SWAT: Seamless Web Authentication Technology
Autor: | Rochet, Florentin, Efthymiadis, Kyriakos, Koeune, François, Pereira, Olivier, The World Wide Web Conference (WWW 2019) |
---|---|
Přispěvatelé: | UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Informatics and Applied Informatics, Artificial Intelligence |
Jazyk: | angličtina |
Rok vydání: | 2019 |
Předmět: |
Computer Networks and Communications
Computer science Convolutional neural networks 02 engineering and technology User experience design 020204 information systems convolutional neural networks 0202 electrical engineering electronic engineering information engineering Html5 canvas Replay attack 2FA Authentication Stateless protocol HTML5 business.industry Client-side Authentication protocol Threat model Usable security 020201 artificial intelligence & image processing business html5 canvas Software Computer network |
Zdroj: | WWW |
Popis: | We present a seamless challenge-response authentication protocol which leverages on the variations of html5 canvas rendering made by the software and hardware stacks. After a training phase that leads to feature extraction with deep learning techniques, a server becomes able to authenticate a user based on fresh canvasses, hence avoiding replay attacks. The whole authentication process is natively supported by any mainstream browser, stateless on client side and can be transparent to the user. We argue that those features facilitate deployment and composition with other authentication mechanisms without lowering the user experience. We present the threat model against which our protocol is expected to live and discuss its security. We also present a prototype implementation of our protocol and report on a real-word experimentation that we ran in order to analyze its efficiency and effectiveness. |
Databáze: | OpenAIRE |
Externí odkaz: |