3,969 Hits in 9.1 sec

On the Usability of Authenticity Checks for Hardware Security Tokens

Katharina Pfeffer, Alexandra Mai, Adrian Dabrowski, Matthias Gusenbauer, Philipp Schindler, Edgar R. Weippl, Michael Franz, Katharina Krombholz
2021 USENIX Security Symposium  
However, recently reported attacks on such tokens suggest that users cannot take the security guarantees of their HSTs for granted, even despite widely deployed authenticity checks.  ...  The final responsibility to verify whether a newly purchased hardware security token (HST) is authentic and unmodified lies with the end user.  ...  SBA Research (SBA-K1) is a COMET Centre within the framework of COMET -Competence Centers for Excellent Technologies Programme and funded by BMK, BMDW, and the province of Vienna.  ... 
dblp:conf/uss/PfefferMDGSWFK21 fatcat:pcxmvlsufng7hnkz3nuwiu7nra

"`They brought in the horrible key ring thing!" Analysing the Usability of Two-Factor Authentication in UK Online Banking [article]

Kat Krol and Eleni Philippou and Emiliano De Cristofaro and M. Angela Sasse
2015 arXiv   pre-print
Key targets for improvements are (i) the reduction in the number of authentication steps, and (ii) removing features that do not add any security but negatively affect the user experience.  ...  Our participants reported a wide range of usability issues, especially with the use of hardware tokens, showing that the mental and physical workload involved shapes how they use online banking.  ...  Kat Krol's work was supported by an EPSRC grant to the Security Science Doctoral Training Centre (grant no: EP/G037264/1).  ... 
arXiv:1501.04434v1 fatcat:7wpuenuhefbb7ho3yn53lbwufu


Ximing Liu, Yingjiu Li, Robert H. Deng
2018 Proceedings of the 34th Annual Computer Security Applications Conference on - ACSAC '18  
During the second-factor authentication procedure, it requires a user to type any random code on a login computer and authenticates the user by comparing the keystroke timing sequence of the random code  ...  To address these problems, we propose Typing-Proof, a usable, secure and low-cost two-factor authentication mechanism.  ...  A one-time code displayed on the hardware token should be submitted by the user to a server for user authentication.  ... 
doi:10.1145/3274694.3274699 dblp:conf/acsac/LiuLD18 fatcat:4gukvabjubeqlfdxegiygbyhti

The case for transient authentication

Brian D. Noble, Mark D. Corner
2002 Proceedings of the 10th workshop on ACM SIGOPS European workshop: beyond the PC - EW10  
In this model, a user wears a small hardware token that authenticates the user to other devices over a short-range, wireless link.  ...  This paper presents the four principles of transient authentication, our experience applying the model to a cryptographic file system, and our plans for extending the model to other services and applications  ...  The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the  ... 
doi:10.1145/1133373.1133377 dblp:conf/sigopsE/NobleC02 fatcat:r3ysgumcpzfbhhj6ryzpooyy3i

hPIN/hTAN: A Lightweight and Low-Cost E-Banking Solution against Untrusted Computers [chapter]

Shujun Li, Ahmad-Reza Sadeghi, Sören Heisrath, Roland Schmitz, Junaid Jameel Ahmad
2012 Lecture Notes in Computer Science  
The security is guaranteed by the user-computer-token interface and two underlying security protocols for user/server/transaction authentication.  ...  The core of hPIN/hTAN is a secure and easy user-computer-token interface.  ...  Walter Kriha of the Stuttgart Media University for valuable discussions and comments on an early draft of the paper.  ... 
doi:10.1007/978-3-642-27576-0_19 fatcat:af5s3t46gbe63bcmjmpf4eizti

A Comparative Usability Study of Two-Factor Authentication [article]

Emiliano De Cristofaro and Honglu Du and Julien Freudiger and Greg Norcie
2014 arXiv   pre-print
We then present the results of a quantitative study based on a survey completed by 219 Mechanical Turk users, aiming to measure the usability of three popular 2F solutions: codes generated by security  ...  Two-factor authentication (2F) aims to enhance resilience of password-based authentication by requiring users to provide an additional authentication factor, e.g., a code generated by a security token.  ...  Authentication factors are usually of three kinds: 1) Knowledge -something the user knows, e.g., a password; 2) Possession -something the user has, e.g., a security token (also known as hardware token)  ... 
arXiv:1309.5344v2 fatcat:wkybgmxxjfhezgz5sfm2n3gx2e

A Tokenization-Based Communication Architecture for HCE-Enabled NFC Services

Busra Ozdenizci, Kerem Ok, Vedat Coskun
2016 Mobile Information Systems  
We further evaluate the usability aspect in terms of an authentication scheme.  ...  NFC Smartphone users can store, manage, and make use of their sensitive data on the Cloud for NFC services; Service Providers can also provide diverse card emulation NFC services easily through the proposed  ...  Acknowledgments This work is funded by KocSistem Information and Communication Services Inc. and Turkish Ministry of Science, Industry and Technology under SAN-TEZ Project no. 0726.STZ.2014.  ... 
doi:10.1155/2016/5046284 fatcat:p4wdnpu6qbh4nj4f5pdcvq7b5m

Alternative Graphical Authentication for Online Banking Environments

Hussain Alsaiari, Maria Papadaki, Paul Dowland, Steven Furnell
2014 International Symposium on Human Aspects of Information Security and Assurance  
The use of a hardware security token to generate the required OTP has been widespread.  ...  Despite the fact that this method provides a fairly high level of security, many systems have not taken into consideration the need for a secure alternative login method whenever the hardware token is  ...  Therefore, the need for a secure, usable secondary authentication method to play an alternative role alongside the primary hardware-based OTP scheme has emerged in cases where the hardware token is unavailable  ... 
dblp:conf/haisa/AlsaiariPDF14 fatcat:khqpxo2cr5atvctxv4xilnbawy

How Not to Handle Keys: Timing Attacks on FIDO Authenticator Privacy [article]

Michal Kepkowski, Lucjan Hanzlik, Ian Wood, Mohamed Ali Kaafar
2022 arXiv   pre-print
FIDO2 is a new standard specified by the FIDO industry alliance for secure token online authentication.  ...  This vulnerability cannot be easily mitigated on authenticators because, for security reasons, they usually do not allow firmware updates.  ...  [45] shed light on the usability of authenticity checks in the case of physical tokens. Florian et al. [46] present a usability study of FIDO2 authentication in a small company.  ... 
arXiv:2205.08071v1 fatcat:qmh56zxt3vgjzb2gubo6hl6si4

Mobile Applications for Public Sector: Balancing Usability and Security

Yurij Natchetoi, Konstantin Beznosov, Viktor Kaufman
2009 Zenodo  
We address these challenges by means of a novel approach to authentication and gradual multi-factor authorization for access to sensitive data.  ...  Development of mobile software applications for use in specific domains such as Public Security must conform to stringent security requirements.  ...  For initial login, user only needs the Bluetooth security token, the most convenient and usable factor. It provides basic level of security.  ... 
doi:10.5281/zenodo.3264356 fatcat:jallsfkkardcjbzwfkiyfquuzq

One User, Many Hats; and, Sometimes, No Hat: Towards a Secure Yet Usable PDA [chapter]

Frank Stajano
2006 Lecture Notes in Computer Science  
the usability penalty of authentication in such cases?  ...  We then expose another aspect of the security vs. usability problem.  ...  Token The PDA could verify that it is being held by its owner by checking for the proximity of a token held by the owner, for example a special microchip embedded in a ring or in the strap of a wristwatch  ... 
doi:10.1007/11861386_6 fatcat:mruvdrebyzejrb4dmnwvcfpbvy

Balancing Security and Usability of Local Security Mechanisms for Mobile Devices [chapter]

Shuzhe Yang, Gökhan Bal
2012 IFIP Advances in Information and Communication Technology  
Current mobile platforms either lack the required protection mechanisms or the implementations lack a balance between the level of security and usability.  ...  In order to fill this gap, we propose a design for a local security mechanism for mobile devices by using an reasonable combination of existing technologies.  ...  When the user departs, the token and device lose contact and the device secures itself. The main drawback of this multi-factor authentication approach is the dependence on a second device.  ... 
doi:10.1007/978-3-642-30436-1_27 fatcat:kyhvwx7noje5hawajuwaeqbosa

Smart keys for cyber-cars

Christoph Busold, Ahmed Taha, Christian Wachsmann, Alexandra Dmitrienko, Hervé Seudié, Majid Sobhani, Ahmad-Reza Sadeghi
2013 Proceedings of the third ACM conference on Data and application security and privacy - CODASPY '13  
We present the first open security framework for secure smartphone-based immobilizers.  ...  Our generic security architecture protects the electronic access tokens on the smartphone and provides advanced features such as context-aware access policies, remote issuing and revocation of access rights  ...  SECURE HARDWARE In the following, we analyze the features of the available security hardware for smartphones and discuss which of them are most appropriate for the realization of a secure smartphone-based  ... 
doi:10.1145/2435349.2435382 dblp:conf/codaspy/BusoldTWDSSS13 fatcat:voqekmljrbc5hg53pkmdvfrycq

Usability and Security An Appraisal of Usability Issues in Information Security Methods

E.Eugene Schultz, Robert W Proctor, Mei-Ching Lien, Gavriel Salvendy
2001 Computers & security  
The intent is to make a strong case for the need for systematic usability analyses and for the development of usability metrics for information security.  ...  Despite the apparent influence of usability, surprisingly little research has been conducted on the trade-off between usability and the degree of security provided by various information security methods  ...  codes stored on separate systems), both for the hardware and for the security administrator.  ... 
doi:10.1016/s0167-4048(01)00712-x fatcat:u7auhmubd5eddbzgtrljrnd47i

Protecting applications with transient authentication

Mark D. Corner, Brian D. Noble
2003 Proceedings of the 1st international conference on Mobile systems, applications and services - MobiSys '03  
We solve this problem with Transient Authentication, in which a small hardware token continuously authenticates the user's presence over a short-range, wireless link.  ...  We present the four principles underlying Transient Authentication, and describe two techniques for securing applications.  ...  The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the  ... 
doi:10.1145/1066116.1066117 fatcat:57tn6pfll5gztktuozzqq4ywsu
« Previous Showing results 1 — 15 out of 3,969 results