TwoKind authentication: Protecting private information in untrustworthy environments

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2008, Pages 39-43

  Bailey, Katelin ^a   Kapadia, Apu ^a   Vongsathorn, Linden ^a   Smith, Sean W ^a  

^a Dartmouth College   (United States)

Author keywords

Authenticators; Passwords; Principle of least privilege

Indexed keywords

AUTHENTICATORS; INTERNET APPLICATION; PASSWORDS; PRINCIPLE OF LEAST PRIVILEGE; PRIVATE COMMUNICATION; PRIVATE INFORMATION;

AUTHENTICATION; INTERNET;

COMPUTER PRIVACY;

EID: 70349257241     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1456403.1456412     Document Type: Conference Paper

References (15)

1. K. Bailey, A. Kapadia, L. Vongsathorn, and S. W. Smith. TwoKind authentication: Protecting private information in untrustworthy environments (extended version). Technical Report TR2008-632, Dartmouth College, Aug 2008.
2. K. Bailey, L. Vongsathorn, A. Kapadia, C. Masone, and S. W. Smith. TwoKind authentication: Usable authenticators for untrustworthy environments (poster abstract). In Symposium on Usable Privacy and Security (SOUPS 2007), pages 169-170, July 2007.
3. J. Basney, M. Humphrey, and V. Welch. The MyProxy online credential repository: Research articles. Softw. Pract. Exper., 35(9):801-816, 2005.
4. E. Brickell, J. Camenisch, and L. Chen. Direct anonymous attestation. In CCS '04: Proceedings of the 11th ACM conference on Computer and communications security, pages 132-145, New York, NY, USA, 2004. ACM.
5. eTrade Trading Passwords. https://www.etradeaustralia.com.au/EStation/hep aec connecting.asp.
6. S. Garriss, R. Caceres, S. Berger, R. Sailer, L. van Doorn, and X. Zhang. Towards trustworthy kiosk computing. Mobile Computing Systems and Applications, 2007. HotMobile 2007. Eighth IEEE Workshop on, pages 41-45, 8-9 March 2007.
7. S. Gaw and E. W. Felten. Password management strategies for online accounts. In SOUPS '06: Proceedings of the second symposium on Usable privacy and security, pages 44-55, New York, NY, USA, 2006. ACM.
8. L. Lamport. Password authentication with insecure communication. Communications of the ACM, 24(11):770-772, Nov. 1981.
9. J. Marchesini and S. W. Smith. SHEMP: Secure Hardware Enhanced MyProxy. In PST, 2005.
10. J. Marchesini, S. W. Smith, and M. Zhao. Keyjacking: the surprising insecurity of client-side SSL. Computers and Security, 24(2):109-123, 2005.
11. RSA SecurID. http://www.rsa.com/node.aspx?id=1156.
12. J. H. Saltzer and M. D. Schroeder. The protection of information in computer systems. Communications of the ACM, 17(7), July 1974.
13. A. Seshadri, A. Perrig, L. van Doorn, and P. Khosla. SWAtt: Software-based attestation for embedded devices. In Proceedings of the IEEE Symposium on Security and Privacy, May 2004.
14. S. Sinclair and S. W. Smith. PorKI: Making user PKI safe on machines of heterogeneous trustworthiness. In 21st Annual Computer Security Applications Conference, pages 419-430, Los Alamitos, CA, USA, 2005.
15. J. Yan, A. Blackwell, R. Anderson, and A. Grant. Password memorability and security: Empirical results. IEEE Security and Privacy, 2(5):25-31, 2004.