A multi-layered approach to securing enterprise applications by using TLS, two-factor authentication and single sign-on

With the recent advances in information and communication technology, Web and Mobile Internet applications have become a part of our daily lives. These developments have also emerged Information Security concept due to the necessity of protecting information of institutions from Internet attackers. There are many security approaches to provide information security in Enterprise applications. However, using only one of these approaches may not be efficient enough to obtain security. This paper describes a Multi-Layered Framework of implementing two-factor and single sign-on authentication together. The proposed framework generates unique one-time passwords (OTP), which are used to authenticate application data. Nevertheless, using only OTP mechanism does not meet security requirements. Therefore, implementing a separate authentication application which has single sign-on capability is necessary.

[1]  Alexander M. Wyglinski,et al.  Detection of man-in-the-middle attacks using physical layer wireless security techniques , 2016, Wirel. Commun. Mob. Comput..

[2]  Nabie Y. Conteh,et al.  Cybersecurity:risks, vulnerabilities and countermeasures to prevent social engineering attacks , 2016 .

[3]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[4]  Justin Clarke-Salt SQL Injection Attacks and Defense , 2009 .

[5]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[6]  Ivar Jørstad,et al.  Using the mobile phone as a security token for unified authentication , 2007, 2007 Second International Conference on Systems and Networks Communications (ICSNC 2007).

[7]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[8]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.3 , 2018, RFC.

[9]  Dong Hoon Lee,et al.  Prevention Schemes Against Phishing Attacks on Internet Banking Systems , 2014 .

[10]  Hung-Yu Chien,et al.  Provably Secure Gateway-Oriented Password-Based Authenticated Key Exchange Protocol Resistant to Password Guessing Attacks , 2013, J. Inf. Sci. Eng..

[11]  Paul J Criscuolo,et al.  Distributed Denial of Service: Trin00, Tribe Flood Network, Tribe Flood Network 2000, and Stacheldraht CIAC-2319 , 2000 .

[12]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[13]  Costin Andrei Soare Internet Banking Two-Factor Authentication using Smartphones , 2012 .