Detecting Compromised Servers in Online Transactions



Founding Entity: Hamad Bin Khalifa University (HBKU) – Innovation Center

Amount of the Founding: $ 12,000.00

Duration of the Project: 1 year

Lead Investigator: Prof. Dr. Roberto Di Pietro


Nowadays, Two-Factor Authentication (2FA) and, generally speaking, Multi-Factor Authentication (MFA) techniques are often used as an optional method to strengthen the security of legacy authentication techniques based on weak credentials, such as usernames and passwords. This strategy allows servers to validate the identity of a remote device claiming to be acting on behalf of an end-user. However, the connection between the server and the end-user could be compromised, e.g., via some malware or malicious physical device, able to re-route the end-user requests to different service providers. In this context, the identity of the server is usually verified through legacy methods based on Public-Key Infrastructures, where the possession of the digital certificate or the private key uniquely identify the server. These methods fail if the device used by the client is compromised. In such a case, even if supported by cryptographic mechanisms, the client would be cheated by the adversary. For example, an attacker could be able to freely change both the total amount and the recipient of a monetary transaction.

To solve the above issue, we propose the implementation of an innovative end-user-side Multi-Factor Authentication technique, able to successfully identify compromised servers and achieve strong server authentication in online transactions. Our solution leverages multiple independent devices, deployed besides the primary authentication device, to verify the identity claimed by a remote server. To prove its identity, the target server is forced to use its private key to generate one or more authentication messages, that are then decrypted by the end-user devices by using the corresponding public key locally stored. Specifically, each message is delivered to a distinct authentication device that, in turn, verifies (independently or in collaboration) the authenticity of the messages received by the server. The results of the verification are then delivered to the primary authentication device, that can finally aggregate the information and declare the device compromised or not.

It is worth noting that our innovative and turnkey solution is particularly useful to detect Man-in-the-Middle attacks targeting the communication link between the primary authentication device and the remote server. Indeed, even if  the primary authentication terminal is compromised, our solution is able to bypass such a compromised terminal, allowing the correct detection of the intrusion.