Abstract
We design and implement a novel communications latency based authentication scheme, dubbed CLAS, that strengthens the security of state-of-the-art web authentication approaches by leveraging the round trip network communications latency (RTL) between clients and authenticators. In addition to the traditional credentials, CLAS profiles RTL values of clients and uses them to defend against password compromise. The key challenges are (i) to prevent RTL manipulation, (ii) to alleviate network instabilities, and (iii) to address mobile clients. CLAS addresses the first challenge by introducing a novel network architecture, which makes it extremely difficult for attackers to simulate legitimate RTL values. The second challenge is addressed by outlier removal and multiple temporal profiling, while the last challenge is addressed by augmenting CLAS with out-of-band-channels or other authentication schemes. CLAS restricts login to profiled locations while demanding additional information for nonprofiled ones, which highly reduces the attack surface even when the legitimate credentials are compromised. Additionally, unlike many state-of-the-art authentication mechanisms, CLAS is resilient to phishing, pharming, man-in-the-middle, and social engineering attacks. Furthermore, CLAS is transparent to users and incurs negligible overhead. The experimental results show that CLAS can achieve very low false positive and false negative rates.
Highlights
During April 2015 breaking news from RSA, Idan Tendler pointed out that 80% of successful attacks exploit authentication credentials [1]
The work in [18] and our experiments show that network instabilities may cause network communications latency to vary over time
The results show that Communications Latency Based Authentication Scheme (CLAS) can achieve false positive rate (FP) as low as 0.0017 while the false negative rate (FN) is below 0.007
Summary
During April 2015 breaking news from RSA, Idan Tendler pointed out that 80% of successful attacks exploit authentication credentials [1]. (i) To design and implement a novel scheme, dubbed CLAS, that strengthens the security of web authentication by leveraging the round trip network communications latency (RTL) between clients and authenticators (ii) To design and implement the novel network architecture of CLAS which ensures its resiliency to manipulation attacks (iii) To design and develop algorithms to mitigate the impact of network instabilities on CLAS (iv) To outline the proposed solutions to support mobile clients and defend against the compromise of both password and RTL (e.g., access to the profile location). Appendix A presents the theoretical analysis of the tradeoff between FP and FN based on the Gaussian approximation
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
