Devoloping a Two Factor Authentication System to Identify Vulnerabitlies in Public Wifi Leading to Hovac Attacks

Authors

  • Israa Ahmed Jaddoa JADDOA
  • Asst.Prof.Dr. Ayca Turkben Kurnaz Information Technologies, Altinbas university, Istanbul, Turkey.

Keywords:

HOVAC ,Wi-Fi, 2FA.

Abstract

Although public Wi-Fi networks offer a lot of convenience, users should be aware that their data may not always be safe. Hackers are able to launch cyber-attacks by taking advantage of vulnerabilities in these networks. These attacks include the so-called HOVAC attacks, which stand for hacktivism, organized crime, vendetta, espionage, and cyber warfare. We propose a two-factor authentication system that identifies vulnerabilities in public Wi-Fi networks as a means of reducing the likelihood that such attacks would be successful. A way for authenticating users via passwords serves as the initial component in our multi-factor authentication system. In order for users to connect to a public Wi-Fi network, they will be required to enter a password. This password will be one of a kind for each individual user, and it will be kept in a protected database. Before a user is allowed to connect their device to the network, our authentication system will conduct a vulnerability scan on the user's device as the second factor in the authentication process. This scan will determine whether or not the user's device contains any vulnerabilities that a hacker might be able to take advantage of. Before the user is allowed to connect to the network, they will be urged to take action to remedy any vulnerabilities that may have been discovered during the scan. In order to create this system, we will employ a variety of different methods, including data analysis and machine learning. We are going to collect data on public Wi-Fi networks and then apply machine learning techniques in order to detect patterns of vulnerabilities that are frequently exploited by hackers. We will also conduct an analysis of data pertaining to HOVAC assaults in order to determine the commonalities shared by these attacks, such as the different sorts of vulnerabilities that are exploited. When we have completed development of the authentication system, we will put it through its paces in an environment more representative of the actual world in order to determine how well it performs. We will collaborate with companies who supply public Wi-Fi to install the technology on their networks and monitor how well it operates over time. In addition, we will solicit input from users in order to ascertain whether or not they have any problems or worries regarding the system. In short, the proposed two-factor authentication system that we have developed is intended to detect flaws in public Wi-Fi networks and reduce the likelihood of HOVAC cyber assaults. We want to achieve our goal of providing customers with a method that is both secure and convenient for connecting to public Wi-Fi networks by combining password-based authentication with vulnerability scanning.

References

Adams, A.; Sasse, M. Users are not the enemy. Commun. ACM 1999, 42, 40–46.

Bošnjak, L.; Sreš, J.; Brumen, B. Brute-force and dictionary attack on hashed real-world passwords. In Proceedings of the 41st International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), Opatija, Croatia, 21–25 May 2018; pp. 1161–1166.

Han, W.; Li, Z.; Yuan, L.; Xu, W. Regional Patterns and Vulnerability Analysis of Chinese Web Passwords. IEEE Trans. Inf. Forensics and Secur. 2016, 11, 258–272

Velásquez, I.; Caro, A.; Rodríguez, A. Authentication schemes and methods: A systematic literature review. Inform. Software Tech. 2018, 94, 30–37.

Google. Google-Authenticator. Available online: https://github.com/google/google-authenticator/wiki (accessed on 20 January 2020).

M’Raihi, D.; Bellare, M.; Hoornaert, F.; Naccache, D.; Ranen, O. RFC 4226 HOTP: An HMAC-Based One-Time Password Algorithm. Available online: https://www.rfc-editor.org/info/rfc4226 (accessed on 20 January 2020).

M’Raihi, D.; Machani, S.; Pei, M.; Rydell, J. RFC 6238 TOTP: Time-Based One-Time Password Algorithm. Available online: https://www.rfc-editor.org/info/rfc6238 (accessed on 20 January 2020).

Kogan, D.; Manohar, N.; Boneh, D. T/Key: Second-Factor Authentication From Secure Hash Chains. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, Association for Computing Machinery. New York, NY, USA, 30 October–3 November 2017; CCS ’17. pp. 983–999.

Homoliak, I.; Breitenbacher, D.; Binder, A.; Szalachowski, P. SmartOTPs: An Air-Gapped 2-Factor Authentication for Smart-Contract Wallets. arXiv 2018, arXiv:1812.03598.

Herley, C.; Oorschot, P.V. A Research Agenda Acknowledging the Persistence of Passwords. IEEE Secur. Priv. 2012, 10, 28–36.

Li, H.; Lu, R.; Zhou, L.; Yang, B.; Shen, X. An Efficient Merkle-Tree-Based Authentication Scheme for Smart Grid. IEEE Syst. J. 2014, 8, 655–663.

Huszti, A.; Oláh, N. A simple authentication scheme for clouds. In Proceedings of the 2016 IEEE Conference on Communications and Network Security (CNS), Philadelphia, PA, USA, 17–19 October 2016; pp. 565–569.

Lamport, L. Password authentication with insecure communication. Commun. ACM 1981, 24, 770–772.

Bittl, S. Efficient construction of infinite length hash chains with perfect forward secrecy using two independent hash functions. In Proceedings of the 2014 11th International Conference on Security and Cryptography (SECRYPT), Vienna, Austria, 28–30 August 2014; pp. 1–8. [Google Scholar]

Park, C.S. One-time password based on hash chain without shared secret and re-registration. Comput. Secur. 2018, 75, 138–146.

Erdem, E.; Sandıkkaya, M.T. OTPaaS—One Time Password as a Service. IEEE Trans. Inf. Forensics Secur. 2019, 14, 743–756.

Shirvanian, M.; Jarecki, S.; Saxena, N.; Nathan, N. Two-Factor Authentication Resilient to Server Compromise Using Mix-Bandwidth Devices. Presented at NDSS Symposium 2014, San Diego, CA, USA, 23–26 February 2014

Merkle, R.C. A Certified Digital Signature. In Proceedings of the Advances in Cryptology—CRYPTO’ 89 Proceedings, Santa Barbara, CA, USA, 20–24 August 1989; Brassard, G., Ed.; Springer: New York, NY, USA, 1990; pp. 218–238.

Dai, H.; Zheng, Z.; Zhang, Y. Blockchain for Internet of Things: A Survey. IEEE Internet Things J. 2019, 6, 8076–8094.

Liang, W.; Huang, W.; Long, J.; Zhang, K.; Li, K.; Zhang, D. Deep Reinforcement Learning for Resource Protection and Real-time Detection in IoT Environment. IEEE Internet Things J. 2020, 7, 6392–6401.

Liang, W.; Li, K.; Long, J.; Kui, X.; Zomaya, A. An Industrial Network Intrusion Detection Algorithm based on Multi-Feature Data Clustering Optimization Model. IEEE Trans. Industry. Inform. 2020, 16, 2063–2071.

Narayanan, A.; Shmatikov, V. Fast Dictionary Attacks on Passwords Using Time-Space Tradeoff. In CCS ’05, Proceedings of the 12th ACM Conference on Computer and Communications Security, New York, NY, USA, 7–11 November 2005; Association for Computing Machinery: New York, NY, USA, 2005; pp. 364–372.

Gupta, S.; Singhal, A.; Kapoor, A. A literature survey on social engineering attacks: Phishing attack. In Proceedings of the 2016 International Conference on Computing, Communication and Automation (ICCCA), Greater Noida, India 29–30 April 2016; pp. 537–540.

AbdAllah, E.G.; Hassanein, H.S.; Zulkernine, M. A Survey of Security Attacks in Information-Centric Networking. IEEE Commun. Surv. 2015, 17, 1441–1454.

Starnberger, G.; Froihofer, L.; Goeschka, K.M. QR-TAN: Secure Mobile Transaction Authentication. In Proceedings of the 2009 International Conference on Availability, Reliability and Security, Fukuoka, Japan, 16–19 March 2009; pp. 578–583.

Babkin, S.; Epishkina, A. Authentication Protocols Based on One-Time Passwords. In Proceedings of the 2019 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus), Moscow and St. Petersburg, Russia, 28–31 January 2019; pp. 1794–1798.

Jiao, J.; Wang, L.; Li, Y.; Han, D.; Yao, M.; Li, K.; Jiang, H. CASH: Correlation-aware scheduling to mitigate soft error impact on heterogeneous multicores. Conn. Sci. 2020.

Xiao, T.; Han, D.; He, J.; Li, K.; de Mello, R. Multi-Keyword ranked search based on mapping set matching in cloud ciphertext storage system. Conn. Sci. 2020.

Downloads

Published

2023-07-06

How to Cite

Israa Ahmed Jaddoa JADDOA, & Asst.Prof.Dr. Ayca Turkben Kurnaz. (2023). Devoloping a Two Factor Authentication System to Identify Vulnerabitlies in Public Wifi Leading to Hovac Attacks. International Journal of Scientific Trends, 2(7), 1–19. Retrieved from https://scientifictrends.org/index.php/ijst/article/view/111

Issue

Vol. 2 No. 7 (2023): IJST

Section

Articles

License

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.