Digital Certificate-Based Authentication Model for Enhanced Smartphone Security

A. H. Azni; Sakiinah Altaf Hussain; Najwa Hayaati Mohd Alwi

doi:10.24191/jcrinn.v10i1.496

Digital Certificate-Based Authentication Model for Enhanced Smartphone Security

Authors

A. H. Azni Faculty of Science and Technology, Universiti Sains Islam Malaysia (USIM), Nilai, Malaysia.
Sakiinah Altaf Hussain Faculty of Science and Technology, Universiti Sains Islam Malaysia (USIM), Nilai, Malaysia.
Najwa Hayaati Mohd Alwi Faculty of Science and Technology, Universiti Sains Islam Malaysia (USIM), Nilai, Malaysia.

DOI:

https://doi.org/10.24191/jcrinn.v10i1.496

Keywords:

Smartphone security, Mobile Device Security, Digital Certificates, RSA, User-Device Authentication

Abstract

Smartphones are integral to the Internet of Things, facilitating connectivity for various devices such as home systems and healthcare tools. However, the growing threat of identity theft, data breaches, and attacks due to weak authentication and poor password management emphasizes the critical need for mobile device security. Cryptography is pivotal in ensuring that only authorized devices can access data. This paper introduces an innovative authentication model for smartphones, integrating digital certificates and secret keys to securely encrypt and decrypt data. The model employs the RSA algorithm to generate encryption keys and authenticate user and device identities. Aimed at addressing smartphone users' authentication needs, the model operates through three phases: Registration, Digital Certificate, and Authentication, each bolstering data protection through digital certificate-based authentication. To assess the model, expert reviews are conducted to ensure its effectiveness. The results demonstrate significant improvements in security and ease of implementation compared to traditional authentication methods. Expert reviews agree that the model effectively mitigates unauthorized access risks by strengthening encryption and authentication protocols across its three key phases. These enhancements make it particularly suited for addressing the evolving security challenges of mobile applications, setting a benchmark for future authentication frameworks in smartphone ecosystems.

Downloads

Download data is not yet available.

Author Biographies

A. H. Azni, Faculty of Science and Technology, Universiti Sains Islam Malaysia (USIM), Nilai, Malaysia.

Azni Haslizan, PhD is an Associate Professor in the Information Security and Assurance Programme at the Faculty of Science and Technology, Universiti Sains Islam Malaysia (USIM). She earned her PhD in Computer Science from Universiti Teknikal Malaysia Melaka (UTeM), a Master’s in Digital Communication from Monash University, Australia, and a Bachelor’s in Computer Information Systems from Bradley University, USA. Currently serving as Deputy Dean (Research and Innovation) at USIM, she is widely recognized for her expertise in cryptography, data privacy, and wireless security. With numerous publications and 10 innovation medals to her credit, she actively contributes to academia and serves on editorial boards, including OIC-CERT Journal and the Journal of Machine Intelligence and Computing. She can be reached through her email at ahazni@usim.edu.my.

Sakiinah Altaf Hussain, Faculty of Science and Technology, Universiti Sains Islam Malaysia (USIM), Nilai, Malaysia.

Sakiinah Altaf Hussain is a Master of Science student at Universiti Sains Islam Malaysia (USIM), with a Bachelor of Science in Information Security and Assurance from the same institution. Her research interests lie in cybersecurity, where she focuses on exploring innovative solutions to address emerging digital threats. Sakiinah is passionate about advancing knowledge in information security and actively engages in research within the field. She can be reached through her email at sakiinah.fst@gmail.com.

Najwa Hayaati Mohd Alwi, Faculty of Science and Technology, Universiti Sains Islam Malaysia (USIM), Nilai, Malaysia.

Najwa Hayaati Mohd Alwi, PhD is an Associate Professor in Information Security at Universiti Sains Islam Malaysia (USIM). She earned her PhD from Cranfield University in 2012 and is a certified 1Citizen trainer, ISMS Internal Auditor, and Digital Leadership Educator. A member of the Malaysian Higher Education Teaching and Learning Council, she was also a part of the Malaysia E-learning Council (2013-2018). Appointed as Deputy Director for USIM’s Centre of Excellence for Teaching and Learning in 2021, her expertise spans information security, digital content, and socio-technical research. S is also a certified Cyber Defender Associate and Data Protection Officer. She can be reached through her email at najwa@usim.edu.my.

References

Ab Halim, A. H., Ridzuan, F., Zakaria, N. H., Zakaria, A. A., Mohd Alwi, N. H., Ali Pitchay, S., Az-Zuhar, I., & AlSabhany, A. A. (2024). SAKTI©: Secured chatting tool through forward secrecy. Journal of Advanced Research in Applied Sciences and Engineering Technology, 49(1), 54–62.

Ali, G., Dida, M. A., & Elikana Sam, A. (2021). A secure and efficient multi-factor authentication algorithm for mobile money applications. Future Internet, 13(12), 299. https://doi.org/10.3390/fi13120299

Badr, Y., Zhu, X., & Alraja, M. N. (2021). Security and privacy in the Internet of Things: Threats and challenges. Service Oriented Computing and Applications, 15(4), 257-271. https://doi.org/10.1007/s11761-021-00327-z

Bahaddad, A. A., Almarhabi, K. A., & Alghamdi, A. M. (2022). Factors affecting information security and the implementation of Bring Your Own Device (BYOD) Programmes in the Kingdom of Saudi Arabia (KSA). Applied Sciences, 12(24), 12707. https://doi.org/10.3390/app122412707

Baqeel, H., & Saeed, S. (2019, April). Face detection authentication on smartphones: End users usability assessment experiences. In 2019 International Conference on Computer and Information Sciences (ICCIS) (pp. 1-6). IEEE. https://doi.org/10.1109/ICCISci.2019.8716452

Im, J. H., Jeon, S. Y., & Lee, M. K. (2020). Practical privacy-preserving face authentication for smartphones secure against malicious clients. IEEE Transactions on Information Forensics and Security, 15, 2386-2401. https://doi.org/10.1109/TIFS.2020.2969513

Iyanda, A. R., & Fasasi, M. E. (2022). Development of two-factor authentication login system using dynamic password with SMS verification. International Journal of Education and Management Engineering, 12(3), 13. https://doi.org/10.5815/ijeme.2022.03.02

Oudah, M. S., & Maolood, A. T. (2022). Lightweight authentication model for iot environments based on enhanced elliptic curve digital signature and Shamir secret share. International Journal of Intelligent Engineering & Systems, 15(5). chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/https:// inass.org/wp-content/uploads/2022/03/2022103108-2.pdf

Pandey, S., & Bhushan, B. (2024). Recent Lightweight cryptography (LWC) based security advances for resource-constrained IoT networks. Wireless Networks, 30(4), 2987-3026. https://doi.org/10.1007/s11276-024-03714-4

Pangan, A. M. S., Lacuesta, I. L., Mabborang, R. C., & Ferrer, F. P. (2022). Authenticating data transfer using RSA-generated QR codes. European Journal of Information Technologies and Computer Science, 2(4), 18-30. https://doi.org/10.24018/compute.2022.2.4.73

Yaswanth, A., & Reddy, K. T. (2023). A novel dynamic randomized secret key model based on one-time password authentication. International Journal of Intelligent Systems and Applications in Engineering, 11(3), 850-858.

Zakaria, A. A., Ab Halim, A. H., Ridzuan, F., Zakaria, N. H., & Daud, M. (2022). LAO-3D: A symmetric lightweight block cipher based on 3d permutation for mobile encryption application. Symmetry, 14(10), 2042. https://doi.org/10.3390/sym14102042