{"title":"基于qr码和网络摄像头的智能移动设备认证方案分析","authors":"Oleksandr I. Kot, I. Svatovskiy","doi":"10.26565/2304-6201-2020-47-04","DOIUrl":null,"url":null,"abstract":"The paper analyzes the necessity and expediency of using the method of user authentication based on QR-code and webcam for Smart-Mobile devices. Phishing attacks are one of the most serious threats faced by Internet users. Existing authentication schemes are not able to provide an adequate protection from these attacks, as evidenced by statistics collected by the companies researching cybersecurity. Therefore, the task of developing a secure authentication scheme for users, which can effectively counteract various types of phishing attacks is very important. The paper proposes a new authentication scheme for users, which allows them to log in to their accounts without remembering passwords or presenting other authentication tokens. According to the messaging protocol in the proposed scheme, the user must scan the dynamically generated QR-code using a smartphone application, then take their own photo via the webcam, and send it to the smartphone via a message from the server. Thus, the full authentication procedure requires minimal user involvement and is performed automatically. The results of evaluation and practical testing show that the proposed authentication scheme is quite reliable and can be used as a secure user authentication scheme for Smart-Mobile devices. The proposed authentication protocol is not only able to cope with attacks such as Real Time Man-In-The-Middle and Controlled Relay Man-In-The-Middle, but can also protect users from the effects of malicious browser extensions and substitution of authentic applications by malicious variants. In addition, the proposed scheme does not require users to have any authentication tokens or credentials, as all they need is to scan the QR-code and verify the image taken by their own webcam. That makes the use of the proposed scheme more convenient and easy for users as compared to other known authentication schemes. Currently, the application of the proposed scheme requires the use of HTTPS websites for the exchange of all data involved. Thus, the proposed protocol can be implemented to manage cookies securely in order to prevent the interception of session data.","PeriodicalId":53765,"journal":{"name":"Meridiano 47-Journal of Global Studies","volume":"83 1","pages":""},"PeriodicalIF":0.1000,"publicationDate":"2020-09-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Analysis of the authentication scheme based on the use of QR-code and webcam for Smart-Mobile devices\",\"authors\":\"Oleksandr I. Kot, I. Svatovskiy\",\"doi\":\"10.26565/2304-6201-2020-47-04\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The paper analyzes the necessity and expediency of using the method of user authentication based on QR-code and webcam for Smart-Mobile devices. Phishing attacks are one of the most serious threats faced by Internet users. Existing authentication schemes are not able to provide an adequate protection from these attacks, as evidenced by statistics collected by the companies researching cybersecurity. Therefore, the task of developing a secure authentication scheme for users, which can effectively counteract various types of phishing attacks is very important. The paper proposes a new authentication scheme for users, which allows them to log in to their accounts without remembering passwords or presenting other authentication tokens. According to the messaging protocol in the proposed scheme, the user must scan the dynamically generated QR-code using a smartphone application, then take their own photo via the webcam, and send it to the smartphone via a message from the server. Thus, the full authentication procedure requires minimal user involvement and is performed automatically. The results of evaluation and practical testing show that the proposed authentication scheme is quite reliable and can be used as a secure user authentication scheme for Smart-Mobile devices. The proposed authentication protocol is not only able to cope with attacks such as Real Time Man-In-The-Middle and Controlled Relay Man-In-The-Middle, but can also protect users from the effects of malicious browser extensions and substitution of authentic applications by malicious variants. In addition, the proposed scheme does not require users to have any authentication tokens or credentials, as all they need is to scan the QR-code and verify the image taken by their own webcam. That makes the use of the proposed scheme more convenient and easy for users as compared to other known authentication schemes. Currently, the application of the proposed scheme requires the use of HTTPS websites for the exchange of all data involved. Thus, the proposed protocol can be implemented to manage cookies securely in order to prevent the interception of session data.\",\"PeriodicalId\":53765,\"journal\":{\"name\":\"Meridiano 47-Journal of Global Studies\",\"volume\":\"83 1\",\"pages\":\"\"},\"PeriodicalIF\":0.1000,\"publicationDate\":\"2020-09-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Meridiano 47-Journal of Global Studies\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.26565/2304-6201-2020-47-04\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"INTERNATIONAL RELATIONS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Meridiano 47-Journal of Global Studies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.26565/2304-6201-2020-47-04","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"INTERNATIONAL RELATIONS","Score":null,"Total":0}
Analysis of the authentication scheme based on the use of QR-code and webcam for Smart-Mobile devices
The paper analyzes the necessity and expediency of using the method of user authentication based on QR-code and webcam for Smart-Mobile devices. Phishing attacks are one of the most serious threats faced by Internet users. Existing authentication schemes are not able to provide an adequate protection from these attacks, as evidenced by statistics collected by the companies researching cybersecurity. Therefore, the task of developing a secure authentication scheme for users, which can effectively counteract various types of phishing attacks is very important. The paper proposes a new authentication scheme for users, which allows them to log in to their accounts without remembering passwords or presenting other authentication tokens. According to the messaging protocol in the proposed scheme, the user must scan the dynamically generated QR-code using a smartphone application, then take their own photo via the webcam, and send it to the smartphone via a message from the server. Thus, the full authentication procedure requires minimal user involvement and is performed automatically. The results of evaluation and practical testing show that the proposed authentication scheme is quite reliable and can be used as a secure user authentication scheme for Smart-Mobile devices. The proposed authentication protocol is not only able to cope with attacks such as Real Time Man-In-The-Middle and Controlled Relay Man-In-The-Middle, but can also protect users from the effects of malicious browser extensions and substitution of authentic applications by malicious variants. In addition, the proposed scheme does not require users to have any authentication tokens or credentials, as all they need is to scan the QR-code and verify the image taken by their own webcam. That makes the use of the proposed scheme more convenient and easy for users as compared to other known authentication schemes. Currently, the application of the proposed scheme requires the use of HTTPS websites for the exchange of all data involved. Thus, the proposed protocol can be implemented to manage cookies securely in order to prevent the interception of session data.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
