Detecting Risky Authentication Using the OpenID Connect Token Exchange Time-Reference-Cited by-同舟云学术

Detecting Risky Authentication Using the OpenID Connect Token Exchange Time

Published:2023-10-05 Issue:19 Volume:23 Page:8256
ISSN:1424-8220
Container-title:Sensors
language:en
Short-container-title:Sensors

Author:

Han Alex Heunhe¹^ORCID,Lee Dong Hoon¹

Affiliation:

1. School of Cybersecurity, Korea University, Seoul 02841, Republic of Korea

Abstract

With the rise in sophisticated cyber threats, traditional authentication methods are no longer sufficient. Risk-based authentication (RBA) plays a critical role in the context of the zero trust framework—a paradigm shift that assumes no trust within or outside the network. This research introduces a novel proposal as its core: utilization of the time required by OpenID Connect (OIDC) token exchanges as a new RBA feature. This innovative approach enables the detection of tunneled connections without any intervention from the user’s browser or device. By analyzing the duration of OIDC token exchanges, the system can identify any irregularities that may signify unauthorized access attempts. This approach not only improves upon existing RBA frameworks but is also in alignment with the broader movement toward intelligent and responsive security systems.

Publisher

MDPI AG

Subject

Electrical and Electronic Engineering,Biochemistry,Instrumentation,Atomic and Molecular Physics, and Optics,Analytical Chemistry

Link

https://www.mdpi.com/1424-8220/23/19/8256/pdf

Reference49 articles.

1. (2023, October 03). Gartner Forecasts of Global Knowledge Workers Will Work Hybrid by the End of 2023. Available online: https://www.gartner.com/en/newsroom/press-releases/2023-03-01-gartner-forecasts-39-percent-of-global-knowledge-workers-will-work-hybrid-by-the-end-of-2023.

2. Kotak, J., Habler, E., Brodt, O., Shabtai, A., and Elovici, Y. (2023). Information Security Threats and Working from Home Culture: Taxonomy, Risk Assessment and Solutions. Sensors, 23.

3. (2023, October 03). NIST Special Publication 800-207 Zero Trust Architecture Released August 2020, Available online: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf.

4. Department of Defense (DoD) (2023, October 03). Zero Trust Reference Architecture Version 2.0. July 2022, Available online: https://dodcio.defense.gov/Portals/0/Documents/Library/(U)ZT_RA_v2.0(U)_Sep22.pdf.

5. Parmar, V., Sanghvi, H.A., Patel, R.H., and Pandya, A.S. (2022, January 7–9). A comprehensive study on passwordless authentication. Proceedings of the 2022 International Conference on Sustainable Computing and Data Communication Systems (ICSCDS), Erode, India.

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. A Privacy Measure Turned Upside Down? Investigating the Use of HTTP Client Hints on the Web;Proceedings of the 19th International Conference on Availability, Reliability and Security;2024-07-30