A Novel and Robust Authentication Factor Based on Network Communications Latency

Zuochao Dou, Issa Khalil, Abdallah Khreishah

Research output: Contribution to journalArticle

Abstract

We propose a new authentication factor based on network round trip time ( NRTT). We show how NRTT can be used to uniquely and securely identify login locations and hence can support location-based web authentication mechanisms. The first research challenge is how to securely measure and verify NRTT to hamper potential forgery attempts. We address the first challenge by introducing a novel forwarding device in the path between the server and the client, dubbed delay mask (DM), which prevents any entity, but the server, from being able to measure the NRTT for any client. The second research challenge is how to reliably measure NRTT in the face of variable Internet latencies and connectivity conditions. The second challenge is addressed by: first, computing the average of a number of NRTT measurements after outlier removal; and second, applying multiple profiles per user through the deployment of multiple DMs in diverse geographical locations. We design a two-factor authentication scheme (dubbed AMAN) that uses legacy passwords as a first factor and NRTT as a second authentication factor. We conduct extensive experiments to evaluate security-usability-deployability properties of AMAN and compare it with the state-of-the-art authentication mechanisms. The results show that AMAN achieves the best combination of these properties.

Original languageEnglish
JournalIEEE Systems Journal
DOIs
Publication statusAccepted/In press - 24 Apr 2017

Fingerprint

Authentication
Telecommunication networks
Servers
Time measurement
Masks
Internet
Experiments

ASJC Scopus subject areas

  • Control and Systems Engineering
  • Electrical and Electronic Engineering

Cite this

A Novel and Robust Authentication Factor Based on Network Communications Latency. / Dou, Zuochao; Khalil, Issa; Khreishah, Abdallah.

In: IEEE Systems Journal, 24.04.2017.

Research output: Contribution to journalArticle

@article{70158c2c61af40a0a78ea281b307091a,
title = "A Novel and Robust Authentication Factor Based on Network Communications Latency",
abstract = "We propose a new authentication factor based on network round trip time ( NRTT). We show how NRTT can be used to uniquely and securely identify login locations and hence can support location-based web authentication mechanisms. The first research challenge is how to securely measure and verify NRTT to hamper potential forgery attempts. We address the first challenge by introducing a novel forwarding device in the path between the server and the client, dubbed delay mask (DM), which prevents any entity, but the server, from being able to measure the NRTT for any client. The second research challenge is how to reliably measure NRTT in the face of variable Internet latencies and connectivity conditions. The second challenge is addressed by: first, computing the average of a number of NRTT measurements after outlier removal; and second, applying multiple profiles per user through the deployment of multiple DMs in diverse geographical locations. We design a two-factor authentication scheme (dubbed AMAN) that uses legacy passwords as a first factor and NRTT as a second authentication factor. We conduct extensive experiments to evaluate security-usability-deployability properties of AMAN and compare it with the state-of-the-art authentication mechanisms. The results show that AMAN achieves the best combination of these properties.",
author = "Zuochao Dou and Issa Khalil and Abdallah Khreishah",
year = "2017",
month = "4",
day = "24",
doi = "10.1109/JSYST.2017.2691550",
language = "English",
journal = "IEEE Systems Journal",
issn = "1932-8184",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - JOUR

T1 - A Novel and Robust Authentication Factor Based on Network Communications Latency

AU - Dou, Zuochao

AU - Khalil, Issa

AU - Khreishah, Abdallah

PY - 2017/4/24

Y1 - 2017/4/24

N2 - We propose a new authentication factor based on network round trip time ( NRTT). We show how NRTT can be used to uniquely and securely identify login locations and hence can support location-based web authentication mechanisms. The first research challenge is how to securely measure and verify NRTT to hamper potential forgery attempts. We address the first challenge by introducing a novel forwarding device in the path between the server and the client, dubbed delay mask (DM), which prevents any entity, but the server, from being able to measure the NRTT for any client. The second research challenge is how to reliably measure NRTT in the face of variable Internet latencies and connectivity conditions. The second challenge is addressed by: first, computing the average of a number of NRTT measurements after outlier removal; and second, applying multiple profiles per user through the deployment of multiple DMs in diverse geographical locations. We design a two-factor authentication scheme (dubbed AMAN) that uses legacy passwords as a first factor and NRTT as a second authentication factor. We conduct extensive experiments to evaluate security-usability-deployability properties of AMAN and compare it with the state-of-the-art authentication mechanisms. The results show that AMAN achieves the best combination of these properties.

AB - We propose a new authentication factor based on network round trip time ( NRTT). We show how NRTT can be used to uniquely and securely identify login locations and hence can support location-based web authentication mechanisms. The first research challenge is how to securely measure and verify NRTT to hamper potential forgery attempts. We address the first challenge by introducing a novel forwarding device in the path between the server and the client, dubbed delay mask (DM), which prevents any entity, but the server, from being able to measure the NRTT for any client. The second research challenge is how to reliably measure NRTT in the face of variable Internet latencies and connectivity conditions. The second challenge is addressed by: first, computing the average of a number of NRTT measurements after outlier removal; and second, applying multiple profiles per user through the deployment of multiple DMs in diverse geographical locations. We design a two-factor authentication scheme (dubbed AMAN) that uses legacy passwords as a first factor and NRTT as a second authentication factor. We conduct extensive experiments to evaluate security-usability-deployability properties of AMAN and compare it with the state-of-the-art authentication mechanisms. The results show that AMAN achieves the best combination of these properties.

UR - http://www.scopus.com/inward/record.url?scp=85018642974&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85018642974&partnerID=8YFLogxK

U2 - 10.1109/JSYST.2017.2691550

DO - 10.1109/JSYST.2017.2691550

M3 - Article

AN - SCOPUS:85018642974

JO - IEEE Systems Journal

JF - IEEE Systems Journal

SN - 1932-8184

ER -