Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
 A secure mobile phone-based interactive logon in Windows
KTH, School of Information and Communication Technology (ICT).
2010 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Password-based logon schemes have many security weaknesses. Smart card and biometric based authentication solutions are available as a replacement for standard password-based schemes for security sensitive environments. However, the cost of deployment and maintenance of these systems is quite high. On the other hand, mobile network operators have a huge base of deployed smart cards that can be reused to provide authentication in other areas significantly reducing costs.

This master’s thesis presents a study of how the workstation identity management can be made more secure and user-friendly by using a mobile phone in the Windows workstation logon process. Two workstation logon schemes that utilize both the mobile phone and the UICC inside of the phone are proposed as a result of this study.

The first scheme emulates a smart card reader and a smart card in order to interoperate with the Windows smart card framework to provide PKI-based logon. The mobile phone with the UICC card emulates a smart card that communicates with the emulated smart card reader via protected Bluetooth channel.

The proposed scheme reuses the Windows smart card infrastructure as much as possible, both in terms of software and hardware. Therefore, a seamless integration with Active Directory and Window server is achieved. This scheme can work with any authentication scheme used with real smart cards. It can be used not only for the logon but also for all other functions typically done with smart cards (e.g. signing of documents, e-mails).

In the second scheme, the mobile phone with the UICC serves as a token for generating OTP values based on a shared secret key and the time parameter.

In order to design Windows logon architectures based on mobile phones, a study of relevant technologies, components, and their security aspects has been conducted. Existing phone-based authentication schemes have been thoroughly studied both from the usability and from the security points of view. This has been done to understand possible alternatives for different aspects of the architectures that were designed.

The thesis analyzed how new authentication schemes in general and those that work with mobile phones in particular could be integrated into the Windows logon system. A conclusion is made that it is impossible to make a generic architecture that would easily support all existing and possible future mobile phone authentication schemes for the Windows logon. Windows is already a highly customizable environment and can support virtually any authentication scheme for the logon, though a considerable amount of modifications may be required to implement a particular scheme.

Place, publisher, year, edition, pages
2010. , 104 p.
Identifiers
URN: urn:nbn:se:kth:diva-24272OAI: oai:DiVA.org:kth-24272DiVA: diva2:346209
Uppsok
Technology
Examiners
Available from: 2010-08-31 Created: 2010-08-31 Last updated: 2010-08-31Bibliographically approved

Open Access in DiVA

fulltext(2036 kB)4098 downloads
File information
File name FULLTEXT01.pdfFile size 2036 kBChecksum SHA-512
58111830a364a981b068ab9592a48c78aa0ee8f2e2728a95d91a0dee031124f7992e9beed3d73e20c1f27751ebc53f724aef78e6cca5a6b8ec725121952fa1d4
Type fulltextMimetype application/pdf

By organisation
School of Information and Communication Technology (ICT)

Search outside of DiVA

GoogleGoogle Scholar
Total: 4098 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 635 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf