Pico: No More Passwords!

Abstract. From a usability viewpoint, passwords and PINs have reached the end of their useful life. Even though they are convenient for implementers, for users they are increasingly unmanageable. The demands placed on users (passwords that are unguessable, all different, regularly changed and never written down) are no longer reasonable now that each person has to manage dozens of passwords. Yet we can’t abandon passwords until we come up with an alternative method of user authentication that is both usable and secure. We present an alternative design based on a hardware token called Pico that relieves the user from having to remember passwords and PINs. Unlike most alternatives, Pico doesn’t merely address the case of web passwords: it also applies to all the other contexts in which users must at present remember passwords, passphrases and PINs. Besides relieving the user from memorization efforts, the Pico solution scales to thousands of credentials, provides “continuous authentication ” and is resistant to brute force guessing, dictionary attacks, phishing and keylogging. 1 Why users are right to be fed up Remembering an unguessable and un-brute-force-able password was a manageable task twenty or thirty years ago, when each of us had to use only one or two. Since then, though, two trends in computing have made this endeavour much harder. First, computing power has grown by several orders of magnitude: once upon a time, eight characters were considered safe from brute force 1; nowadays, passwords that are truly safe from brute force and from advanced guessing attacks 2 typically exceed the ability of ordinary users to remember them 3 4. Second, and most important, the number of computer-based services with which It’s OK to skip all these gazillions of footnotes

Relay-proof channels using UWB lasers

Alice is a hand-held device. Bob is a device providing a service, such as an ATM, an automatic door, or an anti-aircraft gun pointing at the gyro-copter in which Alice is travelling. Bob and Alice have never met, but share a key, which Alice uses to request a service from Bob (dispense cash, open door, don't shoot). Mort pretends to Bob that she is Alice, and her accomplice Cove pretends to Alice that he is Bob. Mort and Cove relay the appropriate challenges and responses to one another over a channel hidden from Alice and Bob. Meanwhile Alice waits impatiently in front of a different ATM, or the wrong door, or another gun. How can such an attack be prevented?Final Accepted Versio

Responsibility and Tangible Security: Towards a Theory of User Acceptance of Security Tokens

This is the author accepted manuscript. It is currently under an indefinite embargo pending publication by the Internet Society.Security and usability issues with passwords suggest a need for a new authentication scheme. Several alternatives involve a physical device or token. We investigate one such alternative, Pico: an authentication scheme that utilizes multiple wearable devices. We present the grounded theory results of a series of semi-structured interviews for exploring perceptions of this scheme. We found that the idea of carrying physical devices increases perceived personal responsibility for secure authentication, making the risks and inconvenience associated with loss and theft salient for participants. Although our work is focused on Pico, the results of the study contribute to a broader understanding of user perception and concerns of responsibility for any token-based authentication schemes.We are grateful to the European Research Council for funding this research through grant StG 307224 (Pico)

RFID Is X-Ray Vision

Making RFID tags as ubiquitous as barcodes will enable machines to see and recognize any tagged object in their vicinity, better than they ever could with the smartest image processing algorithms. This opens many opportunities for “sentient computing ” applications. However, in so far as this new capability has some of the properties of X-ray vision, it opens the door to abuses. To promote discussion, I won’t elaborate on low level technological solutions; I shall instead discuss a simple security policy model that addresses most of the privacy issues. Playing devil’s advocate, I shall also indicate why it is currently unlikely that consumers will enjoy the RFID privacy that some of them vociferously demand. 1 Sentient machines Writing is everywhere: wherever you may be right now, there is probably some object near you with some writing on it, even discounting the recursive circumstance that you are currently reading this sentence. As Tantau remarks, “Whenever you wear clothing, even a swim suit, there is a lot of text right next to your body. ” In the justly famous paper [12] that introduced “ubiquitous computing”, Weiser envisaged a world in which computing and communication capabilitie

Sleepwalking into disaster? Requirements engineering for digital cash (Position paper)

Digital cash seems inevitable. But it’s not going to be bitcoin or the like, which will be regulated out of existence rather than being allowed to become mainstream currency. Central Bank Digital Currencies promise to eliminate crime but come with many of the problems that bitcoin set out to avoid. What do we actually need from digital cash? We had better figure it out before building and deploying unsuitable systems