concentrates on the first authentication scheme therefore the second scheme is

Concentrates on the first authentication scheme

This preview shows page 83 - 85 out of 104 pages.

concentrates on the first authentication scheme, therefore the second scheme is described in addition. Only the client’s part of the OTP -based scheme was developed. The thesis also studies how new authentication schemes in general and those that work with mobile phones in particular can be integrated into the Windows logon system. A conclusion is made that it is impossible to make a generic architecture that would easily support all existing and possible future mobile phone authentication schemes for the Windows logon.
Image of page 83
71 Windows is already a highly customizable environment and can support virtually any authentication scheme for the logon, though a considerable amount of modifications may be required to implement a particular scheme. All authentication schemes can be placed to one of four groups according to the amount of modifications required to be done to the Windows system. The evaluation of the difficulty level for each of the groups is made. As an example, the SIM Strong architecture is evaluated according to this scheme. It is shown that the SIM Strong, as well as the rest of evaluated phone-based architectures, requires changing several Windows components (quite a demanding task) in order to be used for the workstation logon. 5.2 Discussions and future work Both of the proposed architectures rely on the UICC card as a security element. However, since secret keys for the UICC’s security domains were not ava ilable, the developed Java Card applets were tested only in the development kit simulation environment. There was no possibility to make it with real cards. Therefore, both solutions should be tested with real cards. The key element of the Bluetooth smart card reader architecture the driver has been fully implemented. It was tested on Windows 7. Although there should be no problems in using it on Windows Vista or XP, these tests are still to be done. The Bluetooth smart card reader driver securely and properly transmits all received APDUs in both directions, however because of the lack of time the L2CAPClient MIDlet, which is responsible for the card emulation logic, has limited APDU processing capabilities. It can process only simple commands like selecting applet. This drawback does not allow showing a fully functional logon procedure. However, there should not be any difficulties to make this module fully functional. The main feature of the proposed Bluetooth smart card reader architecture is that it can support virtually any authentication scheme and application that utilizes smart cards. Therefore, in the future work we would like to try it in such widespread operations as signing documents, e-mails, etc. The proposed Bluetooth smart card reader architecture utilizes Bluetooth for communication between the phone and the computer. However, the Bluetooth encryption algorithm has some security flaws [60], and is not considered very strong [98]. On the other hand, the USB connection offers higher security since it is almost impossible to eavesdrop data transferred over a short USB cable between the mobile phone and the computer. Besides, there
Image of page 84
Image of page 85

You've reached the end of your free preview.

Want to read all 104 pages?

  • Spring '14
  • Hooks
  • ........., smart card, Two-factor authentication, Authentication methods

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture