Smartphones are increasingly being used to store personal information as well as to access sensitive data from the Internet and the cloud. Establishment of the identity of a user requesting information from smartphones is a prerequisite for secure systems in such scenarios. In the past, keystroke-based user identification has been successfully deployed on production-level mobile devices to mitigate the risks associated with naïve username/password based authentication. However, these approaches have two major limitations: they are not applicable to services where authentication occurs outside the domain of the mobile device - such as web-based services; and they often overly tax the limited computational capabilities of mobile devices. In this paper, we propose a protocol for keystroke dynamics analysis which allows web-based applications to make use of remote attestation and delegated keystroke analysis. The end result is an efficient keystroke-based user identification mechanism that strengthens traditional password protected services while mitigating the risks of user profiling by collaborating malicious web services. © 2010 Springer-Verlag Berlin Heidelberg.
CITATION STYLE
Nauman, M., & Ali, T. (2010). TOKEN: Trustable keystroke-based authentication for web-based applications on smartphones. In Communications in Computer and Information Science (Vol. 76 CCIS, pp. 286–297). https://doi.org/10.1007/978-3-642-13365-7_28
Mendeley helps you to discover research relevant for your work.