Identity-based cryptosystems and signature schemes
Proceedings of CRYPTO 84 on Advances in cryptology
Operating system protection through program evolution
Computers and Security
Proceedings of the 4th ACM conference on Computer and communications security
Path independence for authentication in large-scale systems
Proceedings of the 4th ACM conference on Computer and communications security
Tolerating penetrations and insider attacks by requiring independent corroboration
Proceedings of the 1998 workshop on New security paradigms
Secure communications over insecure channels
Communications of the ACM
Contemporary Cryptology: The Science of Information Integrity
Contemporary Cryptology: The Science of Information Integrity
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Identity-Based Encryption from the Weil Pairing
SIAM Journal on Computing
Separation of Duty in Role-based Environments
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Building Diverse Computer Systems
HOTOS '97 Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI)
Toward acceptable metrics of authentication
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
All sail, no anchor II: Acceptable high-end PKI
International Journal of Information Security
Spamming, phishing, authentication, and privacy
Communications of the ACM - The Blogosphere
Remote timing attacks are practical
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Using a personal device to strengthen password authentication from an untrusted computer
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Proceedings of the 2013 workshop on New security paradigms workshop
| Hi-index | 0.00 |
One of the best-known security paradigms is to use authentication as the basis for accéss control decisions. We turn this around, and instead rely on access control (or more precisely, integrity) as the basis for authentication. We propose a simple, practical means by which data origin assurances for message authentication are based on corroboration, for example by cross-checking with information made available by a known source or at a specified location (e.g., web page). The security relies on the integrity of this corroborating information, and thus on access control on the hosting (or publishing) of this information. We do not explicitly require cryptographic keys for the corroboration step, or for the protection of corroborating information (e.g., it may be publicly posted), and thus our paradigm allows message authentication without direct dependence on private or secret keys. It may be characterized as security by integrity. Message authentication applications we discuss include email source authentication, and data origin authentication for digital signatures. Our work thus has application to problems including spam and phishing (e.g., where email with spoofed source addressing is involved), and addresses theft, extraction, or other illicit determination of digital signature private keys.