Detecting Risky Authentication Using the OpenID Connect Token Exchange Time-Reference-Cited by-同舟云学术

Detecting Risky Authentication Using the OpenID Connect Token Exchange Time

Published:2023-10-05 Issue:19 Volume:23 Page:8256
ISSN:1424-8220
Container-title:Sensors
language:en
Short-container-title:Sensors

Author:

Han Alex Heunhe¹^ORCID,Lee Dong Hoon¹

Affiliation:

1. School of Cybersecurity, Korea University, Seoul 02841, Republic of Korea

Abstract

With the rise in sophisticated cyber threats, traditional authentication methods are no longer sufficient. Risk-based authentication (RBA) plays a critical role in the context of the zero trust framework—a paradigm shift that assumes no trust within or outside the network. This research introduces a novel proposal as its core: utilization of the time required by OpenID Connect (OIDC) token exchanges as a new RBA feature. This innovative approach enables the detection of tunneled connections without any intervention from the user’s browser or device. By analyzing the duration of OIDC token exchanges, the system can identify any irregularities that may signify unauthorized access attempts. This approach not only improves upon existing RBA frameworks but is also in alignment with the broader movement toward intelligent and responsive security systems.

Publisher

MDPI AG

Subject

Electrical and Electronic Engineering,Biochemistry,Instrumentation,Atomic and Molecular Physics, and Optics,Analytical Chemistry

Link

https://www.mdpi.com/1424-8220/23/19/8256/pdf

Reference49 articles.

1. (2023, October 03). Gartner Forecasts of Global Knowledge Workers Will Work Hybrid by the End of 2023. Available online: https://www.gartner.com/en/newsroom/press-releases/2023-03-01-gartner-forecasts-39-percent-of-global-knowledge-workers-will-work-hybrid-by-the-end-of-2023.

2. Kotak, J., Habler, E., Brodt, O., Shabtai, A., and Elovici, Y. (2023). Information Security Threats and Working from Home Culture: Taxonomy, Risk Assessment and Solutions. Sensors, 23.

3. (2023, October 03). NIST Special Publication 800-207 Zero Trust Architecture Released August 2020, Available online: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf.

4. Department of Defense (DoD) (2023, October 03). Zero Trust Reference Architecture Version 2.0. July 2022, Available online: https://dodcio.defense.gov/Portals/0/Documents/Library/(U)ZT_RA_v2.0(U)_Sep22.pdf.

5. Parmar, V., Sanghvi, H.A., Patel, R.H., and Pandya, A.S. (2022, January 7–9). A comprehensive study on passwordless authentication. Proceedings of the 2022 International Conference on Sustainable Computing and Data Communication Systems (ICSCDS), Erode, India.