A Smartphone-Based Two-Factor Authentication System Through ID-Porten
MetadataVis full innførsel
The field of authentication is an immensibly important, and challenging, part of information security. In Norway, ID-porten serves as a front for authentication to public services. Existing electronic identification mechanisms in ID-porten are based on two-factor authentication, where the user's identity is proven by something the prover knows and something she/he has. Today, the has factor functionality is achieved through proprietary devices, such as dongles or smartcard, or SMS sent to users' mobile phones.Based on the motivation that existing solutions are either insecure and/or cumbersome to use, alternatives using smartphones as authentication factors are presented. The security related to utilizing smartphones as have factors is evaluated. A system was implemented showing technological possibilities, and the usability and security of the system is analyzed.Our system demonstrates that smartphones are practical as authentication tokens. We predict smartphone-based authentication systems to replace existing authentication solutions in the future.