Out-of-band authentication model with hashcash brute-force prevention

George Violaris, Ioanna Dionysiou

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Successful out-of-band authentication in popular languages such as PHP has proven to be problematic and in many ways unsafe as dynamically typed languages allow for more than one ways of doing things, and the standards set out are usually not followed. It is true that out-of-band authentication using SMS messaging enhances the security of simple passwords specified by users, however many times the handling of the One-Time-Passwords (OTP) on the server side is done with disregard of the ways an attacker can bypass the requirement for such a feature. It is therefore essential to find ways which the OTP cannot be brute-forced or circumvented, by providing mechanisms such as automatic purging of OTPs from the database and enhancing the safety of the server traffic handling as well as the HTTP form submission requests and responses with a library known as Hash cash. By using this method, a potential attacker would be met by a time-consuming challenge, which would leave any sort of brute-force, denial of service or requirement circumvention attacks impractical for gaining access to a PHP login system. Furthermore, the usage of Hash cash for credential retransmission and re-authentication for vital aspects of the user's workflow while authenticated, make such as system much more impenetrable than using simple out-of-band or other two-factor authentication schemes.

Original languageEnglish
Title of host publicationProceedings - 16th IEEE International Conference on High Performance Computing and Communications, HPCC 2014, 11th IEEE International Conference on Embedded Software and Systems, ICESS 2014 and 6th International Symposium on Cyberspace Safety and Security, CSS 2014
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages794-801
Number of pages8
ISBN (Electronic)9781479961238
DOIs
Publication statusPublished - 9 Mar 2014
Event16th IEEE International Conference on High Performance Computing and Communications, HPCC 2014, 11th IEEE International Conference on Embedded Software and Systems, ICESS 2014 and 6th International Symposium on Cyberspace Safety and Security, CSS 2014 - Paris, France
Duration: 20 Aug 201422 Aug 2014

Other

Other16th IEEE International Conference on High Performance Computing and Communications, HPCC 2014, 11th IEEE International Conference on Embedded Software and Systems, ICESS 2014 and 6th International Symposium on Cyberspace Safety and Security, CSS 2014
Country/TerritoryFrance
CityParis
Period20/08/1422/08/14

Fingerprint

Dive into the research topics of 'Out-of-band authentication model with hashcash brute-force prevention'. Together they form a unique fingerprint.

Cite this