 
OSN: Privacy Preserving Policies
OSN: Privacy Preserving PoliciesOSN: Privacy Preserving Policies
OSN: Privacy Preserving Policies
IOSR Journals
 
Elastic cognitive systems 18 6-2015-dustdar
Elastic cognitive systems 18 6-2015-dustdarElastic cognitive systems 18 6-2015-dustdar
Elastic cognitive systems 18 6-2015-dustdar
diannepatricia
 
Experimental Evaluation of User Interfaces for Visual Indoor Navigation
Experimental Evaluation of User Interfaces for Visual Indoor NavigationExperimental Evaluation of User Interfaces for Visual Indoor Navigation
Experimental Evaluation of User Interfaces for Visual Indoor Navigation
Distributed Multimodal Information Processing Group
 
Mit mobilem Lernen zur erweiterten Methodenkompetenz
Mit mobilem Lernen zur erweiterten MethodenkompetenzMit mobilem Lernen zur erweiterten Methodenkompetenz
Mit mobilem Lernen zur erweiterten Methodenkompetenz
Distributed Multimodal Information Processing Group
 

Más contenido relacionado

Similar a The Smartphone as Mobile Authorization Proxy

Visual Authentication - A Secure Single Step Authentication for User Authoriz...
Visual Authentication - A Secure Single Step Authentication for User Authoriz...Visual Authentication - A Secure Single Step Authentication for User Authoriz...
Visual Authentication - A Secure Single Step Authentication for User Authoriz...
Distributed Multimodal Information Processing Group
 
Experience Design Framework for securing Large Scale Information and Communic...
Experience Design Framework for securing Large Scale Information and Communic...Experience Design Framework for securing Large Scale Information and Communic...
Experience Design Framework for securing Large Scale Information and Communic...
Omar Sosa-Tzec
 
Posn private information protection in online social networks 2
Posn private information protection in online social networks 2Posn private information protection in online social networks 2
Posn private information protection in online social networks 2
IAEME Publication
 
Posn private information protection in online social networks 2
Posn private information protection in online social networks 2Posn private information protection in online social networks 2
Posn private information protection in online social networks 2
IAEME Publication
 
Mm11 nyemedier-15-02-2011
Mm11 nyemedier-15-02-2011Mm11 nyemedier-15-02-2011
Mm11 nyemedier-15-02-2011
Christian Bech
 
From Research to Applications: What Can We Extract with Social Media Sensing?
From Research to Applications: What Can We Extract with Social Media Sensing?From Research to Applications: What Can We Extract with Social Media Sensing?
From Research to Applications: What Can We Extract with Social Media Sensing?
Yiannis Kompatsiaris
 
Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11
Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11
Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11
DaliaCulbertson719
 
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONSCYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
IAEME Publication
 
A Mobile Indoor Navigation System Interface Adapted to Vision-Based Localization
A Mobile Indoor Navigation System Interface Adapted to Vision-Based LocalizationA Mobile Indoor Navigation System Interface Adapted to Vision-Based Localization
A Mobile Indoor Navigation System Interface Adapted to Vision-Based Localization
Distributed Multimodal Information Processing Group
 

Similar a The Smartphone as Mobile Authorization Proxy (20)

Visual Authentication - A Secure Single Step Authentication for User Authoriz...
Visual Authentication - A Secure Single Step Authentication for User Authoriz...Visual Authentication - A Secure Single Step Authentication for User Authoriz...
Visual Authentication - A Secure Single Step Authentication for User Authoriz...
 
Experience Design Framework for securing Large Scale Information and Communic...
Experience Design Framework for securing Large Scale Information and Communic...Experience Design Framework for securing Large Scale Information and Communic...
Experience Design Framework for securing Large Scale Information and Communic...
 
Posn private information protection in online social networks 2
Posn private information protection in online social networks 2Posn private information protection in online social networks 2
Posn private information protection in online social networks 2
 
Posn private information protection in online social networks 2
Posn private information protection in online social networks 2Posn private information protection in online social networks 2
Posn private information protection in online social networks 2
 
Mm11 nyemedier-15-02-2011
Mm11 nyemedier-15-02-2011Mm11 nyemedier-15-02-2011
Mm11 nyemedier-15-02-2011
 
AN EFFICIENT SEMANTIC DATA ALIGNMENT BASED FCM TO INFER USER SEARCH GOALS USI...
AN EFFICIENT SEMANTIC DATA ALIGNMENT BASED FCM TO INFER USER SEARCH GOALS USI...AN EFFICIENT SEMANTIC DATA ALIGNMENT BASED FCM TO INFER USER SEARCH GOALS USI...
AN EFFICIENT SEMANTIC DATA ALIGNMENT BASED FCM TO INFER USER SEARCH GOALS USI...
 
Data mining in security: Ja'far Alqatawna
Data mining in security: Ja'far AlqatawnaData mining in security: Ja'far Alqatawna
Data mining in security: Ja'far Alqatawna
 
From Research to Applications: What Can We Extract with Social Media Sensing?
From Research to Applications: What Can We Extract with Social Media Sensing?From Research to Applications: What Can We Extract with Social Media Sensing?
From Research to Applications: What Can We Extract with Social Media Sensing?
 
Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11
Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11
Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11
 
Android security a survey of issues, malware penetration, and defenses
Android security a survey of issues, malware penetration, and defensesAndroid security a survey of issues, malware penetration, and defenses
Android security a survey of issues, malware penetration, and defenses
 
Core News Values in Digital Age
Core News Values in Digital AgeCore News Values in Digital Age
Core News Values in Digital Age
 
Sensor Networks and Ambiente Intelligence
Sensor Networks and Ambiente IntelligenceSensor Networks and Ambiente Intelligence
Sensor Networks and Ambiente Intelligence
 
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONSCYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
 
A Mobile Indoor Navigation System Interface Adapted to Vision-Based Localization
A Mobile Indoor Navigation System Interface Adapted to Vision-Based LocalizationA Mobile Indoor Navigation System Interface Adapted to Vision-Based Localization
A Mobile Indoor Navigation System Interface Adapted to Vision-Based Localization
 
Bagesh_Data Privacy and Security.pdf
Bagesh_Data Privacy and Security.pdfBagesh_Data Privacy and Security.pdf
Bagesh_Data Privacy and Security.pdf
 
User types of the Mobile Internet
User types of the Mobile InternetUser types of the Mobile Internet
User types of the Mobile Internet
 
Ambient Intelligence: Definitions and Application Areas
Ambient Intelligence: Definitions and Application AreasAmbient Intelligence: Definitions and Application Areas
Ambient Intelligence: Definitions and Application Areas
 
D01112030
D01112030D01112030
D01112030
 
OSN: Privacy Preserving Policies
OSN: Privacy Preserving PoliciesOSN: Privacy Preserving Policies
OSN: Privacy Preserving Policies
 
Elastic cognitive systems 18 6-2015-dustdar
Elastic cognitive systems 18 6-2015-dustdarElastic cognitive systems 18 6-2015-dustdar
Elastic cognitive systems 18 6-2015-dustdar
 

Más de Distributed Multimodal Information Processing Group

Experimental Evaluation of User Interfaces for Visual Indoor Navigation
Experimental Evaluation of User Interfaces for Visual Indoor NavigationExperimental Evaluation of User Interfaces for Visual Indoor Navigation
Experimental Evaluation of User Interfaces for Visual Indoor Navigation
Distributed Multimodal Information Processing Group
 
Investigating Self-Reporting Behavior in Long-Term Studies
Investigating Self-Reporting Behavior in Long-Term StudiesInvestigating Self-Reporting Behavior in Long-Term Studies
Investigating Self-Reporting Behavior in Long-Term Studies
Distributed Multimodal Information Processing Group
 
Towards a Holistic Approach for Mobile Application Development in Intelligent...
Towards a Holistic Approach for Mobile Application Development in Intelligent...Towards a Holistic Approach for Mobile Application Development in Intelligent...
Towards a Holistic Approach for Mobile Application Development in Intelligent...
Distributed Multimodal Information Processing Group
 
GymSkill - A Personal Trainer for Physical Exercises
GymSkill - A Personal Trainer for Physical ExercisesGymSkill - A Personal Trainer for Physical Exercises
GymSkill - A Personal Trainer for Physical Exercises
Distributed Multimodal Information Processing Group
 
The Healthcare and Motivation Seat - A Survey with the GewoS Chair
The Healthcare and Motivation Seat - A Survey with the GewoS ChairThe Healthcare and Motivation Seat - A Survey with the GewoS Chair
The Healthcare and Motivation Seat - A Survey with the GewoS Chair
Distributed Multimodal Information Processing Group
 
DriveAssist – A V2X-Based Driver Assistance System for Android
DriveAssist – A V2X-Based Driver Assistance System for Android DriveAssist – A V2X-Based Driver Assistance System for Android
DriveAssist – A V2X-Based Driver Assistance System for Android
Distributed Multimodal Information Processing Group
 
Update Behavior in App Markets and Security Implications: A Case Study in Goo...
Update Behavior in App Markets and Security Implications: A Case Study in Goo...Update Behavior in App Markets and Security Implications: A Case Study in Goo...
Update Behavior in App Markets and Security Implications: A Case Study in Goo...
Distributed Multimodal Information Processing Group
 
MobiliNet: A Social Network for Optimized Mobility
MobiliNet: A Social Network for Optimized MobilityMobiliNet: A Social Network for Optimized Mobility
MobiliNet: A Social Network for Optimized Mobility
Distributed Multimodal Information Processing Group
 
Gamification-supported Exploration of Natural User Interfaces
Gamification-supported Exploration of Natural User InterfacesGamification-supported Exploration of Natural User Interfaces
Gamification-supported Exploration of Natural User Interfaces
Distributed Multimodal Information Processing Group
 
MobiDics: Cooperative Mobile e-Learning for Teachers
MobiDics: Cooperative Mobile e-Learning for TeachersMobiDics: Cooperative Mobile e-Learning for Teachers
MobiDics: Cooperative Mobile e-Learning for Teachers
Distributed Multimodal Information Processing Group
 

Más de Distributed Multimodal Information Processing Group (13)

Experimental Evaluation of User Interfaces for Visual Indoor Navigation
Experimental Evaluation of User Interfaces for Visual Indoor NavigationExperimental Evaluation of User Interfaces for Visual Indoor Navigation
Experimental Evaluation of User Interfaces for Visual Indoor Navigation
 
Mit mobilem Lernen zur erweiterten Methodenkompetenz
Mit mobilem Lernen zur erweiterten MethodenkompetenzMit mobilem Lernen zur erweiterten Methodenkompetenz
Mit mobilem Lernen zur erweiterten Methodenkompetenz
 
Investigating Self-Reporting Behavior in Long-Term Studies
Investigating Self-Reporting Behavior in Long-Term StudiesInvestigating Self-Reporting Behavior in Long-Term Studies
Investigating Self-Reporting Behavior in Long-Term Studies
 
Towards a Holistic Approach for Mobile Application Development in Intelligent...
Towards a Holistic Approach for Mobile Application Development in Intelligent...Towards a Holistic Approach for Mobile Application Development in Intelligent...
Towards a Holistic Approach for Mobile Application Development in Intelligent...
 
GymSkill - A Personal Trainer for Physical Exercises
GymSkill - A Personal Trainer for Physical ExercisesGymSkill - A Personal Trainer for Physical Exercises
GymSkill - A Personal Trainer for Physical Exercises
 
The Healthcare and Motivation Seat - A Survey with the GewoS Chair
The Healthcare and Motivation Seat - A Survey with the GewoS ChairThe Healthcare and Motivation Seat - A Survey with the GewoS Chair
The Healthcare and Motivation Seat - A Survey with the GewoS Chair
 
DriveAssist – A V2X-Based Driver Assistance System for Android
DriveAssist – A V2X-Based Driver Assistance System for Android DriveAssist – A V2X-Based Driver Assistance System for Android
DriveAssist – A V2X-Based Driver Assistance System for Android
 
Distributed Networks within ROS: Challenges and Possibilities
Distributed Networks within ROS: Challenges and PossibilitiesDistributed Networks within ROS: Challenges and Possibilities
Distributed Networks within ROS: Challenges and Possibilities
 
Tool Support for Prototyping Interfaces
Tool Support for Prototyping InterfacesTool Support for Prototyping Interfaces
Tool Support for Prototyping Interfaces
 
Update Behavior in App Markets and Security Implications: A Case Study in Goo...
Update Behavior in App Markets and Security Implications: A Case Study in Goo...Update Behavior in App Markets and Security Implications: A Case Study in Goo...
Update Behavior in App Markets and Security Implications: A Case Study in Goo...
 
MobiliNet: A Social Network for Optimized Mobility
MobiliNet: A Social Network for Optimized MobilityMobiliNet: A Social Network for Optimized Mobility
MobiliNet: A Social Network for Optimized Mobility
 
Gamification-supported Exploration of Natural User Interfaces
Gamification-supported Exploration of Natural User InterfacesGamification-supported Exploration of Natural User Interfaces
Gamification-supported Exploration of Natural User Interfaces
 
MobiDics: Cooperative Mobile e-Learning for Teachers
MobiDics: Cooperative Mobile e-Learning for TeachersMobiDics: Cooperative Mobile e-Learning for Teachers
MobiDics: Cooperative Mobile e-Learning for Teachers
 

Último

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 

Último (20)

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 

The Smartphone as Mobile Authorization Proxy

  • 1. Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München The Smartphone as a Mobile Authorization Proxy - Towards Authentication Using Smartphones Luis Roalter, Matthias Kranz, Stefan Diewald, Andreas Möller, Kåre Synnes February 14, 2013 MCPT Workshop at Eurocast 2013
  • 2. Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Daily routines… 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 2
  • 3. Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Scenario Starting your work •  Login into the computer •  You must know your username and password Reading your mails •  Login into your mailserver •  You must know another username and password (probably) Scientific Research •  Login for your library •  You must know another username and password 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 3
  • 4. Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Overview Motivation System architecture Current implementation Problems and Outlook 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 4
  • 5. Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Past Scenario Situation •  Various platforms •  Different user name / password combinations •  No unified login mask Problems •  Many credentials to remember •  No overview •  Multiple accounts to maintain •  Phishing 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 5
  • 6. Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 6
  • 7. Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Recent Scenario Situation •  Various platforms •  Usage of distributed login methods (LDAP, ADS, NIS, …) •  Mostly no unified login mask •  Only one username to remember Problems •  One credential opens everything •  Phishing causes loss of complete system •  Public terminals / displays 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 7
  • 8. Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 8
  • 9. Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Future Motivation Situation •  Various platforms •  Usage of distributed login methods (LDAP, ADS, NIS, …) •  Unified login mask è replace it with a QR code •  No username to remember •  Smartphone is your identity provider •  Phishing is hardly possible Requirements/Problems •  Need of a smartphone with internet connection •  More involved parties; trust 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 9
  • 10. Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München The standard login… 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 10
  • 11. Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Novel approach with QR codes… 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 11
  • 12. Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Ideas Single Sign-On •  Reduce number of different credentials •  Substitute other authentication methods •  Substitute many individual logins by one •  Works especially for organizations with many services Motivation •  Easy usage at different services •  Global sign-off •  Privacy 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 12
  • 13. Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Existing Single Sign-On Solutions OpenID •  De-centralized authentication system •  OpenID identity provided by OpenID provider •  “Relying party” accepts identity as login •  Prone to phishing attacks as redirect is required •  Used by e.g. Yahoo, Microsoft, Facebook, Google Shibboleth •  Identity provider, service provider and discovery service •  Used mainly in university and educational context 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 13
  • 14. Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Single Sign-On Goals for Single Sign-On with mobile devices •  Improved usability & utility: faster authentication process, less error-prone, … •  Improved security (no overseeing of credentials input when typed on on-screen keyboard) •  Separation of private and public devices/data (no Bluetooth link for password input) •  No own login/password management •  No typing on a public display! (no keyboard substitution!) •  Better than direct login for public terminals (might be hacked as hardware is public) 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 14
  • 15. Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Overview Motivation System architecture Current implementation Problems and Outlook 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 15
  • 16. Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Concept Service  1 Service  2 Service  n Service  1 Service  2 Service  n Authenticate Authenticate Authenticate Username  2 Password  2 SSO  Server Username  1 Username  n Password  1 Password  n Username Password User User 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 16
  • 17. Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München How does single sign-on work? Service SSO  Server 4.  Grant  Access  for  User  at  Service 5.  User  Information 1.  Access Service 2.  Redirect  to  SSO 3.  Authenticate 6.  Get  Information From  Service Client 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 17
  • 18. Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Introducing QR codes Why make use of QR codes? •  Fast and easy transfer of ASCII/binary data to a smartphone •  Move forms to a trusted device (my smartphone) Why smartphones? •  Independent connection to the internet •  Storage of personal information •  Usage for other auxiliary services (to read from and write to) 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 18
  • 19. Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Integrating the smartphone Service 5.  Grant  Access  for  User  at  Service SSO  Server 6.  User  Information 2.  Register  Token 3.  Print  QR  Code 1.  Access Service 4.  Send  Data  from  QR  Code 7.  Get  Information From  Service Client 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 19
  • 20. Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Overview Motivation System architecture Current implementation Problems and Outlook 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 20
  • 21. Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Current Implementation Platform •  TomCat Server for RPC •  LDAP for user management •  SQL DB for service and session management Mobile Client •  Android Smartphone •  UMTS/WiFi Connection •  SSL secured communication 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 21
  • 22. Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Android Application: Registration Registration / Login •  Your account (username, password) •  Your hardware: mobile unique ID (MUID), can be e.g. IMEI (direct device identification) or be calculated from hardware parameters for no direct relation to a device •  MUID is used to identify the device to transfer the session to, or for history information (who authenticated a SID) What will be stored? •  Login name •  (hashed) MUID •  (hashed) password is just transferred once and discarded afterwards 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 22
  • 23. Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Android Application: Profile / Management Features •  Visualize running sessions •  Maintain your profile and personal information •  Recognize hijacking of account •  Logout session(s) •  Transparency to the user Ideas •  Transfer sessions between devices (from desktop to mobile) •  Not only authenticating on public terminals, but improve mobility 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 23
  • 24. Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Example Use Case: Room Reservation and Access •  Tablet PC as door sign for meeting rooms •  See when room is occupied or available •  Book a room through the public display –  Needs authentication (who reserves the room?) –  Single-Sign-On with QR Code does not require to type credentials on public display •  Allows even room access (digital lock) 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 24
  • 25. Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Android Application: Authentication Go to a (public or private) terminal •  Request service, e.g. open the login page of the service •  Wait for SSO authentication (e.g. QR code) Terminal sends •  Session ID (SID) to SSO server •  Creates QR Code with that information and displays it on the terminal’s screen Mobile Device •  Scans QR code, gets: SID, service, SSO Server •  Authenticates SID at SSO Server •  SSO Server authenticates session both on mobile and public terminal 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 25
  • 26. Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Overview Motivation System architecture Current implementation Problems and Outlook 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 26
  • 27. Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Analysis Improvements compared to traditional Single Sign-On •  No password input (direct or indirect) on a potentially insecure terminal •  Faster, less error-prone, more convenient identification •  Lost mobile – de-authenticate all sessions, deactivate MUID (SSO admin interface required) •  SSO server hard coded (typed in as preference on the mobile, substituting server in QR Code) •  No phishing login sites (as mobile always uses preferred SSO server) •  Additional hardware binding (one piece more of information) •  Additional channel for authentication (terminal, SSO server; mobile SSO server) 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 27
  • 28. Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Analysis Equal (or at least not worse) •  Only identification (ID verification), no access control yet (authorization)! •  “Fake” MUID (assuming algorithm is known), that is: send “copied” hashed MUID: as with lost physical key, as mobile has no trusted computing platform (TPM) module •  Both: at least accounting of active SIDs, monitoring “key usage” 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 28
  • 29. Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Outlook and Future Work Usability •  PAM module for QR code authentication •  Operating system login using QR codes •  Transfer sessions between terminals Security •  Full encrypted connections (tokens already present) User study •  Acceptance / Usability concept •  Novel applications (public displays) •  etc. 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 29
  • 30. Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Thank you for your attention! Questions? ? ? andreas.moeller@tum.de roalter@tum.de www.vmi.ei.tum.de/ 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 30
  • 31. Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München Paper Reference •  Please find the associated paper at: https://vmi.lmt.ei.tum.de/publications/2013/MCPT2013-IndoorNav_preprint.pdf •  Please cite this work as follows: •  L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes Decision-Point Panorama-Based Indoor Navigation In: 14th International Conference on Computer Aided Systems Theory (EUROCAST 2013), pp. 306-307, Las Palmas de Gran Canaria, Spain, February 2013 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 31
  • 32. Institute for Media Technology Distributed Multimodal Information Processing Group Technische Universität München If you use BibTex, please use the following entry to cite this work: @INPROCEEDINGS{MCPT13MobAuth, author = {Luis Roalter and Matthias Kranz and Stefan Diewald and Andreas M{"o}ller}, title = {{The Smartphone as Mobile Authorization Proxy}}, booktitle = {14th International Conference on Computer Aided Systems Theory (EUROCAST 2013)}, editor = {Alexis Quesada-Arencibia and Jos'{e} Carlos Rodriguez and Roberto Moreno-Diaz jr. and Roberto Moreno-Diaz}, year = {2013}, month = feb, pages = {306--307}, ISBN = {978-84-695-6971-9}, location = {Las Palmas de Gran Canaria, Spain}, } 14.2.2013 L. Roalter, M. Kranz, S. Diewald, A. Möller, K. Synnes 32