Methods of counteraction of bypassing two-factor authentication using reverse proxy
DOI:
https://doi.org/10.20535/tacs.2664-29132021.1.251299Abstract
The existing solutions for counteracting and preventing the interception of data and tokens of two-factor authentication are considered. Features that may indicate the presence of a silent reverse proxy server are chosen. It is proposed to analyze the information about additional time anomalies, which are usually created by the proxy server. The advantage of this approach is that the time characteristics information is generated on the client-side, and the malicious proxy server cannot modify it. Machine learning methods were used to detect implicit signs of the presence of a proxy server. A new method of detecting a silent reverse proxy server that satisfies the following conditions is proposed: 1) the human factor is minimized, 2) use by an individual user is possible, 3) the method has an acceptable impact on performance and can be used in real-time.
Downloads
Published
Issue
Section
License
Authors who publish with this journal agree to the following terms:
Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
