Filters








22,309 Hits in 7.7 sec

Security Keys: Practical Cryptographic Second Factors for the Modern Web [chapter]

Juan Lang, Alexei Czeskis, Dirk Balfanz, Marius Schilder, Sampath Srinivas
2017 Lecture Notes in Computer Science  
The Security Key design has been standardized by the FIDO Alliance, an organization with more than 250 member companies spanning the industry.  ...  We show that Security Keys lead to both an increased level of security and user satisfaction by analyzing a two year deployment which began within Google and has extended to our consumer-facing web applications  ...  Acknowledgements Listing all of the people who have contributed to the design, implementation, and evaluation of Security Keys is virtually impossible.  ... 
doi:10.1007/978-3-662-54970-4_25 fatcat:dpt5nzidwjcg5lqjce2vmjot2y

Case study: online banking security

K.J. Hole, V. Moen, T. Tjostheim
2006 IEEE Security and Privacy  
Given the banks' security-by-obscurity policy, online customers knew little about security levels and falsely believed their assets were safe.  ...  A description of attack scenarios over a two-year period illustrates several key security issues with Internet banking systems in Norway.  ...  Security by obscurity These factors culminated in much of the bad security in Norwegian Internet banking systems during our study.  ... 
doi:10.1109/msp.2006.36 fatcat:z6eef7numbaqnhqd52tboiseqy

Multi-Factor Authentication (MFA) on a Blockchain-based Decentralised Trust Network With Customizable Challenges

Giorgi Sheklashvili
2020 Figshare  
Thus, if the attacker compromises one factor, it isnot valuable for the authentication without other factors because until allof the factors are not validated, the user cannot be authenticated.In this  ...  Furthermore, contextual information such as the time,location, and device model can be considered as an additional factor ofauthentication.  ...  Another open issue for future research is the usage of machine learning models for improving risk-based authentication.  ... 
doi:10.6084/m9.figshare.12578696 fatcat:o4v7bsj4djd5vgklibwepe7d7a

Comparing passwords, tokens, and biometrics for user authentication

L. O'Gorman
2003 Proceedings of the IEEE  
For decades, the password has been the standard means for user authentication on computers.  ...  This paper examines passwords, security tokens, and biometrics-which we collectively call authenticators-and compares these authenticators and their combinations.  ...  ACKNOWLEDGMENT The author would like to thank those who have made helpful comments on this work or drafts of this paper:  ... 
doi:10.1109/jproc.2003.819611 fatcat:k7xlaj4menhfjofidyr3fl7ixm

On the anonymity of two-factor authentication schemes for wireless sensor networks: Attacks, principle and solutions

Ding Wang, Ping Wang
2014 Computer Networks  
two-factor authentication schemes.  ...  In this work, we take an initial step to shed light on the rationale underlying this prominent issue. Firstly, we scrutinize two previously-thought sound schemes, namely Fan et al.'  ...  This research was partially supported by the National Natural Science Foundation of China (NSFC) under Grants Nos. 61170263 and 61170282.  ... 
doi:10.1016/j.comnet.2014.07.010 fatcat:bnjs3othbvc2rgaqwmeo3nwfka

Open Sesame: The Password Hashing Competition and Argon2 [article]

Jos Wetzels
2016 arXiv   pre-print
In this document we present an overview of the background to and goals of the Password Hashing Competition (PHC) as well as the design of its winner, Argon2, and its security requirements and properties  ...  Finally, it should be noted that password hashing schemes in general are no complete mitigation of problems intrinsically associated with passwords as an authentication mechanism.  ...  on a diceroll) and similar schemes [73] to solutions like Multi-Factor Authentication (MFA) where multiple tokens (eg. a password combined with a hardware-based token [74] or code sent over an out-of-band  ... 
arXiv:1602.03097v2 fatcat:cvsjzq4wifbp7kkcktsuiisy7a

A Brief Introduction to Usable Security

Bryan D. Payne, W. Keith Edwards
2008 IEEE Internet Computing  
Here, the authors examine research in this space, starting with a historical look at papers that address two consistent problems: user authentication and email encryption.  ...  Drawing from successes and failures within these areas, they study several security systems to determine how important design is to usable security.  ...  Here, we look at email encryption's history to see why usability is an important factor in this feature's acceptance. Privacy-Enhanced Mail.  ... 
doi:10.1109/mic.2008.50 fatcat:bhpgy4hfjbhbnk7d7ngprmxsei

Obstacles to the Adoption of Secure Communication Tools

Ruba Abu-Salma, M. Angela Sasse, Joseph Bonneau, Anastasia Danilova, Alena Naiakshina, Matthew Smith
2017 2017 IEEE Symposium on Security and Privacy (SP)  
We found that the adoption of secure communication tools is hindered by fragmented user bases and incompatible tools.  ...  The computer security community has advocated widespread adoption of secure communication tools to counter mass surveillance.  ...  This work is supported by a gift from Google. Joseph Bonneau is supported by a Secure Usability Fellowship from the Open Technology Fund and Simply Secure.  ... 
doi:10.1109/sp.2017.65 dblp:conf/sp/Abu-SalmaSBDN017 fatcat:d6avv4j6urbbjldnwaw77nsg44

Deploying authentication in the wild: towards greater ecological validity in security usability studies

Seb Aebischer, Claudio Dettoni, Graeme Jenkinson, Kat Krol, David Llewellyn-Jones, Toshiyuki Masui, Frank Stajano
2020 Journal of Cybersecurity  
We evaluate Pico's claim with two deployments and user studies, one on a web-based service and another within an organization.  ...  Pico is a token-based login method that claims to be simultaneously more usable and more secure than passwords. It does not ask users to remember any secrets, nor to type one-time passwords.  ...  The Gyazo pilot study was originally written up as a workshop paper by the same authors [9] and praised by the referees for its emphasis on ecological validity.  ... 
doi:10.1093/cybsec/tyaa010 fatcat:buiytsxuqbdbxdjy6m6q6j5nkm

Isn't that Fantabulous

Andrew M. White, Katherine Shaw, Fabian Monrose, Elliott Moreton
2014 Proceedings of the 2014 workshop on New Security Paradigms Workshop - NSPW '14  
Over the past few decades, passwords as a means of user authentication have been consistently criticized by users and security analysts alike.  ...  We argue that pronounceable authentication strings can lead to both improved system security and a decreased burden on users.  ...  Natural Second Factors. There are at least two natural second factors for pronounceable-password-based authentication mechanisms.  ... 
doi:10.1145/2683467.2683470 dblp:conf/nspw/0002SMM14 fatcat:jtzenrnkg5fptf4hym3vgsmtuq

Is This Really You? An Empirical Study on Risk-Based Authentication Applied in the Wild [chapter]

Stephan Wiefling, Luigi Lo Iacono, Markus Dürmuth
2019 IFIP Advances in Information and Communication Technology  
Risk-based authentication (RBA) is an adaptive security measure to strengthen password-based authentication.  ...  RBA monitors additional implicit features during password entry such as device or geolocation information, and requests additional authentication factors if a certain risk level is detected.  ...  Acknowledgement This research was supported by the research training group "Human Centered Systems Security" (NERD.NRW) sponsored by the state of North-Rhine Westphalia.  ... 
doi:10.1007/978-3-030-22312-0_10 fatcat:n4ghfgvhezhcph4mobx4dhxrue

Self-identified experts lost on the interwebs

Timothy Kelley, L. Jean Camp, Suzanne Lien, Douglas Stebila
2012 Proceedings of the 2012 Workshop on Learning from Authoritative Security Experiment Results - LASER '12  
We also discuss recruitment and how our design will address the inherent uncertainties in recruitment, as opposed to design for an ideal population.  ...  Some of these modifications are generalizable, together they will allow us to run a larger 2x2 study, rather than a study of only experts using two different single sign-on systems.  ...  METHODOLOGY Our study was designed to expand on previous security usability research by providing an explicit study of computer experts to ascertain to what extent they utilize web browser security cues  ... 
doi:10.1145/2379616.2379623 fatcat:yycgvi26vraqpdxnawgttqlbtm

Increasing Trustworthiness of Face Authentication in Mobile Devices by Modeling Gesture Behavior and Location Using Neural Networks

Blerim Rexha, Gresa Shala, Valon Xhafa
2018 Future Internet  
Face authentication is one of the promising biometrics-based user authentication mechanisms that has been widely available in this era of mobile computing.  ...  In most current implementations, a sufficiently high-resolution face image displayed on another mobile device will be enough to circumvent security measures and bypass the authentication process.  ...  It is a visual pattern recognition problem, where the face, being a three-dimensional object which is subject to lighting variations, pose variation and other factors, should be identified based on acquired  ... 
doi:10.3390/fi10020017 fatcat:g4quvsud6fffrflulxze23hvre

RatBot: Anti-enumeration Peer-to-Peer Botnets [chapter]

Guanhua Yan, Songqing Chen, Stephan Eidenbenz
2011 Lecture Notes in Computer Science  
As evidenced by the recent botnet turf war between SpyEye and Zeus, the cyber space has been witnessing an increasing number of battles or wars involving botnets among different groups, organizations,  ...  To study the practical feasibility of RatBot, we implement it based on KAD, and use large-scale high-fidelity simulation to quantify the estimation errors under diverse settings.  ...  How does the server decide whether a bot should be an obscure bot?  ... 
doi:10.1007/978-3-642-24861-0_10 fatcat:yl4fyispcbegthhjxdsvblwig4

Security for Industrial Communication Systems

D. Dzung, M. Naedele, T.P. Von Hoff, M. Crevatin
2005 Proceedings of the IEEE  
This paper gives an overview of IT security issues in industrial automation systems which are based on open communication systems.  ...  Modern industrial communication networks are increasingly based on open protocols and platforms that are also used in the office IT and Internet environment.  ...  The "legacy" automation systems currently in operation were designed based on the assumption that the system is isolated, and relied on "security by obscurity."  ... 
doi:10.1109/jproc.2005.849714 fatcat:vraut4ipqffp7kocvwdsen2pqa
« Previous Showing results 1 — 15 out of 22,309 results