Abstract
Successful out-of-band authentication in popular languages such as PHP has proven to be problematic and in many ways unsafe as dynamically typed languages allow for more than one ways of doing things, and the standards set out are usually not followed. It is true that out-of-band authentication using SMS messaging enhances the security of simple passwords specified by users, however many times the handling of the One-Time-Passwords (OTP) on the server side is done with disregard of the ways an attacker can bypass the requirement for such a feature. It is therefore essential to find ways which the OTP cannot be brute-forced or circumvented, by providing mechanisms such as automatic purging of OTPs from the database and enhancing the safety of the server traffic handling as well as the HTTP form submission requests and responses with a library known as Hash cash. By using this method, a potential attacker would be met by a time-consuming challenge, which would leave any sort of brute-force, denial of service or requirement circumvention attacks impractical for gaining access to a PHP login system. Furthermore, the usage of Hash cash for credential retransmission and re-authentication for vital aspects of the user's workflow while authenticated, make such as system much more impenetrable than using simple out-of-band or other two-factor authentication schemes.
Original language | English |
---|---|
Title of host publication | Proceedings - 16th IEEE International Conference on High Performance Computing and Communications, HPCC 2014, 11th IEEE International Conference on Embedded Software and Systems, ICESS 2014 and 6th International Symposium on Cyberspace Safety and Security, CSS 2014 |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Pages | 794-801 |
Number of pages | 8 |
ISBN (Electronic) | 9781479961238 |
DOIs | |
Publication status | Published - 9 Mar 2014 |
Event | 16th IEEE International Conference on High Performance Computing and Communications, HPCC 2014, 11th IEEE International Conference on Embedded Software and Systems, ICESS 2014 and 6th International Symposium on Cyberspace Safety and Security, CSS 2014 - Paris, France Duration: 20 Aug 2014 → 22 Aug 2014 |
Other
Other | 16th IEEE International Conference on High Performance Computing and Communications, HPCC 2014, 11th IEEE International Conference on Embedded Software and Systems, ICESS 2014 and 6th International Symposium on Cyberspace Safety and Security, CSS 2014 |
---|---|
Country/Territory | France |
City | Paris |
Period | 20/08/14 → 22/08/14 |