TY - GEN
T1 - Your credentials are compromised, do not panic
T2 - 11th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2016
AU - Khalil, Issa
AU - Dou, Zuochao
AU - Khreishah, Abdallah
N1 - Publisher Copyright:
© 2016 ACM.
PY - 2016/5/30
Y1 - 2016/5/30
N2 - In this paper, we leverage the characteristics of round-trip communications latency (RTL) to design and implement a novel highly secure and usable web authentication scheme, dubbed CLAS. CLAS uses, in addition to the traditional credentials, round-trip network communications latency to uniquely identify users. CLAS introduces a novel network architecture which turns RTL into a robust authentication feature that is extremely difficult to forge. CLAS offers robust defense against password compromise because, unlike many traditional authentication mechanisms, it is resilient to phishing/pharming, man-in-the-middle, and social engineering attacks. Most importantly, CLAS is transparent to users and incurs negligible overhead. Our experimental results show that CLAS can achieve 0.0017 false positive rate while maintaining false negative rate below 0.007.
AB - In this paper, we leverage the characteristics of round-trip communications latency (RTL) to design and implement a novel highly secure and usable web authentication scheme, dubbed CLAS. CLAS uses, in addition to the traditional credentials, round-trip network communications latency to uniquely identify users. CLAS introduces a novel network architecture which turns RTL into a robust authentication feature that is extremely difficult to forge. CLAS offers robust defense against password compromise because, unlike many traditional authentication mechanisms, it is resilient to phishing/pharming, man-in-the-middle, and social engineering attacks. Most importantly, CLAS is transparent to users and incurs negligible overhead. Our experimental results show that CLAS can achieve 0.0017 false positive rate while maintaining false negative rate below 0.007.
KW - Gaus-sian distribution
KW - Network communications latency
KW - Password compromise
KW - Web authentication
UR - http://www.scopus.com/inward/record.url?scp=84979708497&partnerID=8YFLogxK
U2 - 10.1145/2897845.2897925
DO - 10.1145/2897845.2897925
M3 - Conference contribution
AN - SCOPUS:84979708497
T3 - ASIA CCS 2016 - Proceedings of the 11th ACM Asia Conference on Computer and Communications Security
SP - 925
EP - 930
BT - ASIA CCS 2016 - Proceedings of the 11th ACM Asia Conference on Computer and Communications Security
PB - Association for Computing Machinery, Inc
Y2 - 30 May 2016 through 3 June 2016
ER -