TwoKind authentication

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

TwoKind authentication: protecting private information in untrustworthy environments

Full text

Pdf (346 KB)

Source

Conference on Computer and Communications Security archive
Proceedings of the 7th ACM workshop on Privacy in the electronic society table of contents

Alexandria, Virginia, USA

SESSION: Usability table of contents

Pages 39-44

Year of Publication: 2008

ISBN:978-1-60558-289-4

Authors

Katelin Bailey	Dartmouth College, Hanover, NH, USA
Apu Kapadia	Dartmouth College, Hanover, NH, USA
Linden Vongsathorn	Dartmouth College, Hanover, NH, USA
Sean W. Smith	Dartmouth College, Hanover, NH, USA

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 9, Downloads (12 Months): 78, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1456403.1456412 What is a DOI?

ABSTRACT

Users often log in to Internet sites from insecure computers and more recently have started divulging their email passwords to social-networking sites, thereby putting their private communications at risk. We propose and evaluate TwoKind Authentication, a simple and effective technique for limiting access to private information in untrustworthy environments. In its simplest form, TwoKind offers two modes of authentication by providing a low and a high authenticator. By using a low authenticator, users can signal to the server that they are in an untrusted environment, following which the server restricts the user's actions.

We seek to evaluate the effectiveness of multiple authenticators in promoting safer behavior in users. We demonstrate the effectiveness of this approach through a user experiment - we find that users make a distinction between the two authenticators and generally behave in a security-conscious way, protecting their high authenticator the ma jority of the time. Our study suggests that TwoKind will be beneficial to several Internet applications, particularly if the privileges associated with the low authenticator can be customized to a user's security preferences.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	K. Bailey, A. Kapadia, L. Vongsathorn, and S. W. Smith. TwoKind authentication: Protecting private information in untrustworthy environments (extended version). Technical Report TR2008--632, Dartmouth College, Aug 2008.
	2	Katelin Bailey , Linden Vongsathorn , Apu Kapadia , Chris Masone , Sean W. Smith, TwoKind authentication: usable authenticators for untrustworthy environments, Proceedings of the 3rd symposium on Usable privacy and security, July 18-20, 2007, Pittsburgh, Pennsylvania [doi>10.1145/1280680.1280712]
	3	Jim Basney , Marty Humphrey , Von Welch, The MyProxy online credential repository: Research Articles, Software—Practice & Experience, v.35 n.9, p.801-816, July 2005 [doi>10.1002/spe.v35:9]
	4	Ernie Brickell , Jan Camenisch , Liqun Chen, Direct anonymous attestation, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA [doi>10.1145/1030083.1030103]
	5	eTrade Trading Passwords. https://www.etradeaustralia.com.au/EStation/hep aec connecting.asp.
	6	Scott Garriss , Ramón Cáceres , Stefan Berger , Reiner Sailer , Leendert van Doorn , Xiaolan Zhang, Towards Trustworthy Kiosk Computing, Proceedings of the Eighth IEEE Workshop on Mobile Computing Systems and Applications, p.41-45, March 08-09, 2007 [doi>10.1109/HOTMOBILE.2007.19]
	7	Shirley Gaw , Edward W. Felten, Password management strategies for online accounts, Proceedings of the second symposium on Usable privacy and security, July 12-14, 2006, Pittsburgh, Pennsylvania [doi>10.1145/1143120.1143127]
	8	Leslie Lamport, Password authentication with insecure communication, Communications of the ACM, v.24 n.11, p.770-772, Nov. 1981 [doi>10.1145/358790.358797]
	9	J. Marchesini and S. W. Smith. SHEMP: Secure Hardware Enhanced MyProxy. In PST, 2005.
	10	J. Marchesini, S. W. Smith, and M. Zhao. Keyjacking: the surprising insecurity of client-side SSL. Computers and Security, 24(2):109--123, 2005.
	11	RSA SecurID. http://www.rsa.com/node.aspx?id=1156.
	12	J. H. Saltzer and M. D. Schroeder. The protection of information in computer systems. Communications of the ACM, 17(7), July 1974.
	13	A. Seshadri, A. Perrig, L. van Doorn, and P. Khosla. SWAtt: Software-based attestation for embedded devices. In Proceedings of the IEEE Symposium on Security and Privacy, May 2004.
	14	Sara Sinclair , Sean W. Smith, PorKI: Making User PKI Safe on Machines of Heterogeneous Trustworthiness, Proceedings of the 21st Annual Computer Security Applications Conference, p.419-430, December 05-09, 2005 [doi>10.1109/CSAC.2005.43]
	15	Jeff Yan , Alan Blackwell , Ross Anderson , Alasdair Grant, Password Memorability and Security: Empirical Results, IEEE Security and Privacy, v.2 n.5, p.25-31, September 2004 [doi>10.1109/MSP.2004.81]