Efficient and timely mutual authentication
ACM SIGOPS Operating Systems Review
Zero knowledge proofs of identity
STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
Using encryption for authentication in large networks of computers
Communications of the ACM
Silicon physical random functions
Proceedings of the 9th ACM conference on Computer and communications security
Controlled Physical Random Functions
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
How to Prevent Type Flaw Attacks on Security Protocols
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
SubVirt: Implementing malware with virtual machines
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Physical unclonable functions for device authentication and secret key generation
Proceedings of the 44th annual Design Automation Conference
Aegis: A Single-Chip Secure Processor
IEEE Design & Test
Robust Authentication Using Physically Unclonable Functions
ISC '09 Proceedings of the 12th International Conference on Information Security
AEGIS: A single-chip secure processor
Information Security Tech. Report
Physical-layer identification of RFID devices
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
PHAP: Password based Hardware Authentication using PUFs
MICROW '12 Proceedings of the 2012 45th Annual IEEE/ACM International Symposium on Microarchitecture Workshops
Hi-index | 0.00 |
As users have to manage an increasing number of accounts, they have to balance password security and password usability. As such, many users use insecure passwords resulting in their accounts and data being vulnerable to unauthorized accesses. In this paper, we present Physically Enhanced Authentication Ring, or PEAR, a system that alleviates this problem. We leverage Physically Unclonable Functions (PUF) to create unclonable hardware devices, which users use to authenticate. Using a hardware device, our system uses zero-knowledge proofs, which provide better security than traditional passwords, yet users must only enter a simple PIN. As such, our system is very usable and imposes little to no burden on end users and service providers. We present transaction levels on top of PEAR of as an extension and then discuss some other work that could be done in the future.