A convenient method for securely managing passwords
WWW '05 Proceedings of the 14th international conference on World Wide Web
Passpet: convenient password management and phishing protection
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Password management strategies for online accounts
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
OpenID 2.0: a platform for user-centric identity management
Proceedings of the second ACM workshop on Digital identity management
A large-scale study of web password habits
Proceedings of the 16th international conference on World Wide Web
Stronger password authentication using browser extensions
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Flicker: an execution infrastructure for tcb minimization
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Proceedings of the 7th symposium on Identity and trust on the Internet
Order and entropy in picture passwords
GI '08 Proceedings of graphics interface 2008
One-Time Password Access to Any Server without Changing the Server
ISC '08 Proceedings of the 11th international conference on Information Security
Encountering stronger password requirements: user attitudes and behaviors
Proceedings of the Sixth Symposium on Usable Privacy and Security
TrustVisor: Efficient TCB Reduction and Attestation
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Bootstrapping Trust in Commodity Computers
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
OpenIDemail enabled browser: towards fixing the broken web single sign-on triangle
Proceedings of the 6th ACM workshop on Digital identity management
A billion keys, but few locks: the crisis of web single sign-on
Proceedings of the 2010 workshop on New security paradigms
Soft biometric traits for continuous user authentication
IEEE Transactions on Information Forensics and Security
Approaches and Issues in Location-Aware Continuous Authentication
CSE '10 Proceedings of the 2010 13th IEEE International Conference on Computational Science and Engineering
On mouse dynamics as a behavioral biometric for authentication
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Uni-directional trusted path: Transaction confirmation on just one device
DSN '11 Proceedings of the 2011 IEEE/IFIP 41st International Conference on Dependable Systems&Networks
| Hi-index | 0.00 |
Today's authentication suffers from unsolved problems in security and usability. Adversaries have multiple attack vectors with which to steal user credentials, including phishing, malware, and attacks on service providers. Current security practices such as password-complexity policies and idle timeouts often compromise usability. We propose our solution, Client-Based Authentication Technology (CBAT), to simultaneously improve security and usability in authentication. The main component of CBAT is our Trusted Identity Manager (TIM), which resides within a hardware-based secure container on the user's system. The TIM asserts the user's authentication to local and remote service providers without releasing the user's credentials. In addition, the TIM non-intrusively monitors the user's physical presence and locks the system if the user leaves. We provide architectural and implementation details of CBAT in hopes of improving current methods of authentication.