Your credentials are compromised, do not panic: You can be well protected

Issa Khalil, Zuochao Dou, Abdallah Khreishah

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

In this paper, we leverage the characteristics of round-trip communications latency (RTL) to design and implement a novel highly secure and usable web authentication scheme, dubbed CLAS. CLAS uses, in addition to the traditional credentials, round-trip network communications latency to uniquely identify users. CLAS introduces a novel network architecture which turns RTL into a robust authentication feature that is extremely difficult to forge. CLAS offers robust defense against password compromise because, unlike many traditional authentication mechanisms, it is resilient to phishing/pharming, man-in-the-middle, and social engineering attacks. Most importantly, CLAS is transparent to users and incurs negligible overhead. Our experimental results show that CLAS can achieve 0.0017 false positive rate while maintaining false negative rate below 0.007.

Original languageEnglish
Title of host publicationASIA CCS 2016 - Proceedings of the 11th ACM Asia Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery, Inc
Pages925-930
Number of pages6
ISBN (Electronic)9781450342339
DOIs
Publication statusPublished - 30 May 2016
Event11th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2016 - Xi'an, China
Duration: 30 May 20163 Jun 2016

Other

Other11th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2016
CountryChina
CityXi'an
Period30/5/163/6/16

    Fingerprint

Keywords

  • Gaus-sian distribution
  • Network communications latency
  • Password compromise
  • Web authentication

ASJC Scopus subject areas

  • Computer Science Applications
  • Software
  • Computer Networks and Communications

Cite this

Khalil, I., Dou, Z., & Khreishah, A. (2016). Your credentials are compromised, do not panic: You can be well protected. In ASIA CCS 2016 - Proceedings of the 11th ACM Asia Conference on Computer and Communications Security (pp. 925-930). Association for Computing Machinery, Inc. https://doi.org/10.1145/2897845.2897925