A Novel and Robust Authentication Factor Based on Network Communications Latency

Document Type

Article

Publication Date

12-1-2018

Abstract

We propose a new authentication factor based on network round trip time (NRTT). We show how NRTT can be used to uniquely and securely identify login locations and hence can support location-based web authentication mechanisms. The first research challenge is how to securely measure and verify NRTT to hamper potential forgery attempts. We address the first challenge by introducing a novel forwarding device in the path between the server and the client, dubbed delay mask (DM), which prevents any entity, but the server, from being able to measure the NRTT for any client. The second research challenge is how to reliably measure NRTT in the face of variable Internet latencies and connectivity conditions. The second challenge is addressed by: first, computing the average of a number of NRTT measurements after outlier removal; and second, applying multiple profiles per user through the deployment of multiple DMs in diverse geographical locations. We design a two-factor authentication scheme (dubbed AMAN) that uses legacy passwords as a first factor and NRTT as a second authentication factor. We conduct extensive experiments to evaluate security-usability-deployability properties of AMAN and compare it with the state-of-the-art authentication mechanisms. The results show that AMAN achieves the best combination of these properties.

Identifier

85018642974 (Scopus)

Publication Title

IEEE Systems Journal

External Full Text Location

https://doi.org/10.1109/JSYST.2017.2691550

e-ISSN

19379234

ISSN

19328184

First Page

3279

Last Page

3290

Issue

4

Volume

12

This document is currently not available here.

Share

COinS