{"title":"基于提示的双因素身份验证","authors":"","doi":"10.1016/j.cose.2024.104068","DOIUrl":null,"url":null,"abstract":"<div><p>With the increasing usage of cameras, the threat from video attacks has greatly increased in recent years in addition to shoulder surfing. Many organizations have implemented two-factor authentication to enhance security. However, attackers can still steal users' usernames and passwords from two-factor authentication through video attack or shoulder surfing and applied the credential stuffing attack, as most people use the same passwords on different applications. Cue-based authentication provides high protection against shoulder surfing attacks, but it remains vulnerable to video attacks. To mitigate the threats of video attacks, we propose cue-based two-factor authentication (i.e., Cue-2FA), which is distinct from other methods by separating cue display from response input (refer to Chapter 1). We conducted two user studies to compare the usability and security between Cue-2FA and a standard Time-based-One-Time-Password two-factor authentication (i.e., TOTP-2FA). The evaluate results revealed Cue-2FA provides both higher usability and stronger resistance to the shoulder surfing attack. However, when both the cue and response are recorded, Cue-2FA is not more resistant to the video attack than TOTP-2FA. To address this issue, we introduced misleading operations to Cue-2FA when inputting a response, which significantly improves the resistance to the video attack.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8000,"publicationDate":"2024-08-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Cue-based two factor authentication\",\"authors\":\"\",\"doi\":\"10.1016/j.cose.2024.104068\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>With the increasing usage of cameras, the threat from video attacks has greatly increased in recent years in addition to shoulder surfing. Many organizations have implemented two-factor authentication to enhance security. However, attackers can still steal users' usernames and passwords from two-factor authentication through video attack or shoulder surfing and applied the credential stuffing attack, as most people use the same passwords on different applications. Cue-based authentication provides high protection against shoulder surfing attacks, but it remains vulnerable to video attacks. To mitigate the threats of video attacks, we propose cue-based two-factor authentication (i.e., Cue-2FA), which is distinct from other methods by separating cue display from response input (refer to Chapter 1). We conducted two user studies to compare the usability and security between Cue-2FA and a standard Time-based-One-Time-Password two-factor authentication (i.e., TOTP-2FA). The evaluate results revealed Cue-2FA provides both higher usability and stronger resistance to the shoulder surfing attack. However, when both the cue and response are recorded, Cue-2FA is not more resistant to the video attack than TOTP-2FA. To address this issue, we introduced misleading operations to Cue-2FA when inputting a response, which significantly improves the resistance to the video attack.</p></div>\",\"PeriodicalId\":51004,\"journal\":{\"name\":\"Computers & Security\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":4.8000,\"publicationDate\":\"2024-08-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0167404824003730\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824003730","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
With the increasing usage of cameras, the threat from video attacks has greatly increased in recent years in addition to shoulder surfing. Many organizations have implemented two-factor authentication to enhance security. However, attackers can still steal users' usernames and passwords from two-factor authentication through video attack or shoulder surfing and applied the credential stuffing attack, as most people use the same passwords on different applications. Cue-based authentication provides high protection against shoulder surfing attacks, but it remains vulnerable to video attacks. To mitigate the threats of video attacks, we propose cue-based two-factor authentication (i.e., Cue-2FA), which is distinct from other methods by separating cue display from response input (refer to Chapter 1). We conducted two user studies to compare the usability and security between Cue-2FA and a standard Time-based-One-Time-Password two-factor authentication (i.e., TOTP-2FA). The evaluate results revealed Cue-2FA provides both higher usability and stronger resistance to the shoulder surfing attack. However, when both the cue and response are recorded, Cue-2FA is not more resistant to the video attack than TOTP-2FA. To address this issue, we introduced misleading operations to Cue-2FA when inputting a response, which significantly improves the resistance to the video attack.
期刊介绍:
Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world.
Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
