Reducing risks from poorly chosen keys
SOSP '89 Proceedings of the twelfth ACM symposium on Operating systems principles
Authentication and authenticated key exchanges
Designs, Codes and Cryptography
Network security: private communication in a public world
Network security: private communication in a public world
The official PGP user's guide
Strong password-only authenticated key exchange
ACM SIGCOMM Computer Communication Review
A note on proactive password checking
Proceedings of the 2001 workshop on New security paradigms
Security Engineering: A Guide to Building Dependable Distributed Systems
Security Engineering: A Guide to Building Dependable Distributed Systems
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Securing passwords against dictionary attacks
Proceedings of the 9th ACM conference on Computer and communications security
Pricing via Processing or Combatting Junk Mail
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Server-Assisted Generation of a Strong Secret from a Password
WETICE '00 Proceedings of the 9th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Telling humans and computers apart automatically
Communications of the ACM - Information cities
Defending against an Internet-based attack on the physical world
ACM Transactions on Internet Technology (TOIT)
Password Memorability and Security: Empirical Results
IEEE Security and Privacy
Secure distributed human computation
Proceedings of the 6th ACM conference on Electronic commerce
CAPTCHA: using hard AI problems for security
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
On predictive models and user-drawn graphical passwords
ACM Transactions on Information and System Security (TISSEC)
Where do security policies come from?
Proceedings of the Sixth Symposium on Usable Privacy and Security
Popularity is everything: a new approach to protecting passwords from statistical-guessing attacks
HotSec'10 Proceedings of the 5th USENIX conference on Hot topics in security
Graphical password authentication using cued click points
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
| Hi-index | 0.00 |
Automated Turing Tests (ATTs), also known as human-in-the-loop techniques, were recently employed in a login protocol by Pinkas and Sander (2002) to protect against online password-guessing attacks. We present modifications providing a new history-based login protocol with ATTs, which uses failed-login counts. Analysis indicates that the new protocol offers opportunities for improved security and user friendliness (fewer ATTs to legitimate users) and greater flexibility (e.g., allowing protocol parameter customization for particular situations and users). We also note that the Pinkas--Sander and other protocols involving ATTs are susceptible to minor variations of well-known middle-person attacks. We discuss complementary techniques to address such attacks, and to augment the security of the original protocol.