The Art of Deception: Controlling the Human Element of Security
The Art of Deception: Controlling the Human Element of Security
Compliance Checking in the PolicyMaker Trust Management System
FC '98 Proceedings of the Second International Conference on Financial Cryptography
Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Stronger password authentication using browser extensions
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Messin' with texas deriving mother's maiden names using public records
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
On the Evolution of User Authentication: Non-bilateral Factors
Information Security and Cryptology
An Application of the Boneh and Shacham Group Signature Scheme to Biometric Authentication
IWSEC '08 Proceedings of the 3rd International Workshop on Security: Advances in Information and Computer Security
It's not what you know, but who you know: a social approach to last-resort authentication
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
1 + 1 = you: measuring the comprehensibility of metaphors for configuring backup authentication
Proceedings of the 5th Symposium on Usable Privacy and Security
Feasibility of a socially aware authentication scheme
CCNC'09 Proceedings of the 6th IEEE Conference on Consumer Communications and Networking Conference
Multi-factor authenticated key exchange
ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
PassPattern system (PPS): a pattern-based user authentication scheme
NETWORKING'08 Proceedings of the 7th international IFIP-TC6 networking conference on AdHoc and sensor networks, wireless networks, next generation internet
An access control model for mobile physical objects
Proceedings of the 15th ACM symposium on Access control models and technologies
Trust maximization in social networks
SBP'11 Proceedings of the 4th international conference on Social computing, behavioral-cultural modeling and prediction
A field study of user behavior and perceptions in smartcard authentication
INTERACT'11 Proceedings of the 13th IFIP TC 13 international conference on Human-computer interaction - Volume Part IV
A survey of security in multi-agent systems
Expert Systems with Applications: An International Journal
Coercion resistance in authentication responsibility shifting
Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security
Towards a secure human-and-computer mutual authentication protocol
AISC '12 Proceedings of the Tenth Australasian Information Security Conference - Volume 125
Interaction provenance model for unified authentication factors in service oriented computing
Proceedings of the 4th ACM conference on Data and application security and privacy
Hi-index | 0.00 |
User authentication in computing systems traditionally depends on three factors: something you have (e.g., a hardware token), something you are (e.g., a fingerprint), and something you know (e.g., a password). In this paper, we explore a fourth factor, the social network of the user, that is, somebody you know.Human authentication through mutual acquaintance is an age-old practice. In the arena of computer security, it plays roles in privilege delegation, peer-level certification, help-desk assistance, and reputation networks. As a direct means of logical authentication, though, the reliance of human being on another has little supporting scientific literature or practice.In this paper, we explore the notion of vouching, that is, peer-level, human-intermediated authentication for access control. We explore its use in emergency authentication, when primary authenticators like passwords or hardware tokens become unavailable. We describe a practical, prototype vouching system based on SecurID, a popular hardware authentication token. We address traditional, cryptographic security requirements, but also consider questions of social engineering and user behavior.