Australian Information Security Management Conference

Document Type

Conference Proceeding

ISBN

978-0-6481270-8-6

Comments

Originally published as: Nicholson, A., Janicke, H., Jones, A., & Alnajaar, A. (2017). Deceptive security based on authentication profiling. In Valli, C. (Ed.). (2017). The Proceedings of 15th Australian Information Security Management Conference, 5-6 December, 2017, Edith Cowan University, Perth, Western Australia. (pp.140-148).

Abstract

Passwords are broken. Multi-factor Authentication overcomes password insecurities, but its potentials are often not realised. This article presents InSight, a system to actively identify perpetrators by deceitful adaptation of the accessible system resources using Multi-factor Authentication profiles. This approach improves authentication reliability and attributes users by computing trust scores against profiles. Based on this score, certain functionality is locked, unlocked, buffered, or redirected to a deceptive honeypot, which is used for attribution. The novelty of this approach is twofold; a profile-based multi-factor authentication approach that is combined with a gradient, deceptive honeypot.

DOI

10.4225/75/5a84f8fe95b4f

Share

 
COinS