INSPIRING FUTURES

Comparing and contrasting different mobile phone technologies when implementing out-of-band authentication to a web portal using social security numbers to identify users.

Wagstaff , Ashlef (2009) Comparing and contrasting different mobile phone technologies when implementing out-of-band authentication to a web portal using social security numbers to identify users. Other thesis, Edinburgh Napier University.

[img]
Preview
PDF
Available under License Creative Commons Attribution Non-commercial.

Download (2721kB) | Preview

    Abstract/Description

    With increasing numbers of broadband connections (Office for National Statistics, 2008) and consumers conducting ever more complex transactions on those connections (Nicholas, Kershaw, & Walker, 2006 /2007), it is imperative that users and services have accountability through proof of identity (Summers, 1997). Yet some proponents argue that given the openness of the internet it may be almost impossible to absolutely prove the identity of a remote person or service (Price, 2006).

    Kim Cameron in his argument for Federated Identity states that “A system that does not put users in control will – immediately or over time – be rejected.” (2005) which is also a view echoed by Dean (Identity Management – back to the user, 2006). The aim of the thesis is to argue for a self-authentication factor that is integrated into a Federated Identity infrastructure using an out-of-band loop to a mobile device; this argument is then supported with an implemented proof-of-concept prototype. The prototype and its concept are evaluated in a small usability study and an encryption performance experiment on a mobile device. The results of the usability study show that users feel more comfortable with self-authentication using something physical that they hold and respond to than with a third party verifying information on their behalf. The results also show the encryption needed for end-to-end confidentiality and integrity during the out-of-band communication will affect battery life to a degree. The thesis concludes that there is a sound base for self-authentication from a user perspective and that further user and infrastructure studies will need to be conducted on self-authentication before it is realised in the marketplace. It also found that implementing the prototype was more straightforward for the .Net Compact Framework on the Windows Mobile device than it was using the JavaMe platform.

    Item Type: Thesis (Other)
    Uncontrolled Keywords: Mobile phone communication; broadband; federated identity; self-authenticated; out-of-band; confidentiality; encryption;
    University Divisions/Research Centres: Faculty of Engineering, Computing and Creative Industries > School of Computing
    Dewey Decimal Subjects: 000 Computer science, information & general works >
    600 Technology > 620 Engineering > 621 Electronic & mechanical engineering > 621.3 Electrical & electronic engineering > 621.38 Electronics & Communications engineering > 621.382 Communications engineering > 621.3821 Communications networks
    Library of Congress Subjects: T Technology > TK Electrical engineering. Electronics Nuclear engineering
    Item ID: 4030
    Depositing User: Professor Bill Buchanan
    Date Deposited: 10 Jan 2011 15:34
    Last Modified: 12 Jan 2011 04:57
    URI: http://researchrepository.napier.ac.uk/id/eprint/4030

    Actions (login required)

    View Item

    Document Downloads

    More statistics for this item...

    Edinburgh Napier University is a registered Scottish charity. Registration number SC018373