11 March 2015 Smartphone-based secure authenticated session sharing in Internet of Personal Things
Author Affiliations +
In the context of password-based authentication, a user can only memorize limited number of usernames and passwords. They are generally referred to as user-credentials. Longer character length of passwords further adds complication in mastering them. The expansion of the Internet and our growing dependency on it, has made it almost impossible for us to handle the big pool of user-credentials. Using simple, same or similar passwords is considered a poor practice, as it can easily be compromised by password cracking tools and social engineering attacks. Therefore, a robust and painless technique to manage personal credentials for websites is desirable. In this paper, a novel technique for user-credentials management via a smart mobile device such as a smartphone in a local network is proposed. We present a secure user-credential management scheme in which user’s account login (username) and password associated with websites domain name is saved into the mobile device’s database using a mobile application. We develop a custom browser extension application for client and use it to import user’s credentials linked with the corresponding website from the mobile device via the local Wi-Fi network connection. The browser extension imports and identifies the authentication credentials and pushes them into the target TextBox locations in the webpage, ready for the user to execute. This scheme is suitably demonstrated between two personal devices in a local network.
© (2015) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Ram Krishnan, Ram Krishnan, Jiwan Ninglekhu, Jiwan Ninglekhu, "Smartphone-based secure authenticated session sharing in Internet of Personal Things", Proc. SPIE 9411, Mobile Devices and Multimedia: Enabling Technologies, Algorithms, and Applications 2015, 941109 (11 March 2015); doi: 10.1117/12.2086282; https://doi.org/10.1117/12.2086282

Back to Top