A Microservices and Blockchain Based One Time Password (MBB-OTP) Protocol for Security-Enhanced Authentication

2021 IEEE Symposium on Computers and Communications (ISCC) Pub Date : 2021-09-05 DOI:10.1109/ISCC53001.2021.9631479

Alessio Catalfamo, Armando Ruggeri, A. Celesti, M. Fazio, M. Villari

{"title":"A Microservices and Blockchain Based One Time Password (MBB-OTP) Protocol for Security-Enhanced Authentication","authors":"Alessio Catalfamo, Armando Ruggeri, A. Celesti, M. Fazio, M. Villari","doi":"10.1109/ISCC53001.2021.9631479","DOIUrl":null,"url":null,"abstract":"Nowadays, the increasing complexity of digital applications for social and business activities has required more and more advanced mechanisms to prove the identity of subjects like those based on the Two-Factor Authentication (2FA). Such an approach improves the typical authentication paradigm but it has still some weaknesses. Specifically, it has to deal with the disadvantages of a centralized architecture causing several security threats like denial of service (DoS) and man-in-the-middle (MITM). In fact, an attacker who succeeds in violating the central authentication server could be able to impersonate an authorized user or block the whole service. This work advances the state of art of 2FA solutions by proposing a decentralized Microservices and Blockchain Based One Time Password (MBB-OTP) protocol for security-enhanced authentication able to mitigate the aforementioned threats and to fit different application scenarios. Experiments prove the goodness of our MBB-OTP protocol considering both private and public Blockchain configurations.","PeriodicalId":270786,"journal":{"name":"2021 IEEE Symposium on Computers and Communications (ISCC)","volume":"41 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE Symposium on Computers and Communications (ISCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISCC53001.2021.9631479","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

Nowadays, the increasing complexity of digital applications for social and business activities has required more and more advanced mechanisms to prove the identity of subjects like those based on the Two-Factor Authentication (2FA). Such an approach improves the typical authentication paradigm but it has still some weaknesses. Specifically, it has to deal with the disadvantages of a centralized architecture causing several security threats like denial of service (DoS) and man-in-the-middle (MITM). In fact, an attacker who succeeds in violating the central authentication server could be able to impersonate an authorized user or block the whole service. This work advances the state of art of 2FA solutions by proposing a decentralized Microservices and Blockchain Based One Time Password (MBB-OTP) protocol for security-enhanced authentication able to mitigate the aforementioned threats and to fit different application scenarios. Experiments prove the goodness of our MBB-OTP protocol considering both private and public Blockchain configurations.

查看原文本刊更多论文

基于微服务和区块链的一次性密码(MBB-OTP)安全增强认证协议

如今，社会和商业活动的数字应用越来越复杂，需要越来越先进的机制来证明主体的身份，如基于双因素身份验证(2FA)的机制。这种方法改进了典型的身份验证范例，但它仍然存在一些弱点。具体来说，它必须处理集中式体系结构的缺点，这些缺点会导致拒绝服务(DoS)和中间人(MITM)等安全威胁。事实上，成功入侵中央身份验证服务器的攻击者可以冒充授权用户或阻止整个服务。这项工作通过提出一种分散的微服务和基于b区块链的一次性密码(MBB-OTP)协议来提高2FA解决方案的技术水平，用于安全增强的身份验证，能够减轻上述威胁并适应不同的应用场景。实验证明了我们的MBB-OTP协议在私有和公共区块链配置下的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 IEEE Symposium on Computers and Communications (ISCC)

自引率

0.00%

发文量