Table of Contents Author Guidelines Submit a Manuscript
Security and Communication Networks
Volume 2017 (2017), Article ID 4286903, 20 pages
Research Article

CLAS: A Novel Communications Latency Based Authentication Scheme

1Department of Electrical and Computer Engineering, New Jersey Institute of Technology, Newark, NJ, USA
2Qatar Computing Research Institute, Hamad Bin Khalifa University, Doha, Qatar

Correspondence should be addressed to Zuochao Dou

Received 2 January 2017; Revised 3 April 2017; Accepted 7 May 2017; Published 12 June 2017

Academic Editor: Emanuele Maiorana

Copyright © 2017 Zuochao Dou et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.


We design and implement a novel communications latency based authentication scheme, dubbed CLAS, that strengthens the security of state-of-the-art web authentication approaches by leveraging the round trip network communications latency (RTL) between clients and authenticators. In addition to the traditional credentials, CLAS profiles RTL values of clients and uses them to defend against password compromise. The key challenges are (i) to prevent RTL manipulation, (ii) to alleviate network instabilities, and (iii) to address mobile clients. CLAS addresses the first challenge by introducing a novel network architecture, which makes it extremely difficult for attackers to simulate legitimate RTL values. The second challenge is addressed by outlier removal and multiple temporal profiling, while the last challenge is addressed by augmenting CLAS with out-of-band-channels or other authentication schemes. CLAS restricts login to profiled locations while demanding additional information for nonprofiled ones, which highly reduces the attack surface even when the legitimate credentials are compromised. Additionally, unlike many state-of-the-art authentication mechanisms, CLAS is resilient to phishing, pharming, man-in-the-middle, and social engineering attacks. Furthermore, CLAS is transparent to users and incurs negligible overhead. The experimental results show that CLAS can achieve very low false positive and false negative rates.