Panic passwords: authenticating under duress

Authors:
Jeremy Clark;Urs Hengartner
Affiliations:
School of Computer Science, University of Waterloo;School of Computer Science, University of Waterloo
Venue:
HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
Year:
2008

Citing 5
Cited 8

PassPoints: design and longitudinal evaluation of a graphical password system

International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
A virtual honeypot framework

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Spelling-error tolerant, order-independent pass-phrases via the damerau-levenshtein string-edit distance metric

ACSW '07 Proceedings of the fifth Australasian symposium on ACSW frontiers - Volume 68
Scantegrity II: end-to-end verifiability for optical scan election systems using invisible ink confirmation codes

EVT'08 Proceedings of the conference on Electronic voting technology
Graphical password authentication using cued click points

ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security

Robust Authentication Using Physically Unclonable Functions

ISC '09 Proceedings of the 12th International Conference on Information Security
Parenting from the pocket: value tensions and technical directions for secure and private parent-teen mobile safety

Proceedings of the Sixth Symposium on Usable Privacy and Security
Duress detection for authentication attacks against multiple administrators

Proceedings of the 2010 ACM workshop on Insider threats
Selections: internet voting with over-the-shoulder coercion-resistance

FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
Cobra: toward concurrent ballot authorization for internet voting

EVT/WOTE'12 Proceedings of the 2012 international conference on Electronic Voting Technology/Workshop on Trustworthy Elections
A practical coercion resistant voting scheme revisited

Vote-ID'13 Proceedings of the 4th international conference on E-Voting and Identity
Principles of authentication

Proceedings of the 2013 workshop on New security paradigms workshop
Explicit authentication response considered harmful

Proceedings of the 2013 workshop on New security paradigms workshop

Quantified Score

Hi-index	0.00

Visualization

Abstract

Panic passwords allow a user to signal duress during authentication. We show that the well-known model of giving a user two passwords, a 'regular' and a 'panic' password, is susceptible to iteration and forced-randomization attacks, and is secure only within a very narrow threat model. We expand this threat model significantly, making explicit assumptions and tracking four parameters. We also introduce several new panic password systems to address new categories of scenarios.