An improved user authentication model for mobile application systems

In today’s digital communication era, people around the world can conveniently communicate with each other at any time and any places by just using mobile phones. Besides making phone calls and sending messages, mobile phones can also be used to download many interesting and useful apps for personal, businesses or even entertainment purposes. Due to borderless competition in the digital world, a lot of exciting and necessary mobile apps available for free downloads from the Internet. Unfortunately, mobile apps are communicating using wireless networks which are very vulnerable to data stealing or sniffing by intruders. People who communicate using unprotected mobile apps are in high risks if the used apps deal with personal or highly confidential data such as in mobile banking, mobile payment, and mobile purchase or even in certain government related affairs including income tax payment, health monitoring systems, etc. There are many ways the mobile apps can be protected. One of the common ways is to control the access to the apps using a strong user authentication. Even though researchers have introduced many ways to make user authentication strong, this study proposes an improved user authentication model by making it not only strong but also acceptable by mobile users. The user authentication is made strong using three different techniques namely multifactoring, ciphering, and watermarking techniques. It is considered acceptable by mobile users based on the results obtained from statistical analysis carried out in this study. To validate the proposed user authentication model, several prototype mobile apps are developed using a uSign-Mf+ module containing the proposed improvements and sent for evaluation by CyberSecurity Malaysia Sdn. Bhd. (CSM), an independent testing body. Based on the statistical analysis results, majority of the users agree that the proposed improvement of user authentication is strong and acceptable. However, they consider that the proposed model is strong with all the proposed improvement techniques except the use of hashing in the ciphering technique. Even though the users believe that the existing encryption is good enough without hashing, experts have proven that hashing can improve the data integrity and protect the system from several attacks such as brute force and tampering attacks. Therefore, the use of hash in this model should be retained. Meanwhile, from the evaluation by CSM, the proposed model is effective without major modifications required on the prototype mobile apps. Thus, it is concluded that the proposed model is strong and acceptable by mobile phone users.