8,551 research outputs found
Authentication under Constraints
Authentication has become a critical step to gain access to services such as on-line banking, e-commerce, transport systems and cars (contact-less keys). In several cases, however, the authentication process has to be performed under challenging conditions. This thesis is essentially a compendium of five papers which are the result of a two-year study on authentication in constrained settings. The two major constraints considered in this work are: (1) the noise and (2) the computational power. For what concerns authentication under noisy conditions, Paper A and Paper B ad- dress the case in which the noise is in the authentication credentials. More precisely, the aforementioned papers present attacks against biometric authentication systems, that exploit the inherent variant nature of biometric traits to gain information that should not be leaked by the system. Paper C and Paper D study proximity- based authentication, i.e., distance-bounding protocols. In this case, both of the constraints are present: the possible presence of noise in the channel (which affects communication and thus the authentication process), as well as resource constraints on the computational power and the storage space of the authenticating party (called the prover, e.g., an RFID tag). Finally, Paper E investigates how to achieve reliable verification of the authenticity of a digital signature, when the verifying party has limited computational power, and thus offloads part of the computations to an untrusted server. Throughout the presented research work, a special emphasis is given to privacy concerns risen by the constrained conditions
A Novel Consumer-Centric Card Management Architecture and Potential Security Issues
International audienceMulti-application smart card technology has gained momentum due to the Near Field Communication (NFC) and smart phone revolution. Enabling multiple applications from different application providers on a single smart card is not a new concept. Multi-application smart cards have been around since the late 1990s; however, uptake was severely limited. NFC has recently reinvigorated the multi-application initiative and this time around a number of innovative deployment models are proposed. Such models include Trusted Service Manager (TSM), User Centric Smart Card Ownership Model (UCOM) and GlobalPlatform Consumer-Centric Model (GP-CCM). In this paper, we discuss two of the most widely accepted and deployed smart card management architectures in the smart card industry: GlobalPlatform and Multos. We explain how these architectures do not fully comply with the UCOM and GP-CCM. We then describe our novel flexible consumer-centric card management architecture designed specifically for the UCOM and GP-CCM frameworks, along with ways of integrating the TSM model into the proposed card management architecture. Finally, we discuss four new security issues inherent to any architecture in this context along with the countermeasures for our proposed architecture
Security Through Amnesia: A Software-Based Solution to the Cold Boot Attack on Disk Encryption
Disk encryption has become an important security measure for a multitude of
clients, including governments, corporations, activists, security-conscious
professionals, and privacy-conscious individuals. Unfortunately, recent
research has discovered an effective side channel attack against any disk
mounted by a running machine\cite{princetonattack}. This attack, known as the
cold boot attack, is effective against any mounted volume using
state-of-the-art disk encryption, is relatively simple to perform for an
attacker with even rudimentary technical knowledge and training, and is
applicable to exactly the scenario against which disk encryption is primarily
supposed to defend: an adversary with physical access. To our knowledge, no
effective software-based countermeasure to this attack supporting multiple
encryption keys has yet been articulated in the literature. Moreover, since no
proposed solution has been implemented in publicly available software, all
general-purpose machines using disk encryption remain vulnerable. We present
Loop-Amnesia, a kernel-based disk encryption mechanism implementing a novel
technique to eliminate vulnerability to the cold boot attack. We offer
theoretical justification of Loop-Amnesia's invulnerability to the attack,
verify that our implementation is not vulnerable in practice, and present
measurements showing our impact on I/O accesses to the encrypted disk is
limited to a slowdown of approximately 2x. Loop-Amnesia is written for x86-64,
but our technique is applicable to other register-based architectures. We base
our work on loop-AES, a state-of-the-art open source disk encryption package
for Linux.Comment: 13 pages, 4 figure
An embodied belonging
Until the publication of the DSM-V in 2013, amenorrhea was one of the four criteria that comprised anorexia nervosa. Diagnostically, amenorrhea played a definitional role, dividing the ‘strictly’ anorexic from their ‘subthreshold’, menstruating peers; however, the implications that menstrual cessation, and menstruation itself, held for the lived realities and identities of women with anorexia remain under-explored. In this article, I examine the positioning of menstruation and amenorrhea in the narratives of Israeli women diagnosed with eating disorders during the eras of the DSM-IV and DSM-IV-TR. I find that the participants’ narrative uses of amenorrhea mirrored, and at times explicitly engaged with, the official diagnosis of anorexia nervosa. Notably, although the participants invoked amenorrhea as a defining sign of illness, they did not cast menstruation as a sign of health rather, they spoke of their menstrual periods as contradicting their anorexic-identified selves. Amenorrhea, then, emerged as central in the embodied making of anorexic subjectivities
ZETA - Zero-Trust Authentication: Relying on Innate Human Ability, not Technology
Reliable authentication requires the devices and
channels involved in the process to be trustworthy; otherwise
authentication secrets can easily be compromised. Given the
unceasing efforts of attackers worldwide such trustworthiness
is increasingly not a given. A variety of technical solutions,
such as utilising multiple devices/channels and verification
protocols, has the potential to mitigate the threat of untrusted
communications to a certain extent. Yet such technical solutions
make two assumptions: (1) users have access to multiple
devices and (2) attackers will not resort to hacking the human,
using social engineering techniques. In this paper, we propose
and explore the potential of using human-based computation
instead of solely technical solutions to mitigate the threat of
untrusted devices and channels. ZeTA (Zero Trust Authentication
on untrusted channels) has the potential to allow people to
authenticate despite compromised channels or communications
and easily observed usage. Our contributions are threefold:
(1) We propose the ZeTA protocol with a formal definition
and security analysis that utilises semantics and human-based
computation to ameliorate the problem of untrusted devices
and channels. (2) We outline a security analysis to assess
the envisaged performance of the proposed authentication
protocol. (3) We report on a usability study that explores the
viability of relying on human computation in this context
- …