Tolbert et al., 2022 - Google Patents
Exploring Phone-Based Authentication Vulnerabilities in Single Sign-On SystemsTolbert et al., 2022
View PDF- Document ID
- 5394093649443870595
- Author
- Tolbert M
- Hess E
- Nascimento M
- Lei Y
- Shue C
- Publication year
- Publication venue
- International Conference on Information and Communications Security
External Links
Snippet
Phone-based authenticators (PBAs) are commonly incorporated into multi-factor authentication and passwordless login schemes for corporate networks and systems. These systems require users to prove that they possess a phone or phone number associated with …
- 229920003190 poly( p-benzamide) 0 abstract 3
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
- H04L63/083—Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or paths for security, e.g. using out of band channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATIONS NETWORKS
- H04W12/00—Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATIONS NETWORKS
- H04W12/00—Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M1/00—Substation equipment, e.g. for use by subscribers; Analogous equipment at exchanges
- H04M1/66—Substation equipment, e.g. for use by subscribers; Analogous equipment at exchanges with means for preventing unauthorised or fraudulent calling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M3/00—Automatic or semi-automatic exchanges
- H04M3/38—Graded-service arrangements, i.e. some subscribers prevented from establishing certain connections
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Huang et al. | Using one-time passwords to prevent password phishing attacks | |
| US9590973B2 (en) | Methods for fraud detection | |
| Ulqinaku et al. | Is real-time phishing eliminated with {FIDO}? social engineering downgrade attacks against {FIDO} protocols | |
| CA2926128C (en) | Authorization of server operations | |
| EP3175367B1 (en) | System and method for implementing a hosted authentication service | |
| US20100199086A1 (en) | Network transaction verification and authentication | |
| US9009800B2 (en) | Systems and methods of authentication in a disconnected environment | |
| EP2586174A1 (en) | Identity verification | |
| KR20170140215A (en) | Methods and systems for transaction security | |
| Jubur et al. | Bypassing push-based second factor and passwordless authentication with human-indistinguishable notifications | |
| US10834074B2 (en) | Phishing attack prevention for OAuth applications | |
| Calzavara et al. | Sub-session hijacking on the web: Root causes and prevention | |
| CN109740319B (en) | Digital identity verification method and server | |
| Thomchick et al. | Application level security in a public library: A case study | |
| Wedman et al. | An analytical study of web application session management mechanisms and HTTP session hijacking attacks | |
| Luvanda | Identifying threats associated with man-in-the-middle attacks during communication between a mobile device and the back end server in mobile banking applications | |
| Tolbert et al. | Exploring Phone-Based Authentication Vulnerabilities in Single Sign-On Systems | |
| Jagannath et al. | Browser‐in‐the‐middle attacks: A comprehensive analysis and countermeasures | |
| Russell | Bypassing multi-factor authentication | |
| Tolbert | Vulnerabilities of multi-factor authentication in modern computer networks | |
| Hackenjos et al. | FIDO2 with two displays-Or how to protect security-critical web transactions against malware attacks | |
| Luvanda | Proposed framework for securing mobile banking applications from man in the middle attacks | |
| Shukla et al. | A Passwordless MFA Utlizing Biometrics, Proximity and Contactless Communication | |
| Luckett | Phishing resistant systems: A literature review | |
| Khadilkar | Securing Internet Banking Against Data Phishing Using Cryptography |