Research on Integrated Authentication Using Passwordless Authentication Method

Morii, Michitomo; Tanioka, Hiroki; Ohira, Kenji; Sano, Masahiko; Seki, Yosuke; Matsuura, Kenji; Ueta, Tetsushi

doi:10.1109/compsac.2017.198

Cited by 15 publications

(6 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, these proposals often do not take into account realistic deployment or scalability expectations; most do not provide a proof of concept either. Other proposals often fall into a common pitfall of advocating for open-source or proprietary software, or some form of integration of such software into the authentication ecosystem [ 13 , 29 ]. While these studies sometimes do show improved security, alongside proof of concept, to some degree, the recommendation of highly specific and/or proprietary software as a replacement for a protocol or scheme is not completely practical [ 7 , 18 ].…”

Section: Related Work and Significance Of This Studymentioning

confidence: 99%

A Hybrid Dynamic Encryption Scheme for Multi-Factor Verification: A Novel Paradigm for Remote Authentication

Obaidat

Brown

Obeidat

et al. 2020

Sensors

View full text Add to dashboard Cite

A significant percentage of security research that is conducted suffers from common issues that prevent wide-scale adoption. Common snags of such proposed methods tend to include (i) introduction of additional nodes within the communication architecture, breaking the simplicity of the typical client–server model, or fundamental restructuring of the Internet ecosystem; (ii) significant inflation of responsibilities or duties for the user and/or server operator; and (iii) adding increased risks surrounding sensitive data during the authentication process. Many schemes seek to prevent brute-forcing attacks; they often ignore either partially or holistically the dangers of other cyber-attacks such as MiTM or replay attacks. Therefore, there is no incentive to implement such proposals, and it has become the norm instead to inflate current username/password authentication systems. These have remained standard within client–server authentication paradigms, despite insecurities stemming from poor user and server operator practices, and vulnerabilities to interception and masquerades. Besides these vulnerabilities, systems which revolve around secure authentication typically present exploits of two categories; either pitfalls which allow MiTM or replay attacks due to transmitting data for authentication constantly, or the storage of sensitive information leading to highly specific methods of data storage or facilitation, increasing chances of human error. This paper proposes a more secure method of authentication that retains the current structure of accepted paradigms, but minimizes vulnerabilities which result from the process, and does not inflate responsibilities for users or server operators. The proposed scheme uses a hybrid, layered encryption technique alongside a two-part verification process, and provides dynamic protection against interception-based cyber-attacks such as replay or MiTM attacks, without creating additional vulnerabilities for other attacks such as bruteforcing. Results show the proposed mechanism outperforms not only standardized methods, but also other schemes in terms of deployability, exploit resilience, and speed.

show abstract

Section: Related Work and Significance Of This Studymentioning

confidence: 99%

A Hybrid Dynamic Encryption Scheme for Multi-Factor Verification: A Novel Paradigm for Remote Authentication

Obaidat

Brown

Obeidat

et al. 2020

Sensors

View full text Add to dashboard Cite

show abstract

“…Although there are several products for MFA, to the best of our knowledge, there is not a standardized way of integrating them into a Shibboleth IdP. Among MFA solutions for the Shibboleth framework, it is possible to find: FAME [17]; Multi-Context Broker (MCB) [18]; Authentication Flow Selection [19]; and the practical experiment described in [20]. FAME framework [17] enables multi-factor and multilevel authentication in Shibboleth.…”

Section: Related Workmentioning

confidence: 99%

“…In [20], the authors describe a practical experiment that integrates an external password-less authentication system based on FIDO2 in the Shibboleth framework. In the proposed solution, the Shibboleth IdP redirects the user client (browser) to the FIDO2 server.…”

Section: Related Workmentioning

confidence: 99%

Multi-factor authentication for shibboleth identity providers

Mello

Wangham

Loli

et al. 2020

J Internet Serv Appl

View full text Add to dashboard Cite

The federated identity model provides a solution for user authentication across multiple administrative domains. The academic federations, such as the Brazilian federation, are examples of this model in practice. The majority of institutions that participate in academic federations employ password-based authentication for their users, with an attacker only needing to find out one password in order to personify the user in all federated service providers. Multi-factor authentication emerges as a solution to increase the robustness of the authentication process. This article aims to introduce a comprehensive and open source solution to offer multi-factor authentication for Shibboleth Identity Providers. Based on the Multi-factor Authentication Profile standard, our solution provides three extra second factors (One-Time Password, FIDO2 and Phone Prompt). The solution has been deployed in the Brazilian academic federation, where it was evaluated using functional and integration testing, as well as security and case study analysis.

show abstract

“…Takamizawa [7] proposed a user authentication method for an e-learning system using topographical information from Google Maps. Morii et al [8] proposed an integrated authentication system without the use of password, adopting Fast Identity Online (FIDO), as an external authentication technique. Dubey et al [9] proposed a hybrid model, where fingerprint authentication is used with autocomplete function for accessing a specific website or information on the website.…”

Section: Related Workmentioning

confidence: 99%

Applying MAC Address-Based Access Control for Securing Admin’s Login Page

Alam¹,

Septiasari²,

Amiruddin³

2019

EECSI

View full text Add to dashboard Cite

Authentication is a very important process for securing web applications. Username and password are two parameters commonly used for user authentication on the administrator's login page. However, such the two authentication parameters can be easily breached so that they can become a vulnerability that adversary parties can use to conduct malicious activities. For example, the attackers can commit a crime such as data modification or theft or even more dangerous take over administrator services of a system. Therefore, it is necessary to improve the security mechanism by adding additional factor of authentication other than username and password. In this study, an improvement in authentication mechanisms was carried out by applying MAC Address-based access control as an additional authentication factor. In this method, Address Resolution Protocol (ARP) is used in mapping the users Internet Protocol (IP) address to their MAC address during validation process. The experimental results showed that the addition of the MAC address made the authentication process resistant to Dictionary Attack and Shoulder Surfing Attack.

show abstract

Research on Integrated Authentication Using Passwordless Authentication Method

Cited by 15 publications

References 2 publications

A Hybrid Dynamic Encryption Scheme for Multi-Factor Verification: A Novel Paradigm for Remote Authentication

A Hybrid Dynamic Encryption Scheme for Multi-Factor Verification: A Novel Paradigm for Remote Authentication

Multi-factor authentication for shibboleth identity providers

Applying MAC Address-Based Access Control for Securing Admin’s Login Page

Contact Info

Product

Resources

About