Your credentials are compromised, do not panic: You can be well protected

Authors

Issa Khalil, Qatar Computing Research Institute
Zuochao Dou, New Jersey Institute of Technology
Abdallah Khreishah, New Jersey Institute of Technology

Document Type

Conference Proceeding

Publication Date

5-30-2016

Abstract

In this paper, we leverage the characteristics of round-trip communications latency (RTL) to design and implement a novel highly secure and usable web authentication scheme, dubbed CLAS. CLAS uses, in addition to the traditional credentials, round-trip network communications latency to uniquely identify users. CLAS introduces a novel network architecture which turns RTL into a robust authentication feature that is extremely difficult to forge. CLAS offers robust defense against password compromise because, unlike many traditional authentication mechanisms, it is resilient to phishing/pharming, man-in-the-middle, and social engineering attacks. Most importantly, CLAS is transparent to users and incurs negligible overhead. Our experimental results show that CLAS can achieve 0.0017 false positive rate while maintaining false negative rate below 0.007.

Identifier

84979708497 (Scopus)

ISBN

[9781450342339]

Publication Title

Asia Ccs 2016 Proceedings of the 11th ACM Asia Conference on Computer and Communications Security

External Full Text Location

https://doi.org/10.1145/2897845.2897925

First Page

925

Last Page

930

Recommended Citation

Khalil, Issa; Dou, Zuochao; and Khreishah, Abdallah, "Your credentials are compromised, do not panic: You can be well protected" (2016). Faculty Publications. 10494.
https://digitalcommons.njit.edu/fac_pubs/10494