We propose a new authentication factor based on network round trip time ( NRTT). We show how NRTT can be used to uniquely and securely identify login locations and hence can support location-based web authentication mechanisms. The first research challenge is how to securely measure and verify NRTT to hamper potential forgery attempts. We address the first challenge by introducing a novel forwarding device in the path between the server and the client, dubbed delay mask (DM), which prevents any entity, but the server, from being able to measure the NRTT for any client. The second research challenge is how to reliably measure NRTT in the face of variable Internet latencies and connectivity conditions. The second challenge is addressed by: first, computing the average of a number of NRTT measurements after outlier removal; and second, applying multiple profiles per user through the deployment of multiple DMs in diverse geographical locations. We design a two-factor authentication scheme (dubbed AMAN) that uses legacy passwords as a first factor and NRTT as a second authentication factor. We conduct extensive experiments to evaluate security-usability-deployability properties of AMAN and compare it with the state-of-the-art authentication mechanisms. The results show that AMAN achieves the best combination of these properties.
ASJC Scopus subject areas
- Control and Systems Engineering
- Electrical and Electronic Engineering