Better authentication: password revolution by evolution

Add to your list(s) Download to your calendar using vCal

• Daniel Thomas (University of Cambridge)
• Monday 17 March 2014, 14:00-15:00
• SS03, William Gates Building.

If you have a question about this talk, please contact Andrew Rice.

Users authenticate in multiple security domains: at work, at home and to third parties. This is mostly done with passwords, with several shared across many domains. This does not scale well when a device or domain is compromised. We would rather not trust systems not owned by the user. The problems with passwords are well known and yet they are not replaced. With protocols like SSH they are replaced by public-key cryptography where one public SSH key is distributed to many security domains. However that does not work for physically proximate devices or in other contexts requiring password input. We propose a one time token system based on public keys that is backwards compatible with passwords and hence deployable. Our solution proposes a new verification function that does not trust the verifier or expose the user to brute force attacks and allows users to monitor their credentials and revoke access in the case of compromise.

This is a practice talk for the Security Protocols Workshop (2014-03-19—2014-03-21) the maximum time including questions is half an hour and interruptions for questions are encouraged.

This talk is part of the Computer Laboratory Digital Technology Group (DTG) Meetings series.

This talk is included in these lists:

• All Talks (aka the CURE list)
• Cambridge talks
• Computer Laboratory Digital Technology Group (DTG) Meetings
• Department of Computer Science and Technology talks and seminars
• Interested Talks
• SS03, William Gates Building
• School of Technology
• Trust & Technology Initiative - interesting events
• bld31

Note that ex-directory lists are not shown.