Upload File

users log in to unsafe environments – like blitz (email) terminals – every day

  • Home
  • Documents
  • Users log in to unsafe environments – like Blitz (email) terminals – every day
1
TwoKind Authentication: Usable Authenticators for Untrustworthy Environments Katelin Bailey, Linden Vongsathorn, Apu Kapadia, Chris Masone, Sean W. Smith Department of Computer Science Dartmouth College, USA Identity theft, credit card fraud, and phishing have become major problems on the internet. Sometimes this happens when users unknowingly log on to unsafe computers: potentially giving away personal information. We propose to reduce this problem by creating a second password with which users can log into internet accounts, reducing the amount of damage if their session is compromised. Users log in to unsafe environments – like Blitz (email) terminals – every day. There are many ways in which an adversary, Eve, can steal your information, but the most common include: Study Map Users are presented with tasks to complete, in safe and unsafe environments. They can log in with their low or high privilege passwords, or skip the task. Man in the Middle Eve is in cyberspace and sits in between you and an internet site. Eve gets all of the information that is passed Instead of having one password (or autentication token), which gives you access to all of your data, we propose having two passwords (or tokens): •One high-privilege password, which acts like current passwords. •One low-privilege password, which allows limited actions: for example, if you log into a bank account with this password, you can view your balance, but cannot transfer funds. Users can log in with their low-privilege password in an unsafe environment. If an adversary steals this password, she cannot cause any permanent damage because the password does not have high privileges. The user study is modeled as a Facebook-like application. Users are given a choice of logging in with their high- privilege password or their low- privilege password. We hope users will identify situations where they can use their low-privilege password instead of their high-privilege password, therefore reducing the damage an adversary can cause. If users do this within the context of our study, this shows that having two levels of authentication is a usable authentication mechanism in untrustworthy environments. Keylogging Eve runs a program on the computer you are using that records all the words you type. Shoulder Surfing Eve looks over your shoulder as you are typing and records your passwords. We would like to thank Sara Sinclair, Denise Anthony, and Peter Gutmann for their helpful comments. This research was supported in part by the NSF, under Grant CNS-0448499, the Bureau of Justice Assistance, under grant 2005-DD-BX-1091, and the Women in Science Project at Dartmouth College. The views and conclusions do not necessarily reflect the views of the sponsors. INTERNET DANGERS MOTIVATION TWOKIND AUTHENTICATION PLANNED USER STUDY ACKNOWLEDGMENTS

Upload: bevan

Post on 07-Feb-2016

23 views

Category:

Documents


0 download

Report

Tags:

DESCRIPTION

TwoKind Authentication: Usable Authenticators for Untrustworthy Environments Katelin Bailey, Linden Vongsathorn, Apu Kapadia, Chris Masone, Sean W. Smith Department of Computer Science Dartmouth College, USA. TWOKIND AUTHENTICATION. MOTIVATION. Study Map - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: Users log in to unsafe environments – like Blitz (email) terminals – every day

TwoKind Authentication: Usable Authenticators for Untrustworthy Environments

Katelin Bailey, Linden Vongsathorn, Apu Kapadia, Chris Masone, Sean W. Smith Department of Computer Science

Dartmouth College, USA

Identity theft, credit card fraud, and phishing have become major problems on the internet. Sometimes this happens when users unknowingly log on to unsafe computers: potentially giving away personal information. We propose to reduce this problem by creating a second password with which users can log into internet accounts, reducing the amount of damage if their session is compromised.

Users log in to unsafe environments – like Blitz (email) terminals – every day.

There are many ways in which an adversary, Eve, can steal your information, but the most common include:

Study Map

Users are presented with tasks to

complete, in safe and unsafe environments.

They can log in with their low or high

privilege passwords, or skip the task.

Man in the MiddleEve is in cyberspace and sits in between you and an internet site. Eve gets all of the information that is passed between you and the website.

Instead of having one password (or autentication token), which gives you access to all of your data, we propose having two passwords (or tokens):

•One high-privilege password, which acts like current passwords.

•One low-privilege password, which allows limited actions: for example, if you log into a bank account with this password, you can view your balance, but cannot transfer funds.

Users can log in with their low-privilege password in an unsafe environment. If an adversary steals this password, she cannot cause any permanent damage because the password does not have high privileges.

The user study is modeled as a Facebook-like application.

Users are given a choice of logging in with their high-privilege password or their low-privilege password.

We hope users will identify situations where they can use their low-privilege password instead of their high-privilege password, therefore reducing the damage an adversary can cause.

If users do this within the context of our study, this shows that having two levels of authentication is a usable authentication mechanism in untrustworthy environments.

KeyloggingEve runs a program on the computer you are using that records all the words you type.

Shoulder SurfingEve looks over your shoulder as you are typing and records your passwords.

We would like to thank Sara Sinclair, Denise Anthony, and Peter Gutmann for their helpful comments.This research was supported in part by the NSF, under Grant CNS-0448499, the Bureau of Justice Assistance, under grant 2005-DD-BX-1091, and the Women in Science Project at Dartmouth College. The views and conclusions do not necessarily reflect the views of the sponsors.

INTERNET DANGERS

MOTIVATION TWOKIND AUTHENTICATION

PLANNED USER STUDY

ACKNOWLEDGMENTS

Blitz Dec12frl

Blitz compro

Blitz Strategies.ppt

INFERNO BLITZ - Arrow Precision · INFERNO BLITZ – ASSEMBLY INSTRUCTIONS & OWNERS MANUAL 6 1. Inferno Blitz crossbow body 2. Inferno Blitz 150lb riser assembly 3. Quick detach quiver

Interpersonal Blitz

Russell Athletic 2013 Blitz Catalog: Modified Custom ... Athletic 2013 Blitz Catalog: ... Russell Athletic; Blitz; Blitz Program; Modified; Custom; Football; uniform, jersey, pants,

Blitz Weekly

BLITZ 60 - BLITZ 55 - BLITZ 50

Bruce Blitz - How To Draw Blitz Cartoons.pdf

TT“THE FIRST BLITZ”“T HE FIRST BLITZ”HE FIRST BLITZ”

unsafe act unsafe condition

Branding Blitz

London blitz

Blitz Package

Ergo Blitz!

Blitz products

Blitz - absupply.net

Blitz Demo

Blitz Basic

From ‘potentially’ unsafe to unsafe by inadequate tube ... · PDF fileFrom ‘potentially’ unsafe to unsafe by inadequate tube plugging . ... times due to improved inspection

BLITZ 60L - BLITZ 55 - BLITZ 50 - SCM Group · BLITZ 60L - BLITZ 55 - BLITZ 50 Double head sawing machine with motorized movement of the mobile head and electronic control of the

Blitz Final

Blitz Cartoons

Bruce Blitz - How to Draw Blitz Cartoons

Blitz 45 - 50 - cima.it · CAFFÈ - COFFEE Blitz 45 (T.CA.45T) Blitz 50 (T.CA.50T) 500 600 700 800 900 400 300 200 100 TENDONE Blitz 45 (T.TND.45T) Blitz 50 (T.TND.50T) TESTATE -

Suite blitz

Bible Blitz

The Blitz During World War II. The Blitz ‘Blitz’ is from the German word - blitzkrieg which means ‘lightning war’. The Blitz was the sustained bombing

Dutch Blitz

Magritte Blitz