Publication Type
Conference Proceeding Article
Version
publishedVersion
Publication Date
12-2018
Abstract
Two-factor authentication (2FA) systems provide another layer of protection to users' accounts beyond password. Traditional hardware token based 2FA and software token based 2FA are not burdenless to users since they require users to read, remember, and type a onetime code in the process, and incur high costs in deployments or operations. Recent 2FA mechanisms such as Sound-Proof, reduce or eliminate users' interactions for the proof of the second factor; however, they are not designed to be used in certain settings (e.g., quiet environments or PCs without built-in microphones), and they are not secure in the presence of certain attacks (e.g., sound-danger attack and co-located attack).To address these problems, we propose Typing-Proof, a usable, secure and low-cost two-factor authentication mechanism. Typing-Proof is similar to software token based 2FA in a sense that it uses password as the first factor and uses a registered phone to prove the second factor. During the second-factor authentication procedure, it requires a user to type any random code on a login computer and authenticates the user by comparing the keystroke timing sequence of the random code recorded by the login computer with the sounds of typing random code recorded by the user's registered phone. Typing-Proof can be reliably used in any settings and requires zero user-phone interaction in the most cases. It is practically secure and immune to the existing attacks to recent 2FA mechanisms. In addition, Typing-Proof enables significant cost savings for both service providers and users.
Discipline
Information Security
Research Areas
Cybersecurity
Publication
ACSAC '18: Proceedings of the 34th Annual Computer Security Applications Conference, San Juan, Puerto Rico, December 3-7
First Page
53
Last Page
65
ISBN
9781450365697
Identifier
10.1145/3274694.3274699
Publisher
ACM
City or Country
New York
Citation
LIU, Ximming; LI, Yingjiu; and DENG, Robert H..
Typing-Proof: Usable, secure and low-cost two-factor authentication based on keystroke timings. (2018). ACSAC '18: Proceedings of the 34th Annual Computer Security Applications Conference, San Juan, Puerto Rico, December 3-7. 53-65.
Available at: https://ink.library.smu.edu.sg/sis_research/4211
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
https://doi.org/10.1145/3274694.3274699