Online Authentication Using Smart Card Technology in Mobile Phone Infrastructure

Online Authentication Using Smart Card Technology in Mobile Phone Infrastructure

Teddy Mantoro (International Islamic University Malaysia, Malaysia), Admir Milišic (International Islamic University Malaysia, Malaysia) and Media Ayu (International Islamic University Malaysia, Malaysia)
DOI: 10.4018/978-1-4666-2163-3.ch008
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

The widespread of Internet usage has resulted in a greater number and variety of applications involving different types of private information. In order to diminish privacy concerns and strengthen user trust, security improvements in terms of authentication are necessary. The solutions need to be convenient, entailing ease of use and higher mobility. The suggested approach is to make use of the already popular mobile phone and to involve the mobile network, benefiting from Subscriber Identity Module (SIM) card’s tamper resistance to become trusted entities guarding personal information and identifying users. Mobile phone’s SIM card is convenient for safely storing security parameters essential for secured communication. It becomes secure entity compulsory for getting access to privacy sensitive Internet applications, like those involving money transfers. Utilizing the NFC interface passes the personal user keys only when needed, giving additional strength to the traditional public key cryptography approach in terms of security and portability.
Chapter Preview
Top

Introduction

Perhaps due to the lack of experience and knowledge among most of the Internet users, combined with unsatisfying security level regarding online software and websites, Internet user privacy becomes more of an issue each year. As numbers are constantly increasing in terms of services available, connected users and networked devices, Internet community is faced with inherited, new risks that need to be dealt with. Firstly, due to the rise of social networking sites, most notably Facebook, typical user names are becoming less common and real data is used instead. Now ramifications of compromised accounts are more serious and could possibly lead to identity theft. Recent case of personal data leakage involving Facebook, when private details of 100 million users were exposed, illustrates the gravity of situation (Hough, 2010). Secondly, the proliferation of the Internet has given rise to electronic commerce or e-commerce, based on buying and selling online. Because the trust is essential for successful business transactions, the difficulties in protecting information confidentiality and integrity have the greatest impact on e-commerce development. The problem is significant decrease of confidence in online payment system when there is even the slightest possibility or mere rumor of potential flaws in terms of security or convenience. Most of the users still have concerns about the privacy when dealing with “faceless” e-commerce web sites. Similarly, some users are more cautious and more reluctant to adopt new trends, like social networking web sites, due to the fears of their personal information being unrightfully exposed. Even though most of the people are reckless unless material well being (i.e., the money) is involved, in time, as the dangers of stolen private information become apparent, service providers in general will definitely be compelled to do more in order to reassure customers and keep their trust.

Computers could be compared to buildings, due to the fact that both keep some objects and, more or less, guard them against intruders and limit the access to those who are authorized. Considering the buildings, most of them have doors and locks, which is the basic security measure. However, throughout history, with new technologies and ideas, new mechanisms were invented and then used in combination with common locks. These new, different mechanisms are normally not considered as a replacement to one another, but rather an additional security layer to be used together with what was already there. So today, breaking into a museum and retrieving a valuable artifact is not an easy task and requires highly skilled team of diverse expertise and skills. In addition to locked doors there are guards, security cameras, lasers and bulletproof glass boxes that need to be faced.

The reason some buildings have more security layers than others, is because they host objects which are of greater value. In the same way, as the Internet applications become more diverse and more complex, the value of user account relevant information becomes higher and of greater importance. Therefore, with increasing number of applications handling private information, the time has come to consider another layer for user authentication, in addition to common method of user name and password combination. The chances of assuming other person’s identity or tampering with their account information would be smaller that way, since more resources would be required on attacker’s side in terms of money, skill and work force. Furthermore, the users of various Internet services would be reassured and thus feel more confident to entrust their private information to the providers. However, there is additional factor that needs to be kept in mind while devising a solution. No matter how effective authentication method may be, the success of it also depends on user convenience which entails ease of use and mobility.

Complete Chapter List

Search this Book:
Reset