Volltext-Downloads (blau) und Frontdoor-Views (grau)

Risk-Based Authentication for OpenStack: A Fully Functional Implementation and Guiding Example

  • Online services have difficulties to replace passwords with more secure user authentication mechanisms, such as Two-Factor Authentication (2FA). This is partly due to the fact that users tend to reject such mechanisms in use cases outside of online banking. Relying on password authentication alone, however, is not an option in light of recent attack patterns such as credential stuffing. Risk-Based Authentication (RBA) can serve as an interim solution to increase password-based account security until better methods are in place. Unfortunately, RBA is currently used by only a few major online services, even though it is recommended by various standards and has been shown to be effective in scientific studies. This paper contributes to the hypothesis that the low adoption of RBA in practice can be due to the complexity of implementing it. We provide an RBA implementation for the open source cloud management software OpenStack, which is the first fully functional open source RBA implementation based on the Freeman et al. algorithm, along with initial reference tests that can serve as a guiding example and blueprint for developers.

Download full text files

Export metadata

Additional Services

Search Google Scholar Check availability


Show usage statistics
Document Type:Conference Object
Author:Vincent Unsel, Stephan WieflingORCiD, Nils Gruschka, Luigi Lo Iacono
Parent Title (English):13th ACM Conference on Data and Application Security and Privacy (CODASPY '23) (April 2023), Charlotte, NC, USA
First Page:237
Last Page:243
Publisher:Association for Computing Machinery
Place of publication:New York, NY, United States
Publishing Institution:Hochschule Bonn-Rhein-Sieg
Date of first publication:2023/04/24
Copyright:© 2023 Copyright held by the owner/author(s). Publication rights licensed to ACM. This is the author’s version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy (CODASPY ’23), April 24–26, 2023, Charlotte, NC, USA, https://doi.org/10.1145/3577923.3583634.
Keyword:Implementation Challenges; OpenStack; Risk-based Authentication
Departments, institutes and facilities:Fachbereich Informatik
Institut für Cyber Security & Privacy (ICSP)
Dewey Decimal Classification (DDC):0 Informatik, Informationswissenschaft, allgemeine Werke / 00 Informatik, Wissen, Systeme / 005 Computerprogrammierung, Programme, Daten
Entry in this database:2023/03/17
Licence (Multiple languages):License LogoIn Copyright (Urheberrechtsschutz)