126 research outputs found
Accountable authentication with privacy protection: The Larch system for universal login
Credential compromise is hard to detect and hard to mitigate. To address this
problem, we present larch, an accountable authentication framework with strong
security and privacy properties. Larch protects user privacy while ensuring
that the larch log server correctly records every authentication. Specifically,
an attacker who compromises a user's device cannot authenticate without
creating evidence in the log, and the log cannot learn which web service
(relying party) the user is authenticating to. To enable fast adoption, larch
is backwards-compatible with relying parties that support FIDO2, TOTP, and
password-based login. Furthermore, larch does not degrade the security and
privacy a user already expects: the log server cannot authenticate on behalf of
a user, and larch does not allow relying parties to link a user across
accounts. We implement larch for FIDO2, TOTP, and password-based login. Given a
client with four cores and a log server with eight cores, an authentication
with larch takes 150ms for FIDO2, 91ms for TOTP, and 74ms for passwords
(excluding preprocessing, which takes 1.23s for TOTP).Comment: This is an extended version of a paper appearing at OSDI 202
Making information flow explicit in HiStar
HiStar is a new operating system designed to minimize the amount of code that must be trusted. HiStar provides strict information flow control, which allows users to specify precise data security policies without unduly limiting the structure of applications. HiStar's security features make it possible to implement a Unix-like environment with acceptable performance almost entirely in an untrusted user-level library. The system has no notion of superuser and no fully trusted code other than the kernel. HiStar's features permit several novel applications, including privacy-preserving, untrusted virus scanners and a dynamic Web server with only a few thousand lines of trusted code.National Science Foundation (U.S.) (Cybertrust Award CNS-0716806)National Science Foundation (U.S.) (Cybertrust/DARPA Grant CNS-0430425
Riggs: Decentralized Sealed-Bid Auctions
We introduce the first practical protocols for fully decentralized
sealed-bid auctions using timed commitments. Timed commitments
ensure that the auction is finalized fairly even if all participants drop
out after posting bids or if bidders collude to try to learn the
bidder’s bid value. Our protocols rely on a novel non-malleable
timed commitment scheme which efficiently supports range proofs
to establish that bidders have sufficient funds to cover a hidden
bid value. This allows us to penalize users who abandon bids for
exactly the bid value, while supporting simultaneous bidding in
multiple auctions with a shared collateral pool. Our protocols are
concretely efficient and we have implemented them in an Ethereum-
compatible smart contract which automatically enforces payment
and delivery of an auctioned digital asset
- …