Browse > Article
http://dx.doi.org/10.9717/kmms.2022.25.9.1284

A Study on IP Address and Threshold-based Account Lockout Prevention to Deal with Intentional Consecutive Authentication Failures  

Jeong, Jinho (DJ FAMILY)
Cha, Youngwook (Dept. of Computer Engineering, Andong National University)
Publication Information
Journal of Korea Multimedia Society / v.25, no.9, 2022 , pp. 1284-1290 More about this Journal
Abstract
An attacker with a malicious purpose can intentionally type other users' accounts and passwords, causing them to be locked or revoked. Although NIST introduced methods to prevent this attack, all suggested methods are inappropriate to prevent an attacker from manually failing authentication, and reduce user availability. In this paper, in order to prevent user account lockout due to an attacker's intentional authentication failure, we propose a new authentication method using IP address and number of failed authentication. The proposed method not only blocks attackers who intentionally try to fail authentication, but also provides convenience to users because accounts are not locked or revoked. It can also safely protect passwords against password cracking attacks.
Keywords
Account Lockout; Password; Authentication;
Citations & Related Records
연도 인용수 순위
  • Reference
1 e-SAFE, https://e-safe.ksd.or.kr/page/signCenter/lock.jsp (accessed July 10, 2022).
2 Ministry of Science and ICT, Electronic Signature Act, 2021.
3 N. Roshanbin and J. Miller, "A Survey and Analysis of Current CAPTCHA Approaches," J ournal of Web Engineering, Vol. 12, pp. 1-40, 2013.
4 SecurityWeek, https://www.securityweek.com/mirai-botnet-infects-devices-164-countries (accessed July 10, 2022)
5 Financial Security Agency, NIST, Recommendations on P assword Management, 2021.
6 Twitter, https://help.twitter.com/en/managing-your-account/locked-out-after-too-manylogin-attempts (accessed July 10, 2022).
7 National Institute of Standards and Technology (NIST), Digital Authentication Guidelines Authentication and Lifecycle Management, NIST Special Publication 800-63B, 2017.
8 Korea Policy Briefing, https://www.korea.kr/news/reporterView.do?newsId=148880719 (accessed July 10, 2022).
9 Korea Internet & Security Agency (KISA), Password Selection and Usage Guide, 2019.
10 T. Keyser and C. Dainty, The Information Governance Toolkit: Data P rotection, Caldicott, Confidentiality (1st ed.), CRC Press, 2005.