Auth4App: Streamlining authentication for integrated cyber–physical environments

Bibliographic Details
Main Author: Quincozes V.E.
Publication Date: 2024
Other Authors: Mansilha R.B., Kreutz D., Immich R., Miers, Charles Christian
Format: Article
Language: eng
Source: Repositório Institucional da Udesc
Download full: https://repositorio.udesc.br/handle/UDESC/1646
Summary: © 2024 Elsevier LtdThe growing integration of mobile applications for user authentication has revolutionized user interactions with digital platforms, offering novel possibilities in user experience (UX). However, this paradigm shift poses significant security challenges. Leveraging smartphones for authentication purposes provides convenient and swift access to services, streamlining user interactions with various platforms through simple taps. Several institutions adopt static QR Codes generated from primary, unchanging user data (e.g., individual citizen national identification numbers) for physical authentication procedures like access turnstiles. However, relying on static data introduces critical security vulnerabilities as this data is susceptible to compromise. Implementing an One-Time Authentication Code (OTAC) approach appears promising in addressing these issues. Nevertheless, the absence of an integrated solution for developing a physical authentication process using OTAC leads to suboptimal API user experiences (UX APIs) and subsequent security vulnerabilities. In response to this challenge, we introduce Auth4App, a protocol set designed for identification and authentication using mobile applications. Auth4App comprises two core protocols: one dedicated to linking user credentials to mobile devices (i.e., identification), and the other for generating OTAC. We showcase the adaptability and practicality of Auth4App through three distinct case studies: a mobile-only scenario, integration of mobile devices with a turnstile, and integration of Auth4App with FIDO2. To ensure the robustness of the security protocols, Auth4App is evaluated using automated verification tools and argument proofs, solidifying the system's reliability.
id UDESC-2_a51380b3c6cdecc899b71422beb72ef4
oai_identifier_str oai:repositorio.udesc.br:UDESC/1646
network_acronym_str UDESC-2
network_name_str Repositório Institucional da Udesc
repository_id_str 6391
spelling Auth4App: Streamlining authentication for integrated cyber–physical environments© 2024 Elsevier LtdThe growing integration of mobile applications for user authentication has revolutionized user interactions with digital platforms, offering novel possibilities in user experience (UX). However, this paradigm shift poses significant security challenges. Leveraging smartphones for authentication purposes provides convenient and swift access to services, streamlining user interactions with various platforms through simple taps. Several institutions adopt static QR Codes generated from primary, unchanging user data (e.g., individual citizen national identification numbers) for physical authentication procedures like access turnstiles. However, relying on static data introduces critical security vulnerabilities as this data is susceptible to compromise. Implementing an One-Time Authentication Code (OTAC) approach appears promising in addressing these issues. Nevertheless, the absence of an integrated solution for developing a physical authentication process using OTAC leads to suboptimal API user experiences (UX APIs) and subsequent security vulnerabilities. In response to this challenge, we introduce Auth4App, a protocol set designed for identification and authentication using mobile applications. Auth4App comprises two core protocols: one dedicated to linking user credentials to mobile devices (i.e., identification), and the other for generating OTAC. We showcase the adaptability and practicality of Auth4App through three distinct case studies: a mobile-only scenario, integration of mobile devices with a turnstile, and integration of Auth4App with FIDO2. To ensure the robustness of the security protocols, Auth4App is evaluated using automated verification tools and argument proofs, solidifying the system's reliability.2024-12-05T13:31:15Z2024info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/article2214-212610.1016/j.jisa.2024.103802https://repositorio.udesc.br/handle/UDESC/1646Journal of Information Security and Applications83Quincozes V.E.Mansilha R.B.Kreutz D.Immich R.Miers, Charles Christianengreponame:Repositório Institucional da Udescinstname:Universidade do Estado de Santa Catarina (UDESC)instacron:UDESCinfo:eu-repo/semantics/openAccess2024-12-07T20:36:25Zoai:repositorio.udesc.br:UDESC/1646Biblioteca Digital de Teses e Dissertaçõeshttps://pergamumweb.udesc.br/biblioteca/index.phpPRIhttps://repositorio-api.udesc.br/server/oai/requestri@udesc.bropendoar:63912024-12-07T20:36:25Repositório Institucional da Udesc - Universidade do Estado de Santa Catarina (UDESC)false
dc.title.none.fl_str_mv Auth4App: Streamlining authentication for integrated cyber–physical environments
title Auth4App: Streamlining authentication for integrated cyber–physical environments
spellingShingle Auth4App: Streamlining authentication for integrated cyber–physical environments
Quincozes V.E.
title_short Auth4App: Streamlining authentication for integrated cyber–physical environments
title_full Auth4App: Streamlining authentication for integrated cyber–physical environments
title_fullStr Auth4App: Streamlining authentication for integrated cyber–physical environments
title_full_unstemmed Auth4App: Streamlining authentication for integrated cyber–physical environments
title_sort Auth4App: Streamlining authentication for integrated cyber–physical environments
author Quincozes V.E.
author_facet Quincozes V.E.
Mansilha R.B.
Kreutz D.
Immich R.
Miers, Charles Christian
author_role author
author2 Mansilha R.B.
Kreutz D.
Immich R.
Miers, Charles Christian
author2_role author
author
author
author
dc.contributor.author.fl_str_mv Quincozes V.E.
Mansilha R.B.
Kreutz D.
Immich R.
Miers, Charles Christian
description © 2024 Elsevier LtdThe growing integration of mobile applications for user authentication has revolutionized user interactions with digital platforms, offering novel possibilities in user experience (UX). However, this paradigm shift poses significant security challenges. Leveraging smartphones for authentication purposes provides convenient and swift access to services, streamlining user interactions with various platforms through simple taps. Several institutions adopt static QR Codes generated from primary, unchanging user data (e.g., individual citizen national identification numbers) for physical authentication procedures like access turnstiles. However, relying on static data introduces critical security vulnerabilities as this data is susceptible to compromise. Implementing an One-Time Authentication Code (OTAC) approach appears promising in addressing these issues. Nevertheless, the absence of an integrated solution for developing a physical authentication process using OTAC leads to suboptimal API user experiences (UX APIs) and subsequent security vulnerabilities. In response to this challenge, we introduce Auth4App, a protocol set designed for identification and authentication using mobile applications. Auth4App comprises two core protocols: one dedicated to linking user credentials to mobile devices (i.e., identification), and the other for generating OTAC. We showcase the adaptability and practicality of Auth4App through three distinct case studies: a mobile-only scenario, integration of mobile devices with a turnstile, and integration of Auth4App with FIDO2. To ensure the robustness of the security protocols, Auth4App is evaluated using automated verification tools and argument proofs, solidifying the system's reliability.
publishDate 2024
dc.date.none.fl_str_mv 2024-12-05T13:31:15Z
2024
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/article
format article
status_str publishedVersion
dc.identifier.uri.fl_str_mv 2214-2126
10.1016/j.jisa.2024.103802
https://repositorio.udesc.br/handle/UDESC/1646
identifier_str_mv 2214-2126
10.1016/j.jisa.2024.103802
url https://repositorio.udesc.br/handle/UDESC/1646
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv Journal of Information Security and Applications
83
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.source.none.fl_str_mv reponame:Repositório Institucional da Udesc
instname:Universidade do Estado de Santa Catarina (UDESC)
instacron:UDESC
instname_str Universidade do Estado de Santa Catarina (UDESC)
instacron_str UDESC
institution UDESC
reponame_str Repositório Institucional da Udesc
collection Repositório Institucional da Udesc
repository.name.fl_str_mv Repositório Institucional da Udesc - Universidade do Estado de Santa Catarina (UDESC)
repository.mail.fl_str_mv ri@udesc.br
_version_ 1848168376716754944

Similar Items