1 / 1

Users log in to unsafe environments – like Blitz (email) terminals – every day.

TwoKind Authentication: Usable Authenticators for Untrustworthy Environments Katelin Bailey, Linden Vongsathorn, Apu Kapadia, Chris Masone, Sean W. Smith Department of Computer Science Dartmouth College, USA. TWOKIND AUTHENTICATION. MOTIVATION. Study Map

bevan
Télécharger la présentation

Users log in to unsafe environments – like Blitz (email) terminals – every day.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TwoKind Authentication: Usable Authenticators for Untrustworthy EnvironmentsKatelin Bailey, Linden Vongsathorn, Apu Kapadia, Chris Masone, Sean W. Smith Department of Computer ScienceDartmouth College, USA TWOKIND AUTHENTICATION MOTIVATION Study Map Users are presented with tasks to complete, in safe and unsafe environments. They can log in with their low or high privilege passwords, or skip the task. • Instead of having one password (or autentication token), which gives you access to all of your data, we propose having two passwords (or tokens): • One high-privilegepassword, which acts like current passwords. • One low-privilegepassword, which allows limited actions: for example, if you log into a bank account with this password, you can view your balance, but cannot transfer funds. • Users can log in with their low-privilege password in an unsafe environment. If an adversary steals this password, she cannot cause any permanent damage because the password does not have high privileges. Identity theft, credit card fraud, and phishing have become major problems on the internet. Sometimes this happens when users unknowingly log on to unsafe computers: potentially giving away personal information. We propose to reduce this problem by creating a second password with which users can log into internet accounts, reducing the amount of damage if their session is compromised. INTERNET DANGERS PLANNED USER STUDY The user study is modeled as a Facebook-like application. Users are given a choice of logging in with their high-privilege password or their low-privilege password. We hope users will identify situations where they can use their low-privilege password instead of their high-privilege password, therefore reducing the damage an adversary can cause. If users do this within the context of our study, this shows that having two levels of authentication is a usable authentication mechanism in untrustworthy environments. Users log in to unsafe environments – like Blitz (email) terminals – every day. There are many ways in which an adversary, Eve, can steal your information, but the most common include: Shoulder Surfing Eve looks over your shoulder as you are typing and records your passwords. Keylogging Eve runs a program on the computer you are using that records all the words you type. ACKNOWLEDGMENTS Man in the Middle Eve is in cyberspace and sits in between you and an internet site. Eve gets all of the information that is passed between you and the website. We would like to thank Sara Sinclair, Denise Anthony, and Peter Gutmann for their helpful comments. This research was supported in part by the NSF, under Grant CNS-0448499, the Bureau of Justice Assistance, under grant 2005-DD-BX-1091, and the Women in Science Project at Dartmouth College. The views and conclusions do not necessarily reflect the views of the sponsors.

More Related