Jubur et al., 2021 - Google Patents
Bypassing push-based second factor and passwordless authentication with human-indistinguishable notificationsJubur et al., 2021
View PDF- Document ID
- 9177136284765775871
- Author
- Jubur M
- Shrestha P
- Saxena N
- Prakash J
- Publication year
- Publication venue
- Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security
External Links
Snippet
Second factor (2FA) or passwordless authentication based on notifications pushed to a user's personal device (eg, a phone) that the user can simply approve (or deny) has become widely popular due to its convenience. In this paper, we show that the effortlessness of this …
- 230000004044 response 0 description 28
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
- H04L63/083—Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATIONS NETWORKS
- H04W12/00—Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity
- H04W12/06—Authentication
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Jubur et al. | Bypassing push-based second factor and passwordless authentication with human-indistinguishable notifications | |
| Ulqinaku et al. | Is real-time phishing eliminated with {FIDO}? social engineering downgrade attacks against {FIDO} protocols | |
| Parmar et al. | A comprehensive study on passwordless authentication | |
| Lee et al. | An empirical study of wireless carrier authentication for {SIM} swaps | |
| Dasgupta et al. | Multi-factor authentication: more secure approach towards authenticating individuals | |
| Huang et al. | Using one-time passwords to prevent password phishing attacks | |
| US8627088B2 (en) | System and method for in- and out-of-band multi-factor server-to-user authentication | |
| US20250323910A1 (en) | Risk-based factor selection | |
| Marforio et al. | Hardened setup of personalized security indicators to counter phishing attacks in mobile banking | |
| Mahdad et al. | Breaching security keys without root: Fido2 deception attacks via overlays exploiting limited display authenticators | |
| Iyanda et al. | Development of two-factor authentication login system using dynamic password with SMS verification | |
| Chaudhari et al. | A comprehensive study on authentication systems | |
| Jubur et al. | Usability and security analysis of the compare-and-confirm method in mobile push-based two-factor authentication | |
| Zhao et al. | Explicit authentication response considered harmful | |
| Markert et al. | View the email to get hacked: Attacking SMS-based two-factor authentication | |
| Mahdad et al. | Breaking mobile notification-based authentication with concurrent attacks outside of mobile devices | |
| Papaspirou et al. | A blockchain-based multi-factor honeytoken dynamic authentication mechanism | |
| Tolbert et al. | Exploring phone-based authentication vulnerabilities in single sign-on systems | |
| Hackenjos et al. | FIDO2 with two displays-Or how to protect security-critical web transactions against malware attacks | |
| Certic | The Future of Mobile Security | |
| Leitner et al. | Authentication in the context of E-participation: current practice, challenges and recommendations | |
| Masoud et al. | May I know your Iban? Cracking the short message service (sms) as a second factor authentication for online payments | |
| Hammoudeh et al. | Enhancing Security Using E-Authentication | |
| Kellenberger | Analyzing the Resilience of Two-Factor Authentication Techniques against Runtime Phishing Attacks | |
| Jubur | On the security and usability of new paradigms of Web authentication |