Typing-Proof: Usable, secure and low-cost two-factor authentication based on keystroke timings

Author

Ximming LIU, Singapore Management UniversityFollow
Yingjiu LI, Singapore Management UniversityFollow
Robert H. DENG, Singapore Management UniversityFollow

Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

12-2018

Abstract

Two-factor authentication (2FA) systems provide another layer of protection to users' accounts beyond password. Traditional hardware token based 2FA and software token based 2FA are not burdenless to users since they require users to read, remember, and type a onetime code in the process, and incur high costs in deployments or operations. Recent 2FA mechanisms such as Sound-Proof, reduce or eliminate users' interactions for the proof of the second factor; however, they are not designed to be used in certain settings (e.g., quiet environments or PCs without built-in microphones), and they are not secure in the presence of certain attacks (e.g., sound-danger attack and co-located attack).To address these problems, we propose Typing-Proof, a usable, secure and low-cost two-factor authentication mechanism. Typing-Proof is similar to software token based 2FA in a sense that it uses password as the first factor and uses a registered phone to prove the second factor. During the second-factor authentication procedure, it requires a user to type any random code on a login computer and authenticates the user by comparing the keystroke timing sequence of the random code recorded by the login computer with the sounds of typing random code recorded by the user's registered phone. Typing-Proof can be reliably used in any settings and requires zero user-phone interaction in the most cases. It is practically secure and immune to the existing attacks to recent 2FA mechanisms. In addition, Typing-Proof enables significant cost savings for both service providers and users.

Discipline

Information Security

Research Areas

Cybersecurity

Publication

ACSAC '18: Proceedings of the 34th Annual Computer Security Applications Conference, San Juan, Puerto Rico, December 3-7

First Page

53

Last Page

65

ISBN

9781450365697

Identifier

10.1145/3274694.3274699

Publisher

ACM

City or Country

New York

Citation

LIU, Ximming; LI, Yingjiu; and DENG, Robert H.. Typing-Proof: Usable, secure and low-cost two-factor authentication based on keystroke timings. (2018). ACSAC '18: Proceedings of the 34th Annual Computer Security Applications Conference, San Juan, Puerto Rico, December 3-7. 53-65.
Available at: https://ink.library.smu.edu.sg/sis_research/4211

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1145/3274694.3274699