Results 1 - 10
of
212
Authenticated Key Exchange Secure Against Dictionary Attacks
, 2000
"... Password-based protocols for authenticated key exchange (AKE) are designed to work despite the use of passwords drawn from a space so small that an adversary might well enumerate, off line, all possible passwords. While several such protocols have been suggested, the underlying theory has been laggi ..."
Abstract
-
Cited by 402 (35 self)
- Add to MetaCart
Password-based protocols for authenticated key exchange (AKE) are designed to work despite the use of passwords drawn from a space so small that an adversary might well enumerate, off line, all possible passwords. While several such protocols have been suggested, the underlying theory has been lagging. We begin by defining a model for this problem, one rich enough to deal with password guessing, forward secrecy, server compromise, and loss of session keys. The one model can be used to define various goals. We take AKE (with "implicit" authentication) as the "basic" goal, and we give definitions for it, and for entity-authentication goals as well. Then we prove correctness for the idea at the center of the Encrypted Key-Exchange (EKE) protocol of Bellovin and Merritt: we prove security, in an ideal-cipher model, of the two-flow protocol at the core of EKE.
Separating key management from file system security
, 1999
"... No secure network file system has ever grown to span the In-ternet. Existing systems all lack adequate key management for security at a global scale. Given the diversity of the In-ternet, any particular mechanism a file system employs to manage keys will fail to support many types of use. We propose ..."
Abstract
-
Cited by 229 (28 self)
- Add to MetaCart
(Show Context)
No secure network file system has ever grown to span the In-ternet. Existing systems all lack adequate key management for security at a global scale. Given the diversity of the In-ternet, any particular mechanism a file system employs to manage keys will fail to support many types of use. We propose separating key management from file system security, letting the world share a single global file system no matter how individuals manage keys. We present SFS, a se-cure file system that avoids internal key management. While other file systems need key management to map file names to encryption keys, SFS file names effectively contain public keys, making them self-certifying pathnames. Key manage-ment in SFS occurs outside of the file system, in whatever procedure users choose to generate file names. Self-certifying pathnames free SFS clients from any notion of administrative realm, making inter-realm file sharing triv-ial. They let users authenticate servers through a number of different techniques. The file namespace doubles as a key certification namespace, so that people can realize many key management schemes using only standard file utilities. Fi-nally, with self-certifying pathnames, people can bootstrap one key management mechanism using another. These prop-erties make SFS more versatile than any file system with built-in key management.
Seeing-is-believing: Using camera phones for human-verifiable authentication
- In IEEE Symposium on Security and Privacy
, 2005
"... Current mechanisms for authenticating communication between devices that share no prior context are inconvenient for ordinary users, without the assistance of a trusted authority. We present and analyze Seeing-Is-Believing, a system that utilizes 2D barcodes and cameraphones to implement a visual ch ..."
Abstract
-
Cited by 204 (19 self)
- Add to MetaCart
(Show Context)
Current mechanisms for authenticating communication between devices that share no prior context are inconvenient for ordinary users, without the assistance of a trusted authority. We present and analyze Seeing-Is-Believing, a system that utilizes 2D barcodes and cameraphones to implement a visual channel for authentication and demonstrative identification of devices. We apply this visual channel to several problems in computer security, including authenticated key exchange between devices that share no prior context, establishment of a trusted path for configuration of a TCG-compliant computing platform, and secure device configuration in the context of a smart home. 1.
The Battle Against Phishing: Dynamic Security Skins
- IN SOUPS ’05: PROCEEDINGS OF THE 2005 SYMPOSIUM ON USABLE PRIVACY AND SECURITY
, 2005
"... Phishing is a model problem for illustrating usability concerns of privacy and security because both system designers and attackers battle using user interfaces to guide (or misguide) users. We propose a new scheme, Dynamic Security Skins, that allows a remote web server to prove its identity in a w ..."
Abstract
-
Cited by 202 (7 self)
- Add to MetaCart
Phishing is a model problem for illustrating usability concerns of privacy and security because both system designers and attackers battle using user interfaces to guide (or misguide) users. We propose a new scheme, Dynamic Security Skins, that allows a remote web server to prove its identity in a way that is easy for a human user to verify and hard for an attacker to spoof. We describe the design of an extension to the Mozilla Firefox browser that implements this scheme. We present two novel interaction techniques to prevent spoofing. First, our browser extension provides a trusted window in the browser dedicated to username and password entry. We use a photographic image to create a trusted path between the user and this window to prevent spoofing of the window and of the text entry fields. Second, our scheme allows the remote server to generate a unique abstract image for each user and each transaction. This image creates a “skin ” that automatically customizes the browser window or the user interface elements in the content of a remote web page. Our extension allows the user’s browser to independently compute the image that it expects to receive from the server. To authenticate content from the server, the user can visually verify that the images match. We contrast our work with existing anti-phishing proposals. In contrast to other proposals, our scheme places a very low burden on the user in terms of effort, memory and time. To authenticate himself, the user has to recognize only one image and remember one low entropy password, no matter how many servers he wishes to interact with. To authenticate content from an authenticated server, the user only needs to perform one visual matching operation to compare two images. Furthermore, it places a high burden of effort on an attacker to spoof customized security indicators.
Public-Key Cryptography and Password Protocols
- ACM Transactions on Information and System Security
, 1999
"... We study protocols for strong authentication and key exchange in asymmetric scenarios where the authentication server possesses a pair of private and public keys while the client has only a weak human-memorizable password as its authentication key. We present and analyze several simple password p ..."
Abstract
-
Cited by 138 (6 self)
- Add to MetaCart
(Show Context)
We study protocols for strong authentication and key exchange in asymmetric scenarios where the authentication server possesses a pair of private and public keys while the client has only a weak human-memorizable password as its authentication key. We present and analyze several simple password protocols in this scenario, and show that the security of these protocols can be formally proven based on standard cryptographic assumptions. Remarkably, our analysis shows optimal resistance to off-line password guessing attacks under the choice of suitable public key encryption functions. In addition to user authentication, we enhance our protocols to provide two-way authentication, authenticated key exchange, defense against server's compromise, and user anonymity. We complement these results with a proof that public key techniques are unavoidable for password protocols that resist off-line guessing attacks. As a further contribution, we introduce the notion of public passwords that...
Key Agreement in Ad-hoc Networks
- Computer Communications
, 1999
"... We encounter new types of security problems in ad-hoc networks because such networks have little or no support infrastructure. In this paper we consider one such problem: A group of people in a meeting room do not have access to public key infrastructure or third party key management service, and th ..."
Abstract
-
Cited by 125 (0 self)
- Add to MetaCart
We encounter new types of security problems in ad-hoc networks because such networks have little or no support infrastructure. In this paper we consider one such problem: A group of people in a meeting room do not have access to public key infrastructure or third party key management service, and they do not share any other prior electronic context. How can they set up a secure session among their computers? We examine various alternatives and propose new protocols for password-based multi-party key agreement in this scenario. Our protocols may be applicable in other scenarios, too. We also present a fault-tolerant version of a multiparty Die-Hellman key agreement protocol which can be of independent interest. Keywords: ad-hoc network, key agreement, password authentication. 1 Introduction 1.1 A new key agreement scenario Consider a small group of people at a conference coming together in a room for an ad-hoc meeting. They would like to set up a wireless network session among their ...
Loud and clear: Human-verifiable authentication based on audio
- In ICDCS ’06: Proceedings of the 26th IEEE International Conference on Distributed Computing Systems
, 2006
"... Authentication of communication channels between devices that lack any previous association is an challenging problem. It has been considered in many contexts and in various flavors, most recently, by McCune et al., where human-assisted device authentication is achieved through the use of photo came ..."
Abstract
-
Cited by 118 (6 self)
- Add to MetaCart
(Show Context)
Authentication of communication channels between devices that lack any previous association is an challenging problem. It has been considered in many contexts and in various flavors, most recently, by McCune et al., where human-assisted device authentication is achieved through the use of photo cameras (present in some cellphones) and 2-dimensional barcodes. Their proposed Seeing-is-Believing system allows users with devices equipped with cameras to use the visual channel for authentication of unfamiliar devices, so as to defeat man-inthe-middle attacks. In this paper, we investigate an alternative and complementary approach—the use of the audio channel for humanassisted authentication of previously un-associated devices. Our motivation is three-fold: (1) many personal devices are not equipped with cameras or scanners, (2) some human users are visually impaired (hence, cannot be in the authentication pipeline of a vision-based system), and (3) some usage scenarios preclude either taking a sufficiently clear picture and/or the use of barcodes. We develop and evaluate a system we call Loud-and-Clear (L&C) authentication, which, like Seeing-is-Believing, places little demand on the human user. The L&C system is based on the use of a text-to-speech engine to read an auditoriallyrobust, grammatically-correct pass-phrase derived from an authentication string that is to be used by peer devices. In particular, by coupling the auditory reading of the one-way hash of an authentication string on one device with the display of of this text on another device, we demonstrate that L&C is suitable for secure device pairing (e.g., key exchange) and similar tasks. We also describe several use cases, as well as provide some performance data for a prototype implementation and a discussion of the security properties of L&C. 1
Helios: Web-based open-audit voting
- In Proceedings of the 17th USENIX Security Symposium (Security ’08
, 2008
"... Voting with cryptographic auditing, sometimes called open-audit voting, has remained, for the most part, a theoretical endeavor. In spite of dozens of fascinating protocols and recent ground-breaking advances in the field, there exist only a handful of specialized implementations that few people hav ..."
Abstract
-
Cited by 116 (2 self)
- Add to MetaCart
(Show Context)
Voting with cryptographic auditing, sometimes called open-audit voting, has remained, for the most part, a theoretical endeavor. In spite of dozens of fascinating protocols and recent ground-breaking advances in the field, there exist only a handful of specialized implementations that few people have experienced directly. As a result, the benefits of cryptographically audited elections have remained elusive. We present Helios, the first web-based, open-audit voting system. Helios is publicly accessible today: anyone can create and run an election, and any willing observer can audit the entire process. Helios is ideal for online software communities, local clubs, student government, and other environments where trustworthy, secretballot elections are required but coercion is not a serious concern. With Helios, we hope to expose many to the power of open-audit elections. 1
Guidelines for Writing RFC Text on Security Considerations
- BCP 72, RFC 3552
, 2003
"... This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet ..."
Abstract
-
Cited by 104 (2 self)
- Add to MetaCart
This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as ‘‘work in progress.’’ To learn the current status of any Internet-Draft, please check the ‘‘1id-abstracts.txt’ ’ listing contained in the Internet-Drafts Shadow Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe), munnari.oz.au (Pacific Rim), ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast). All RFCs are required to have a Security Considerations section. Historically, such sections have been relatively weak. This document provides guidelines to RFC authors on how to write a good Security Considerations section. 1.
ALARM-NET: Wireless sensor networks for assisted-living and residential monitoring
, 2006
"... We describe ALARM-NET, a wireless sensor network for assisted-living and residential monitoring. It integrates environmental and physiological sensors in a scalable, heterogeneous architecture. A query protocol allows real-time collection and processing of sensor data by user interfaces and back-end ..."
Abstract
-
Cited by 98 (6 self)
- Add to MetaCart
(Show Context)
We describe ALARM-NET, a wireless sensor network for assisted-living and residential monitoring. It integrates environmental and physiological sensors in a scalable, heterogeneous architecture. A query protocol allows real-time collection and processing of sensor data by user interfaces and back-end analysis programs. One such program determines circadian activity rhythms of residents, feeding activity information back into the sensor network to aid context-aware power management, dynamic privacy policies, and data association. Communication is secured end-to-end to protect sensitive medical and operational information. The ALARM-NET system has been implemented as a network of MICAz sensors, stargate gateways, iPAQ PDAs, and PCs. Customized infrared motion and dust sensors, and integrated temperature, light, pulse, and blood oxygenation sensors are present. Software components include: TinyOS query processor and security modules for motes; AlarmGate, an embedded Java application for managing power, privacy, security, queries, and client connections; Java resident monitoring and sensor data querying applications for PDAs and PCs; and a circadian activity rhythm analysis program. We show the correctness, robustness, and extensibility of the system architecture through a scenario-based evaluation of the integrated ALARM-NET system, as well as performance data for individual software components. 1
