• PDF / 735,624 Bytes
• 19 Pages / 612.284 x 802.205 pts Page_size
• 72 Downloads / 166 Views

DOWNLOAD

REPORT

On designing an unaided authentication service with threat detection and leakage control for defeating opportunistic adversaries 1

Nilesh CHAKRABORTY

, Samrat MONDAL2

1 College of Computer Science and Software Engineering, Shenzhen University, Shenzhen 518060, China 2 Department of Computer Science, Indian Institute of Technology Patna, Bihar 801106, India c Higher Education Press 2020 

Abstract Unaided authentication services provide the flexibility to login without being dependent on any additional device. The power of recording attack resilient unaided authentication services (RARUAS) is undeniable as, in some aspects, they are even capable of offering better security than the biometric based authentication systems. However, high login complexity of these RARUAS makes them far from usable in practice. The adopted information leakage control strategies have often been identified as the primary cause behind such high login complexities. Though recent proposals have made some significant efforts in designing a usable RARUAS by reducing its login complexity, most of them have failed to achieve the desired usability standard. In this paper, we have introduced a new notion of controlling the information leakage rate. By maintaining a good security standard, the introduced idea helps to reduce the login complexity of our proposed mechanism − named as Textual-Graphical Password-based Mechanism or TGPM, by a significant extent. Along with resisting the recording attack, TGPM also achieves a remarkable property of threat detection. To the best of our knowledge, TGPM is the first RARUAS, which can both prevent and detect the activities of the opportunistic recording attackers who can record the complete login activity of a genuine user for a few login sessions. Our study reveals that TGPM assures much higher session resiliency compared to the existing authentication services, having the same or even higher login complexities. Moreover, TGPM stores the password information in a distributed way and thus restricts the adversaries to learn the complete secret from a single compromised server. A thorough theoretical analysis has been performed to prove the strength of our proposal from both the security and usability perspectives. We have also conducted an experimental study to support the theoretical argument made on the usability standard of TGPM. Keywords authentication, recording attack, premature attack, opportunistic adversary, leakage control, threat prevention, threat detection Received April 17, 2019; accepted December 17, 2019 E-mail: [email protected]; [email protected]

1

Introduction

Password-based authentication is one of the simplest forms of authentication techniques as it reduces the human effort by a great extent [1]. Being usable, this factor of authentication has been challenged under different kinds of threats over the times [2,3]. Though most of these threats have been handled successfully [4, 5], there are a few, those are yet to be addressed efficiently. Recording attack is one such threat which

Recommend Documents

JBCA: Designing an Adaptative Continuous Authentication Architecture

181 18 82MB

Bayesian Networks for Online Cybersecurity Threat Detection

175 60 18MB

An Efficient Anonymous Authentication with Privacy and Enhanced Access Control for Medical Data in WBAN

176 54 32MB

PrivLeAD: Privacy Leakage Detection on the Web

163 75 110MB

Distributed Community Detection in Opportunistic Networks

171 34 49MB

An OS Security Protection Model for Defeating Attacks from Network

145 49 6MB

A Methodology for Runtime Detection and Extraction of Threat Patterns

202 69 1MB

DDOA: A Dirichlet-Based Detection Scheme for Opportunistic Attacks

160 52 5MB

Reusable Formal Models for Threat Specification, Detection, and Treatment

202 81 21MB

Designing Systems with Detection and Reconfiguration Capabilities: A Formal Approach

148 98 29MB

MALOnt: An Ontology for Malware Threat Intelligence

196 70 20MB

Software Service Signature (S 3 ) for authentication in cloud computing

184 24 548KB