PEAR: a hardware based protocol authentication system

Authors:
Sam Kerr;Michael S. Kirkpatrick;Elisa Bertino
Affiliations:
Purdue University, West Lafayette, IN;Purdue University, West Lafayette, IN;Purdue University, West Lafayette, IN
Venue:
Proceedings of the 3rd ACM SIGSPATIAL International Workshop on Security and Privacy in GIS and LBS
Year:
2010

Citing 13
Cited 1

Efficient and timely mutual authentication

ACM SIGOPS Operating Systems Review
Zero knowledge proofs of identity

STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
Authentication for Distributed Systems

Computer
Using encryption for authentication in large networks of computers

Communications of the ACM
Silicon physical random functions

Proceedings of the 9th ACM conference on Computer and communications security
Controlled Physical Random Functions

ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
How to Prevent Type Flaw Attacks on Security Protocols

CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
SubVirt: Implementing malware with virtual machines

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Physical unclonable functions for device authentication and secret key generation

Proceedings of the 44th annual Design Automation Conference
Aegis: A Single-Chip Secure Processor

IEEE Design & Test
Robust Authentication Using Physically Unclonable Functions

ISC '09 Proceedings of the 12th International Conference on Information Security
AEGIS: A single-chip secure processor

Information Security Tech. Report
Physical-layer identification of RFID devices

SSYM'09 Proceedings of the 18th conference on USENIX security symposium

PHAP: Password based Hardware Authentication using PUFs

MICROW '12 Proceedings of the 2012 45th Annual IEEE/ACM International Symposium on Microarchitecture Workshops

Quantified Score

Hi-index	0.00

Visualization

Abstract

As users have to manage an increasing number of accounts, they have to balance password security and password usability. As such, many users use insecure passwords resulting in their accounts and data being vulnerable to unauthorized accesses. In this paper, we present Physically Enhanced Authentication Ring, or PEAR, a system that alleviates this problem. We leverage Physically Unclonable Functions (PUF) to create unclonable hardware devices, which users use to authenticate. Using a hardware device, our system uses zero-knowledge proofs, which provide better security than traditional passwords, yet users must only enter a simple PIN. As such, our system is very usable and imposes little to no burden on end users and service providers. We present transaction levels on top of PEAR of as an extension and then discuss some other work that could be done in the future.