Applying MAC Address-Based Access Control for Securing Admin’s Login Page

Authentication is a very important process for securing web applications. Username and password are two parameters commonly used for user authentication on the administrator’s login page. However, such the two authentication parameters can be easily breached so that they can become a vulnerability that adversary parties can use to conduct malicious activities. For example, the attackers can commit a crime such as data modification or theft or even more dangerous take over administrator services of a system. Therefore, it is necessary to improve the security mechanism by adding additional factor of authentication other than username and password. In this study, an improvement in authentication mechanisms was carried out by applying MAC Address-based access control as an additional authentication factor. In this method, Address Resolution Protocol (ARP) is used in mapping the users Internet Protocol (IP) address to their MAC address during validation process. The experimental results showed that the addition of the MAC address made the authentication process resistant to Dictionary Attack and Shoulder Surfing Attack