Alireza Pirayesh Sabzevar scite author profile

Stavrou

2008

In this paper, we present a series of methods to authenticate a user with a graphical password. To that end, we employ the user's personal handheld device as the password decoder and the second factor of authentication. In our methods, a service provider challenges the user with an image password. To determine the appropriate click points and their order, the user needs some hint information transmitted only to her handheld device. We show that our method can overcome threats such as key-loggers, weak password, and shoulder surfing. With the increasing popularity of handheld devices such as cell phones, our approach can be leveraged by many organizations without forcing the user to memorize different passwords or carrying around different tokens.

show abstract

Authentication, authorisation and auditing for ubiquitous computing: a survey and vision

2011

IJSSC

Improving the Security of Mobile-Phone Access to Remote Personal Computers

2008

Abstract:Cell phones are assuming an increasing role in personal computing tasks, but cell phone security has not evolved in parallel with this new role. In a class of systems that leverage cell phones to facilitate access to remote services, compromising a phone may provide the means to compromise or abuse the remote services. This paper presents the background to this class of systems, examines the threats they are exposed to, and discusses possible countermeasures. A concrete solution is presented, which is based on multi-factor authentication and an on-demand strategy for minimizing exposure. This solution is built on top of a representative off-the-shelf commercial product called SoonR. Rather than proposing a one-size-fits-all solution, this work enables end-users to manage the tradeoff between security assurances and the overhead of using the corresponding features. The contributions of this paper are a discussion of the problem and a set of guidelines for improving the design of security solutions for remote access systems.

show abstract

Chameleon: A Model of Identification, Authorization and Accountability for Ubicomp

2011

Secure Mobile Phone Access to Remote Personal Computers: A Case Study

2009