TY - GEN
T1 - Knocking on Admin’s Door
T2 - 21st International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2024
AU - Tsouvalas, Billy
AU - Nikiforakis, Nick
N1 - Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.
PY - 2024
Y1 - 2024
N2 - In this paper, we introduce PageKnocker, a deception-based supplementary authentication mechanism, aimed primarily at protecting the public-facing authentication endpoints of critical web applications. PageKnocker is inspired by the network security concept of port knocking, and uses the requests to the web application as a means of authentication for the login page. Specifically, the authentication is successful (i.e. the user gets to access the login page of a web application), if the user’s request sequence matches their personal predefined request sequence. In this manner, PageKnocker offers web application administrators the comparative advantage of knowing the nature of a visitor even before that visitor sends the first set of credentials. Alongside PageKnocker, we introduce two deceptive login environments, one overtly deceptive and one clandestine, towards which we direct any unauthenticated user attempting to reach the real login page. To evaluate the security and usability of page knocks, we deploy PageKnocker-protected honeypots in the wild and perform a separate user study, showing that PageKnocker can resist tens of thousands of brute-forcing bots, while remaining usable and intuitive.
AB - In this paper, we introduce PageKnocker, a deception-based supplementary authentication mechanism, aimed primarily at protecting the public-facing authentication endpoints of critical web applications. PageKnocker is inspired by the network security concept of port knocking, and uses the requests to the web application as a means of authentication for the login page. Specifically, the authentication is successful (i.e. the user gets to access the login page of a web application), if the user’s request sequence matches their personal predefined request sequence. In this manner, PageKnocker offers web application administrators the comparative advantage of knowing the nature of a visitor even before that visitor sends the first set of credentials. Alongside PageKnocker, we introduce two deceptive login environments, one overtly deceptive and one clandestine, towards which we direct any unauthenticated user attempting to reach the real login page. To evaluate the security and usability of page knocks, we deploy PageKnocker-protected honeypots in the wild and perform a separate user study, showing that PageKnocker can resist tens of thousands of brute-forcing bots, while remaining usable and intuitive.
UR - https://www.scopus.com/pages/publications/85200699541
U2 - 10.1007/978-3-031-64171-8_15
DO - 10.1007/978-3-031-64171-8_15
M3 - Conference contribution
AN - SCOPUS:85200699541
SN - 9783031641701
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 283
EP - 306
BT - Detection of Intrusions and Malware, and Vulnerability Assessment - 21st International Conference, DIMVA 2024, Proceedings
A2 - Maggi, Federico
A2 - Egele, Manuel
A2 - Payer, Mathias
A2 - Carminati, Michele
PB - Springer Science and Business Media Deutschland GmbH
Y2 - 17 July 2024 through 19 July 2024
ER -