Return to search

Masquerader Detection via 2fa Honeytokens

Detection of insider threats is vital within cybersecurity. Techniques for detection include honeytokens, which most often are resources that, through deception, seek to expose intruders. One kind of insider that is detectable via honeytokens is the masquerader. This project proposes implementing a masquerader detection technique where honeytokens are placed within users’ filesystems in such a way that they also provide Two Factor Authentication(2fa) functionality. If a user’s second factor – the honeytoken –is not accessed within a specified timeframe after login, this indicates a potential intrusion, and only a “fake” filesystem will remain available. An alert is also triggered. The intention is to deter insiders from masquerading since they are aware that they must access a uniquely located honeytokena fter logging in to the legitimate user’s account. The technique was evaluated via user-testing that included interviews, a checklist with requirements for feasibility, and a cyber-security expert’s opinion on the technique’s feasibility. The main question evaluated during the project was the feasibility of adding the proposed technique to a computer system’s protective capabilities. The results of the project indicated that the proposed technique is feasible. The project’s results were also compared with the results of prior related research. The project’s scope was limited to a Linux system accessed via SSH into a Bash terminal(non-GUI-compatible), and the implemented technique was also evaluated within such an environment.

Identiferoai:union.ndltd.org:UPSALLA1/oai:DiVA.org:lnu-106964
Date January 2021
CreatorsWiklund, Anton
PublisherLinnéuniversitetet, Institutionen för datavetenskap och medieteknik (DM)
Source SetsDiVA Archive at Upsalla University
LanguageEnglish
Detected LanguageEnglish
TypeStudent thesis, info:eu-repo/semantics/bachelorThesis, text
Formatapplication/pdf
Rightsinfo:eu-repo/semantics/openAccess

Page generated in 0.0023 seconds