Graduation Year
2015
Document Type
Thesis
Degree
M.S.
Degree Name
Master of Science (M.S.)
Degree Granting Department
Computer Science and Engineering
Major Professor
Jay Ligatti, Ph.D.
Committee Member
Dmitry Goldgof, Ph.D.
Committee Member
Yao Liu, Ph.D.
Keywords
access control, Authentication protocols, mobile devices, security, verification
Abstract
Authentication protocols are very common mechanisms to confirm the legitimacy of someone’s or something’s identity in digital and physical systems.
This thesis presents a new and robust authentication method based on users’ multiple devices. Due to the popularity of mobile devices, users are becoming more likely to have more than one device (e.g., smartwatch, smartphone, laptop, tablet, smart-car, smart-ring, etc.). The authentication system presented here takes advantage of these multiple devices to implement authentication mechanisms. In particular, the system requires the devices to collaborate with each other in order for the authentication to succeed. This new authentication protocol is robust against theft-based attacks on single device; an attacker would need to steal multiple devices in order to compromise the authentication system.
The new authentication protocol comprises an authenticator and at least two user devices, where the user devices are associated with each other. To perform an authentication on a user device, the user needs to respond a challenge by using his/her associated device. After describing how this authentication protocol works, this thesis will discuss three different versions of the protocol that have been implemented. In the first implementation, the authentication process is performed by using two smartphones. Also, as a challenge, a QR code is used. In the second implementation, instead of using a QR code, NFC technology is used for challenge transmission. In the last implementation, the usability with different platforms is exposed. Instead of using smartphones, a laptop computer and a smartphone combination is used. Furthermore, the authentication protocol has been verified by using an automated protocol-verification tool to check whether the protocol satisfies authenticity and secrecy properties. Finally, these implementations are tested and analyzed to demonstrate the performance variations over different versions of the protocol.
Scholar Commons Citation
Cetin, Cagri, "Design, Testing and Implementation of a New Authentication Method Using Multiple Devices" (2015). USF Tampa Graduate Theses and Dissertations.
https://digitalcommons.usf.edu/etd/5660