Secure Mobile Authentication for Linux Workstation log on

Password based logon schemes have many security weaknesses. For secure environments smart card and biometric based authentication solutions are available as replacement for standard password based systems. Nevertheless, the cost of deployment and maintenance of these systems is quite high. On the ot...

Full description

Bibliographic Details
Main Author: Habib, Usman
Format: Others
Language:English
Published: Norges teknisk-naturvitenskapelige universitet, Institutt for telematikk 2010
Subjects:
Online Access:http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-10898
Description
Summary:Password based logon schemes have many security weaknesses. For secure environments smart card and biometric based authentication solutions are available as replacement for standard password based systems. Nevertheless, the cost of deployment and maintenance of these systems is quite high. On the other hand, mobile network operators have a huge base of deployed smart cards that can be reused to provide authentication in other spheres significantly reducing costs. In this project we present a study of how mobile phones can be used to provide a secure low-cost two-factor workstation logon solution.To find and study the available mobile phone based authentication architectures and come up with workstation logon architecture the study of relevant technologies utilized in these solutions: UMTS networks, Bluetooth communication, Remote Authentication Dial in User Service (RADIUS), authentication and authorization in Windows, Linux, and MAC OS X. The analysis of available mobile phone based authentication schemes like SIM Strong schemes based on EAP-SIM, Session-ID based schemes, and OTP based schemes are also added.A solution for Linux workstation logon process has been proposed in the thesis using the Pluggable Authentication Module (PAM). The Solution uses 2 factors for authentication, one is the static password and the second factor is the mobile based authentication using a 13 character long OTP. With adding the existing technology and giving the administrator the option of selecting the authentication method for user makes the solution more suitable for an enterprise.