HAL will be down for maintenance from Friday, June 10 at 4pm through Monday, June 13 at 9am. More information
Skip to Main content Skip to Navigation
Conference papers

Using Structural Diversity to Enforce Strong Authentication of Mobiles to the Cloud

Samy Kambou 1, 2 Ahmed Bouabdallah 1, 2
1 OCIF - Objets communicants pour l'Internet du futur
IMT Atlantique - IMT Atlantique Bretagne-Pays de la Loire, IRISA-D2 - RÉSEAUX, TÉLÉCOMMUNICATION ET SERVICES
Abstract : Modern portable devices such as smartphones are enhanced by advanced functionalities and may therefore soon become both the preferred portable computing device (thereby substituting laptops) and the personal trusted device. They are also increasingly used to access to online cloud services, including those particularly sensitive which require high security. This paper introduces an original and strong authentication method for mobiles. It involves a two factor scheme enhanced through network channels and devices diversity. Our solution combines an OTP-based approach using an IoT object as secondary device in addition to the smartphone. The diversity of the network's channels rests on the use of one of the LPWAN networks together with LTE or WIFI networks. Authentication factors are therefore transmitted over different channels through different devices thus greatly reducing the attack surface. The proposal is also enhanced by end-to-end encryption of the transferred sensitive contents. The link with the authorization issues is analyzed and the integration of our approach to OpenID Connect/OAuth 2.0 is investigated. A platform that implements this scheme has been developed, tested and evaluated under different attack scenarios.
Complete list of metadata

Contributor : Ahmed Bouabdallah Connect in order to contact the contributor
Submitted on : Monday, September 2, 2019 - 11:45:10 AM
Last modification on : Monday, April 4, 2022 - 9:28:23 AM



Samy Kambou, Ahmed Bouabdallah. Using Structural Diversity to Enforce Strong Authentication of Mobiles to the Cloud. CNS 2019 IEEE Conference on Communications and Network Security, Jun 2019, Washington DC, United States. pp.1-9, ⟨10.1109/CNS.2019.8802823⟩. ⟨hal-02276070⟩



Record views