Bölin et al., 2024 - Google Patents
Penetration Testing of One-Time Password AuthenticationBölin et al., 2024
View PDF- Document ID
- 9884105237584311668
- Author
- Bölin O
- Van Daele P
- Publication year
External Links
Snippet
Background. Multifactor authentication (MFA) is a widely used service in today's world, specifically one-time passwords (OTP), a short, often counter and/or time-based password the user enters as a secondary protection against attackers. These passwords are usually …
- 238000012360 testing method 0 title description 78
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
- H04L63/083—Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/141—Denial of service attacks against endpoints in a network
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Specter et al. | The ballot is busted before the blockchain: A security analysis of voatz, the first internet voting application used in {US}. federal elections | |
| Huang et al. | Using one-time passwords to prevent password phishing attacks | |
| Sun et al. | oPass: A user authentication protocol resistant to password stealing and password reuse attacks | |
| US9736147B1 (en) | Artificial intelligence encryption model (AIEM) with device authorization and attack detection (DAAAD) | |
| Herrmann et al. | Basic concepts and models of cybersecurity | |
| Feng et al. | A Formal Analysis of the FIDO UAF Protocol. | |
| Gilsenan et al. | Security and Privacy Failures in Popular {2FA} Apps | |
| Cao et al. | Protecting web-based single sign-on protocols against relying party impersonation attacks through a dedicated bi-directional authenticated secure channel | |
| Stewart | CompTIA Security+ Review Guide: Exam SY0-601 | |
| Kepkowski et al. | How not to handle keys: Timing attacks on FIDO authenticator privacy | |
| Feng et al. | FIDO gets verified: A formal analysis of the universal authentication framework protocol | |
| Zhang et al. | Kingfisher: Unveiling insecurely used credentials in iot-to-mobile communications | |
| Dib et al. | Insider attack model against HSM-based architecture | |
| Tong et al. | Guardroid: A trusted path for password entry | |
| Bhardwaj et al. | Risks for Conversational AI Security | |
| Karthiga et al. | Enhancing performance of user authentication protocol with resist to password reuse attacks | |
| Bölin et al. | Penetration Testing of One-Time Password Authentication | |
| Elghaly | Learn Penetration Testing with Python 3. x: Perform Offensive Pentesting and Prepare Red Teaming to Prevent Network Attacks and Web Vulnerabilities (English Edition) | |
| Bang et al. | On Threat Models for Information-Stealing Malware (ISM) Targeting Password Managers | |
| Verbitskiy | Node. js security | |
| Chen | Vulnerability Testing for WebAuthn | |
| Singh et al. | Penetration testing and security measures to identify vulnerability inside the system | |
| He et al. | Zerologon Explored: In-Depth Analysis and Mitigation Strategies for Microsoft’s Critical Vulnerability | |
| Liu | Ethical Hacking of a Smart Video Doorbell | |
| Liu | Penetration testing of Sesame Smart door lock |