A Novel and Robust Authentication Factor Based on Network Communications Latency

We propose a new authentication factor based on network round trip time ( \rm {NRTT}). We show how \rm {NRTT} can be used to uniquely and securely identify login locations and hence can support location-based web authentication mechanisms. The first research challenge is how to securely measure and...

Full description

Saved in:
Bibliographic Details
Published in:IEEE systems journal 2018-12, Vol.12 (4), p.3279-3290
Main Authors: Dou, Zuochao, Khalil, Issa, Khreishah, Abdallah
Format: Article
Language:English
Subjects:
Access control
Authentication
Cybersecurity
Delays
Design factors
Gaussian approximation
Gaussian distribution
IP networks
network communications latency
Network latency
password compromise
Servers
State of the art
Usability
web service
Webs (structural)
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:We propose a new authentication factor based on network round trip time ( \rm {NRTT}). We show how \rm {NRTT} can be used to uniquely and securely identify login locations and hence can support location-based web authentication mechanisms. The first research challenge is how to securely measure and verify \rm {NRTT} to hamper potential forgery attempts. We address the first challenge by introducing a novel forwarding device in the path between the server and the client, dubbed delay mask (DM), which prevents any entity, but the server, from being able to measure the \rm {NRTT} for any client. The second research challenge is how to reliably measure \rm {NRTT} in the face of variable Internet latencies and connectivity conditions. The second challenge is addressed by: first, computing the average of a number of \rm {NRTT} measurements after outlier removal; and second, applying multiple profiles per user through the deployment of multiple DMs in diverse geographical locations. We design a two-factor authentication scheme (dubbed AMAN) that uses legacy passwords as a first factor and \rm {NRTT} as a second authentication factor. We conduct extensive experiments to evaluate security-usability-deployability properties of AMAN and compare it with the state-of-the-art authentication mechanisms. The results show that AMAN achieves the best combination of these properties.
ISSN:1932-8184
1937-9234
DOI:10.1109/JSYST.2017.2691550