Abstract
We propose a new framework for authentication mechanisms that seek to interact with users in a friendlier way. Human or community-centric authentication supports vanilla access to users who fail an initial attempt to identify themselves. This limited access enables them to communicate with their peer community to achieve authentication. The actions of users with vanilla access can be rolled back in case they do not progress to full authentication status.
This mechanism is supported by a peer community trust infrastructure that exploits the effectiveness that humans have in understanding their communal roles in order to mitigate their lesser skill in remembering passwords or pins. The techniques involved essentially implement a human-centric key escrow and recovery mechanism.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Hopper, N., Bloom, M.: A secure human-computer authentication scheme. Technical Report CMU-CS-00-139, Carnegie Mellon University (2000)
Hopper, N., Bloom, M.: Secure human identification protocols. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 52–66. Springer, Heidelberg (2001)
Denning, D., Branstad, D.: A taxonomy of key escrow encryption. Comm. of the ACM 39, 34–40 (1996)
Fouquè, P., Poupard, G., Stern, J.: Recovering keys in open networks. In: ITW 1999. Proc. IEEE Information Theory and Communications Workshop, IEEE Computer Society Press, Los Alamitos (1999)
Ellison, C., Hall, C., Milbert, R., Schneier, B.: Protecting secret keys with personal entropy. J. of Future Generation Computer Systems 16, 311–318 (2000)
Frykholm, N., Juels, A.: Error-tolerant password recovery. In: Proc. of the 8th ACM Conference on Computer and Communications Security, pp. 1–9. ACM Press, New York (2001)
Blakley, G.R.: Safeguarding cryptographic keys. In: Proc. of the National Computer Conference, vol. 48, pp. 242–268 (1979)
Shamir, A.: How to share a secret. Comm. of the ACM 22, 612–613 (1979)
Menezes, A., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, Boca Raton, USA (1997)
Zimmermann, P.: The Official PGP Guide. MIT Press, Cambridge, MA, USA (1995)
Seltzer, M.I., Granger, G.R., McKusick, M.K., Smith, K.A., Soules, C.A.N., Stein, C.A.: Journaling versus soft updates: Asynchronous meta-data protection in file systems. In: Proc. of the 2000 USENIX Annual Conference, General Session, USENIX, the Advanced Computer Systems Association (2000)
Anderson, J.P.: Computer security technology planning study. Technical Report ESD-TR-73-51, Air Force Electronic Systems Division, Hanscom AFB, Bedford, MA (1972)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Burmester, M., de Medeiros, B., Yasinsac, A. (2007). Community-Centric Vanilla-Rollback Access, or: How I Stopped Worrying and Learned to Love My Computer. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds) Security Protocols. Security Protocols 2005. Lecture Notes in Computer Science, vol 4631. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77156-2_28
Download citation
DOI: https://doi.org/10.1007/978-3-540-77156-2_28
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-77155-5
Online ISBN: 978-3-540-77156-2
eBook Packages: Computer ScienceComputer Science (R0)