Authentication and delegation with smart-cards
TACS'91 Selected papers of the conference on Theoretical aspects of computer software
A user authentication scheme not requiring secrecy in the computer
Communications of the ACM
Time Sharing Computer Systems
Distributed Data Mining in Credit Card Fraud Detection
IEEE Intelligent Systems
Efficient Certificate Revocation
Efficient Certificate Revocation
Security and Privacy Issues in E-passports
SECURECOMM '05 Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks
Proceedings of the 15th ACM conference on Computer and communications security
Secure Pairing of "Interface-Constrained" Devices Resistant against Rushing User Behavior
ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
Serial hook-ups: a comparative usability study of secure device pairing methods
Proceedings of the 5th Symposium on Usable Privacy and Security
Usability and security of out-of-band channels in secure device pairing protocols
Proceedings of the 5th Symposium on Usable Privacy and Security
Treat 'em like other devices: user authentication of multiple personal RFID tags
Proceedings of the 5th Symposium on Usable Privacy and Security
Caveat eptor: A comparative study of secure device pairing methods
PERCOM '09 Proceedings of the 2009 IEEE International Conference on Pervasive Computing and Communications
Shoulder-surfing resistance with eye-gaze entry in cued-recall graphical passwords
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Provably secure password-authenticated key exchange using Diffie-Hellman
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Vulnerabilities in first-generation RFID-enabled credit cards
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Usability analysis of secure pairing methods
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Groupthink: usability of secure group association for wireless devices
Proceedings of the 12th ACM international conference on Ubiquitous computing
Readers behaving badly: reader revocation in PKI-based RFID systems
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Shoulder-Surfing safe login in a partially observable attacker model
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
Crossing borders: security and privacy issues of the european e-passport
IWSEC'06 Proceedings of the 1st international conference on Security
Location-aware and safer cards: enhancing RFID security and privacy via location sensing
Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
| Hi-index | 0.00 |
The recent emergence of RFID tags capable of performing public key operations has enabled a number of new applications in commerce (e.g., RFIDenabled credit cards) and security (e.g., ePassports and access-control badges). While the use of public key cryptography in RFID tags mitigates many difficult security issues, certain important usability-related issues remain, particularly when RFID tags are used for financial transactions or for bearer identification. In this paper, we focus exclusively on techniques with user involvement for secure user-to-tag authentication, transaction verification, reader expiration and revocation checking, as well as association of RFID tags with other personal devices. Our approach is based on two factors: (1) recent advances in hardware and manufacturing have made it possible to mass-produce inexpensive passive display-equipped RFID tags, and (2) high-end RFID tags used in financial transactions or identification are usually attended by a human user (namely the owner). Our techniques rely on user involvement coupled with on-tag displays to achieve better security and privacy. Since user acceptance is a crucial factor in this context, we thoroughly evaluate the usability of all considered methods through comprehensive user studies and report on our findings.