Publication details

Home Publications Publication details

Device versus network-centric authentication models for mobile devices – operational and perceptual trade-offs
Karatzouni S, Clarke NL, Furnell SM
Proceedings of the Third Collaborative Research Symposium on Security, E-learning, Internet and Networking (SEIN 2007), Plymouth, UK, ISBN: 978-1-8410-2173-7, pp23-39, 2007
Can be ordered on-line.
Download links:  Download PDF

The increasing capabilities of mobile devices, such as smartphones and PDAs, are leading to a corresponding increase in the need for security against unauthorised access. Indeed, as mobile data and services become more sensitive, the existing method of user authentication (predominately based upon Personal Identification Numbers) appears increasingly insufficient as a method of protection. An alternative basis for authentication is offered by biometric approaches, which have the potential to be implemented in a non-intrusive manner and also have the advantage of enabling authentication to be applied beyond initial point-of-entry. However, the implementation of any authentication mechanism, especially utilising biometric approaches, introduces considerations of where the main elements of functionality (such as processing authentication data, making related decisions, and storing user templates/profiles) should reside. At the extremes, there are two alternatives: a device-centric view, in which the aforementioned aspects are handled locally, or a network-centric view, in which the actions occur remotely and under the jurisdiction of the network operator. Each context introduces relevant considerations in terms of the privacy of user data, the processing and storage of authentication data, network bandwidth demands, and service availability considerations. In view of the various advantages and disadvantages, it is concluded that a hybrid approach represents the most appropriate solution, enabling data storage and processing to be split between the two locations depending upon individual circumstances. This is considered to represent the most flexible approach, and will enable an authentication architecture to be more adaptable to the needs of different users and devices.

Karatzouni S, Clarke NL, Furnell SM