Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A multi-factor authentication method to prevent credential stuffing attacks

An identity authentication, multi-factor technology, applied in the field of information security, can solve the problems of low security, no participation in the user-generated password calculation process, lack of practicality, etc., to enhance security, enhance the ability to verify the identity of logged-in users, avoid Easily stolen effects

Active Publication Date: 2018-03-06
XIDIAN UNIV
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, most of these authentication factors are not devices that users are used to carrying with them, such as smart card readers or fingerprint readers, which lack practicality; moreover, they simply store or display information, and do not participate in the calculation process of user-generated passwords. If the device is lost, then This factor can be easily exploited by attackers and has low security

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A multi-factor authentication method to prevent credential stuffing attacks
  • A multi-factor authentication method to prevent credential stuffing attacks
  • A multi-factor authentication method to prevent credential stuffing attacks

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0032] The present invention is a multi-factor identity authentication method for preventing credentialing attacks. In the present invention, the multi-factors include user password, mobile phone and wristband, all of which are indispensable, and multi-factors jointly participate in the completion of user registration and login. Refer to figure 1 , the specific implementation steps of the present invention include:

[0033] (1) Initialization phase:

[0034] 1a) Complete the bracelet initialization: register and activate the bracelet, and bind it to the mobile phone specified by user U, to ensure that the bracelet has Bluetooth function and can connect with the associated mobile phone via Bluetooth.

[0035] 1b) Ensure that the PC used by user U during the registration phase is safe and trusted.

[0036] (2) Registration stage:

[0037] User U uses the short password pwd that he can easily remember on the PC side to generate the original master key k and the verification str...

Embodiment 2

[0055] The multi-factor authentication method for preventing credential stuffing attacks is the same as that in Embodiment 1, refer to figure 2 , the specific implementation of the user registration phase is as follows:

[0056] 2a) User U chooses a random number r, an iteration number t and a short password pwd that he can easily remember for the target server S that he currently wants to register, and uses HKDF to calculate and generate a public verification string v and a definite password on the PC side. The original master key k, ie HKDF.Prepare(r, t, pwd) → (v, k).

[0057] When generating the original master key k, the user U can choose the complexity of generating the original master key k according to the security level by using the characteristics of the HKDF function, that is, choose the number of iterations t: for ordinary users, the number of iterations can be selected Fewer key generation operations; for enterprises or individuals that require a higher level of...

Embodiment 3

[0067] The multi-factor identity authentication method to prevent credential stuffing attacks is the same as that in Embodiment 1-2, the random number x generated in step 2b) of the registration phase is obtained by shaking the bracelet of one of the multi-factors by the user, and the shaking of the bracelet by the user has behavioral characteristics Yes, for different users, because of their different behavioral habits, even if the attacker obtains the user’s bracelet during the pre-login stage, it cannot accurately imitate the behavior characteristics of the user U shaking the bracelet when generating the random number x for the first time, and thus cannot accurately generate Matches the random number x in the registration stage, so it has a certain protective effect on the random number x. The random number x is transmitted to the mobile phone bound by the user by using bluetooth at close range. It is difficult for an attacker to obtain the user's mobile phone and bracelet a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a multi-factor identity authentication method for preventing library collision attacks, which is mainly used for solving the problem that user passwords in the existing website login systems are vulnerable to brute force attacks and library collision attacks. The multiple factors in the multi-factor identity authentication method disclosed by the invention comprises a user password, a mobile phone and a bracelet, which are indispensable to complete the security authentication of user identity. The multi-factor identity authentication method comprises the steps of: (1) a user uses a short password to generate an original master key through a termination key derivation function and processes the original master key for twice in combination with two random numbers related to the bracelet and the mobile phone respectively to generate a server storage password, and stores the server storage password in a server; (2) the user successively derives the original master key and two different random numbers in combination with the bracelet and the mobile phone factors to generate the server storage password; and (3) the user uses the server storage password to carry out mutual authentication with the server. The multiple factors in the multi-factor identity authentication method disclosed by the invention is used for generating different original master keys for different websites and providing security protection to effectively avoid the risk that a single password is vulnerable to embezzlement for identity camouflage.

Description

technical field [0001] The invention belongs to the technical field of information security, and particularly relates to a method for generating and storing user login passwords, in particular to a multi-factor identity authentication method for preventing credential stuffing attacks, which can be used to enhance the server's ability to authenticate users and prevent users from Leaking reused login passwords when registering on insecure websites. Background technique [0002] Secure communication over open networks is one of the research hotspots in modern cryptography. As the core technology of information security, cryptography provides encryption / decryption, message digest, digital signature and other cryptographic algorithms, which can realize the confidentiality, integrity and non-repudiation of information. Cryptography plays an important role in many aspects such as data protection, secure access, and trust system construction, and is the most effective and economica...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/083H04L63/0853
Inventor 金方园杨超马建峰李金库安迪何思蒙
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com