Authentication and delegation with smart-cards
TACS'91 Selected papers of the conference on Theoretical aspects of computer software
Strong password-only authenticated key exchange
ACM SIGCOMM Computer Communication Review
A user authentication scheme not requiring secrecy in the computer
Communications of the ACM
Time Sharing Computer Systems
Distributed Data Mining in Credit Card Fraud Detection
IEEE Intelligent Systems
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Efficient Certificate Revocation
Efficient Certificate Revocation
Security and Privacy Issues in E-passports
SECURECOMM '05 Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks
Proceedings of the 15th ACM conference on Computer and communications security
Secure Pairing of "Interface-Constrained" Devices Resistant against Rushing User Behavior
ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
Serial hook-ups: a comparative usability study of secure device pairing methods
Proceedings of the 5th Symposium on Usable Privacy and Security
Usability and security of out-of-band channels in secure device pairing protocols
Proceedings of the 5th Symposium on Usable Privacy and Security
Treat 'em like other devices: user authentication of multiple personal RFID tags
Proceedings of the 5th Symposium on Usable Privacy and Security
Caveat eptor: A comparative study of secure device pairing methods
PERCOM '09 Proceedings of the 2009 IEEE International Conference on Pervasive Computing and Communications
Shoulder-surfing resistance with eye-gaze entry in cued-recall graphical passwords
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Provably secure password-authenticated key exchange using Diffie-Hellman
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Vulnerabilities in first-generation RFID-enabled credit cards
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Usability analysis of secure pairing methods
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
PIN (and chip) or signature: beating the cheating?
Proceedings of the 13th international conference on Security protocols
Groupthink: usability of secure group association for wireless devices
Proceedings of the 12th ACM international conference on Ubiquitous computing
Readers behaving badly: reader revocation in PKI-based RFID systems
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Password authenticated key exchange by juggling
Security'08 Proceedings of the 16th International conference on Security protocols
Shoulder-Surfing safe login in a partially observable attacker model
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
Crossing borders: security and privacy issues of the european e-passport
IWSEC'06 Proceedings of the 1st international conference on Security
Feature: A hole in the security wall: ATM hacking
Network Security
User-aided reader revocation in PKI-based RFID systems
Journal of Computer Security - ESORICS 2010
| Hi-index | 0.00 |
The recent emergence of RFID tags capable of performing public key operations enables a number of new applications in commerce e.g., RFID-enabled credit cards and security e.g., ePassports and access-control badges. While the use of public key cryptography in RFID tags mitigates many difficult security issues, certain important usability-related issues remain, particularly when RFID tags are used for financial transactions or bearer identification.In this paper, we focus exclusively on techniques with user involvement for secure user-to-tag authentication, transaction verification, reader expiration and revocation checking, as well as pairing of RFID tags with other personal devices. Our approach is based on two factors: 1 recent advances in hardware and manufacturing have made it possible to mass-produce inexpensive passive display-equipped RFID tags, and 2 high-end RFID tags used in financial transactions or identification are attended by a human user typically, their owner. Our techniques rely on user involvement coupled with on-tag displays to achieve better security and privacy. Since user acceptance is a crucial factor in this context, we conducted comprehensive user studies to assess usability of all considered methods. This paper reports on our findings.