A Novel Authentication Method That Combines Honeytokens and Google Authenticator-Reference-Cited by-同舟云学术

A Novel Authentication Method That Combines Honeytokens and Google Authenticator

Published:2023-07-07 Issue:7 Volume:14 Page:386
ISSN:2078-2489
Container-title:Information
language:en
Short-container-title:Information

Author:

Papaspirou Vassilis¹,Papathanasaki Maria²^ORCID,Maglaras Leandros³^ORCID,Kantzavelou Ioanna¹^ORCID,Douligeris Christos⁴^ORCID,Ferrag Mohamed Amine⁵^ORCID,Janicke Helge⁶

Affiliation:

1. Department of Informatics and Computer Engineering, University of West Attica, 12244 Athens, Greece

2. Department of CS and Telecommunications, University of Thessaly, 35100 Lamia, Greece

3. School of Computing, Edinburgh Napier University, Edinburgh EH10 5DT, UK

4. Department of Informatics, University of Piraeus, 18534 Piraeus, Greece

5. Technology Innovation Institute, Masdar City 9639, Abu Dhabi, United Arab Emirates

6. Cyber Security Cooperative Research Centre (CSCRC), Edith Cowan University, Perth, WA 6027, Australia

Abstract

Despite the rapid development of technology, computer systems still rely heavily on passwords for security, which can be problematic. Although multi-factor authentication has been introduced, it is not completely effective against more advanced attacks. To address this, this study proposes a new two-factor authentication method that uses honeytokens. Honeytokens and Google Authenticator are combined to create a stronger authentication process. The proposed approach aims to provide additional layers of security and protection to computer systems, increasing their overall security beyond what is currently provided by single-password or standard two-factor authentication methods. The key difference is that the proposed system resembles a two-factor authentication but, in reality, works like a multi-factor authentication system. Multi-factor authentication (MFA) is a security technique that verifies a user’s identity by requiring multiple credentials from distinct categories. These typically include knowledge factors (something the user knows, such as a password or PIN), possession factors (something the user has, such as a mobile phone or security token), and inherence factors (something the user is, such as a biometric characteristic like a fingerprint). This multi-tiered approach significantly enhances protection against potential attacks. We examined and evaluated our system’s robustness against various types of attacks. From the user’s side, the system is as friendly as a two-factor authentication method with an authenticator and is more secure.

Funder

European Union’s Horizon 2020 research and innovation program: project CyberSec4Europe

Publisher

MDPI AG

Subject

Information Systems

Link

https://www.mdpi.com/2078-2489/14/7/386/pdf

Reference35 articles.

1. Do strong web passwords accomplish anything?;Herley;HotSec,2007

2. Leandros, L., and Kantzavelou, I. (2021). Cybersecurity Issues in Emerging Technologies, CRC Press.

3. Two birds with one stone: Two-factor authentication with security beyond conventional bound;Wang;IEEE Trans. Dependable Secur. Comput.,2016

4. Lai, R.W., Egger, C., Schröder, D., and Chow, S.S. (2017, January 16–18). Phoenix: Rebirth of a cryptographic password-hardening service. Proceedings of the 26th USENIX Security Symposium (USENIX Security 17), Vancouver, BC, USA.

5. Juels, A., and Rivest, R.L. (2013, January 4–8). Honeywords: Making password-cracking detectable. Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, Berlin, Germany.

Cited by 4 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. A Blockchain-based Multi-Factor Honeytoken Dynamic Authentication Mechanism;Proceedings of the 19th International Conference on Availability, Reliability and Security;2024-07-30

2. Security Considerations in Generative AI for Web Applications;Advances in Information Security, Privacy, and Ethics;2024-07-26

3. Secure and privacy improved cloud user authentication in biometric multimodal multi fusion using blockchain-based lightweight deep instance-based DetectNet;Network: Computation in Neural Systems;2024-01-31

4. A QR Identification System with SMS Notification Implementing Secure Hash Algorithm 256 (SHA-256);2023 International Conference on Computational Intelligence, Networks and Security (ICCINS);2023-12-22