research-article

Risk-based Authentication Based on Network Latency Profiling

Authors:

Esteban Rivera,

Alejandra Castelblanco,

Christian López,

Martín OchoaAuthors Info & Claims

AISec'20: Proceedings of the 13th ACM Workshop on Artificial Intelligence and Security

Pages 105 - 115

https://doi.org/10.1145/3411508.3421377

Published: 09 November 2020 Publication History

Abstract

Impersonation attacks against web authentication servers have been increasing in complexity over the last decade. Tunnelling services, such as VPNs or proxies, can be for instance used to faithfully impersonate victims in foreign countries. In this paper we study the detection of user authentication attacks involving network tunnelling geolocation deception. For that purpose we explore different models to profile a user based on network latencies. We design a classical machine learning model and a deep learning model to profile web resource loading times collected on client-side. In order to test our approach we profiled network latencies for 86 real users located around the globe. We show that our proposed novel network profiling is able to detect up to 88.3% of attacks using VPN tunneling schemes

References

[1]

Can I use Resource Timing. https://caniuse.com/#feat=resource-timing. Accessed: 2020-06-27.

[2]

Abdou, A., Matrawy, A., and van Oorschot, P. C. Accurate manipulation of delay-based internet geolocation. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security (New York, NY, USA, 2017), ASIA CCS '17, Association for Computing Machinery, p. 887--898.

[3]

Abdou, A., and Oorschot, P. C. V. Server location verification (slv) and server location pinning: Augmenting tls authentication. ACM Trans. Priv. Secur. 21, 1 (Dec. 2017).

Digital Library

[4]

Alaca, F., and Van Oorschot, P. C. Device fingerprinting for augmenting web authentication: classification and analysis of methods. In Proceedings of the 32nd annual conference on computer security applications (2016), pp. 289--301.

Digital Library

[5]

Bonneau, J., Herley, C., Van Oorschot, P. C., and Stajano, F. Passwords and the evolution of imperfect authentication. Communications of the ACM 58, 7 (2015), 78--87.

Digital Library

[6]

Brands, S., and Chaum, D. Distance-bounding protocols. In Advances in Cryptology -- EUROCRYPT '93 (Berlin, Heidelberg, 1994), T. Helleseth, Ed., Springer Berlin Heidelberg, pp. 344--359.

[7]

Breunig, M. M., Kriegel, H.-P., Ng, R. T., and Sander, J. Lof: Identifying density-based local outliers. In Proceedings of the 2000 ACM SIGMOD International Conference on Management of Data (New York, NY, USA, 2000), SIGMOD '00, Association for Computing Machinery, p. 93--104.

Digital Library

[8]

Chatterjee, S., Gao, X., Sarkar, S., and Uzmanoglu, C. Reacting to the scope of a data breach: The differential role of fear and anger. Journal of Business Research 101 (2019), 183--193.

[9]

Freeman, D., Jain, S., Duermuth, M., Biggio, B., and Giacinto, G. Who are you? a statistical approach to measuring user authenticity.

[10]

Fridman, L., Weber, S., Greenstadt, R., and Kam, M. Active authentication on mobile devices via stylometry, application usage, web browsing, and gps location. IEEE Systems Journal 11, 2 (2017), 513--521.

[11]

Goltzsche, D., Wulf, C., Muthukumaran, D., Rieck, K., Pietzuch, P., and Kapitza, R. Trustjs: Trusted client-side execution of javascript. In Proceedings of the 10th European Workshop on Systems Security (2017), pp. 1--6.

Digital Library

[12]

Gueye, B., Ziviani, A., Crovella, M., and Fdida, S. Constraint-based geolocation of internet hosts. IEEE/ACM Transactions On Networking 14, 6 (2006), 1219--1232.

Digital Library

[13]

Han, A. L. F., Wong, D. F., and Chao, L. S. Password cracking and countermeasures in computer security: A survey. CoRR abs/1411.7803 (2014).

[14]

He, W., Liu, X., and Ren, M. Location cheating: A security challenge to location-based social network services. In 2011 31st International Conference on Distributed Computing Systems (2011), pp. 740--749.

Digital Library

[15]

Hintze, D., Koch, E., Scholz, S., and Mayrhofer, R. Location-based risk assessment for mobile authentication. In Proceedings of the 2016 ACM International Joint Conference on Pervasive and Ubiquitous Computing: Adjunct (New York, NY, USA, 2016), UbiComp '16, Association for Computing Machinery, p. 85--88.

Digital Library

[16]

Jain, A., Reifsteck, T., Mann, J., Wang, Z., and Quach, A. W3c candidate recommendation: Resource timing level 1. https://www.w3.org/TR/resource-timing-1/, 2017. Accessed: 2020-06-27.

[17]

Mohammad Rafiqul Alam, and King Sun Chan. Rtt-tc: A topological comparison based method to detect wormhole attacks in manet. In 2010 IEEE 12th International Conference on Communication Technology (2010), pp. 991--994.

[18]

Muir, J. A., and Oorschot, P. C. V. Internet geolocation: Evasion and counterevasion. Acm computing surveys (csur) 42, 1 (2009), 1--23.

[19]

Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., Vanderplas, J., Passos, A., Cournapeau, D., Brucher, M., Perrot, M., and Duchesnay, E. Scikit-learn: Machine learning in Python. Journal of Machine Learning Research 12 (2011), 2825--2830.

Digital Library

[20]

Poese, I., Uhlig, S., Kaafar, M. A., Donnet, B., and Gueye, B. Ip geolocation databases: Unreliable? ACM SIGCOMM Computer Communication Review 41, 2 (2011), 53--56.

Digital Library

[21]

Solano, J., Camacho, L., Correa, A., Deiro, C., Vargas, J., and Ochoa, M. Combining behavioral biometrics and session context analytics to enhance risk-based static authentication in web applications. International Journal of Information Security (Jun 2020).

[22]

Takamizawa, H., and Kaijiri, K. A web authentication system using location information from mobile telephones. Proceedings of the 8th IASTED International Conference on Web-based Education, WBE 2009 (01 2009).

[23]

Traore, I., Woungang, I., Obaidat, M. S., Nakkabi, Y., and Lai, I. Combining mouse and keystroke dynamics biometrics for risk-based authentication in web environments. In 2012 fourth international conference on digital home (2012), IEEE, pp. 138--145.

[24]

Trojahn, M., and Marcus, P. Towards coupling user and device locations using biometrical authentication on smartphones. In 2012 International Conference for Internet Technology and Secured Transactions (2012), pp. 736--741.

[25]

Wiefling, S., Lo Iacono, L., and Dürmuth, M. Is this really you? an empirical study on risk-based authentication applied in the wild. IFIP Advances in Information and Communication Technology (2019), 134--148.

[26]

Zhao, Y., Yuan, H., Jiang, T., and Chen, X. Secure distributed data geolocation scheme against location forgery attack. Journal of Information Security and Applications 47 (2019), 50--58.

Cited By

Han ALee D(2023)Detecting Risky Authentication Using the OpenID Connect Token Exchange TimeSensors10.3390/s2319825623:19(8256)Online publication date: 5-Oct-2023
https://doi.org/10.3390/s23198256
Papaioannou MPelekoudas-Oikonomou FMantas GSerrelis ERodriguez JFengou M(2023)A Survey on Quantitative Risk Estimation Approaches for Secure and Usable User Authentication on SmartphonesSensors10.3390/s2306297923:6(2979)Online publication date: 9-Mar-2023
https://doi.org/10.3390/s23062979
Makowski JPöhn D(2023)Evaluation of Real-World Risk-Based Authentication at Online Services Revisited: Complexity WinsProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3605024(1-9)Online publication date: 29-Aug-2023
https://dl.acm.org/doi/10.1145/3600160.3605024
Show More Cited By

Recommendations

Network anomaly detection and security defense technology based on machine learning: A review
Highlights
- Enhances network anomaly detection and security using ML.
- ML methods for network threat detection are evaluated.
- Optimizes ML model training hyperparameter modification, validation, and transparency.
- Wireless Sensor networks ...
Abstract
Robust solutions are essential for protecting complex network systems in the constantly changing cybersecurity scenario. This investigation examines the role of machine learning (ML) in improving the safety of digital infrastructure by examining ...
Graphical abstract

Display Omitted
Adversarial machine learning in IoT from an insider point of view
Abstract
With the rapid progress and significant successes in various applications, machine learning has been considered a crucial component in the Internet of Things ecosystem. However, machine learning models have recently been vulnerable to ...
Adversarial attacks on machine learning-based cyber security systems: a survey of techniques and defences

Machine learning (ML) has been increasingly adopted in the field of cyber security to enhance the detection and prevention of cyber threats. However, recent studies have demonstrated that ML-based cyber security systems are vulnerable to adversarial ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

AISec'20: Proceedings of the 13th ACM Workshop on Artificial Intelligence and Security

November 2020

134 pages

ISBN:9781450380942

DOI:10.1145/3411508

General Chairs:
Jay Ligatti
University of South Florida, USA
,
Xinming Ou
University of South Florida, USA
,
Program Chairs:
Sadia Afroz
UC Berkeley
,
Nicholas Carlini
Google Brain
,
Ambra Demontis
University of Cagliari

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 November 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '20

Sponsor:

SIGSAC

CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security

November 13, 2020

Virtual Event, USA

Acceptance Rates

Overall Acceptance Rate 94 of 231 submissions, 41%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
330
Total Downloads

Downloads (Last 12 months)39
Downloads (Last 6 weeks)3

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Han ALee D(2023)Detecting Risky Authentication Using the OpenID Connect Token Exchange TimeSensors10.3390/s2319825623:19(8256)Online publication date: 5-Oct-2023
https://doi.org/10.3390/s23198256
Papaioannou MPelekoudas-Oikonomou FMantas GSerrelis ERodriguez JFengou M(2023)A Survey on Quantitative Risk Estimation Approaches for Secure and Usable User Authentication on SmartphonesSensors10.3390/s2306297923:6(2979)Online publication date: 9-Mar-2023
https://doi.org/10.3390/s23062979
Makowski JPöhn D(2023)Evaluation of Real-World Risk-Based Authentication at Online Services Revisited: Complexity WinsProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3605024(1-9)Online publication date: 29-Aug-2023
https://dl.acm.org/doi/10.1145/3600160.3605024
Lv SWang CWang ZWang SWang BZhang Y(2023)AAE-DSVDD: A one-class classification model for VPN traffic identificationComputer Networks10.1016/j.comnet.2023.109990236(109990)Online publication date: Nov-2023
https://doi.org/10.1016/j.comnet.2023.109990
Krishnan VSukumaran S(2022)Risk-Based AuthenticationHandbook of Research on Mathematical Modeling for Smart Healthcare Systems10.4018/978-1-6684-4580-8.ch009(154-179)Online publication date: 24-Jun-2022
https://doi.org/10.4018/978-1-6684-4580-8.ch009
Wiefling SJørgensen PThunem SIacono L(2022)Pump Up Password Security! Evaluating and Enhancing Risk-Based Authentication on a Real-World Large-Scale Online ServiceACM Transactions on Privacy and Security10.1145/354606926:1(1-36)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3546069
Wiefling SDürmuth MLo Iacono L(2021)What’s in Score for Website Users: A Data-Driven Long-Term Study on Risk-Based Authentication CharacteristicsFinancial Cryptography and Data Security10.1007/978-3-662-64331-0_19(361-381)Online publication date: 23-Oct-2021
https://doi.org/10.1007/978-3-662-64331-0_19

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten