Skip to main content
SpringerLink
Log in

Back Channels Can Be Useful! – Layering Authentication Channels to Provide Covert Communication

  • Conference paper
Security Protocols XXI (Security Protocols 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8263))

Included in the following conference series:

Abstract

This paper argues the need for providing a covert back-channel communication mechanism in authentication protocols, discusses various practical uses for such a channel, and desirable features for its design and deployment. Such a mechanism would leverage the current authentication channel to carry out the covert communication rather than introducing a separate one. The communication would need to be oblivious to an adversary observing it, possibly as a man-in-the-middle. We discuss the properties that such channels would need to have for the various scenarios in which they would be used. Also, we show their potential for mitigating the effects of a number of security breaches currently occurring in these scenarios.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Clark, J., Hengartner, U.: Panic Passwords: Authenticating Under Duress. In: Proceedings: The 3rd Conference on Hot Topics in Security. USENIX Association (2008)

    Google Scholar 

  2. Stefanov, E., Atallah, M.: Duress Detection for Authentication Attacks Against Multiple Administrators. In: Proceedings: The 2010 ACM Workshop on Insider Threats, pp. 37–46. ACM (2010)

    Google Scholar 

  3. Anderson, R.: Can We Fix the Security Economics of Federated Authentication? In: Christianson, B., Crispo, B., Malcolm, J., Stajano, F. (eds.) Security Protocols 2011. LNCS, vol. 7114, pp. 33–48. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  4. Trend Micro, How ZeuS/ZBOT Bypasses Two-Factor Authentication (October 2010), http://community.trendmicro.com/t5/Web-Threat-Spotlight/ZeuS-ZBOT-Variant-Bypasses-Two-Factor-Authentication/ba-p/16514

  5. The White House, National Strategy for Trusted Identities in Cyberspace, NSTIC (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Purdue University, 305 N. University Street, West Lafayette, IN, 47907, USA

    Mohammed H. Almeshekah, Mikhail J. Atallah & Eugene H. Spafford

Authors
  1. Mohammed H. Almeshekah
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mikhail J. Atallah
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Eugene H. Spafford
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Computer Science, University of Hertfordshire, Hatfield, AL10 9AB, Hertfordshire, UK

    Bruce Christianson  & James Malcolm  & 

  2. Computer Laboratory, University of Cambridge, 15 JJ Thomson Avenue, CB3 0FD, Cambridge, UK

    Frank Stajano  & Jonathan Anderson  & 

  3. Center for Information Technology Policy, Princeton University, Sherred Hall, 08540, Princeton, NJ, USA

    Joseph Bonneau

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Almeshekah, M.H., Atallah, M.J., Spafford, E.H. (2013). Back Channels Can Be Useful! – Layering Authentication Channels to Provide Covert Communication. In: Christianson, B., Malcolm, J., Stajano, F., Anderson, J., Bonneau, J. (eds) Security Protocols XXI. Security Protocols 2013. Lecture Notes in Computer Science, vol 8263. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41717-7_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-41717-7_22

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-41716-0

  • Online ISBN: 978-3-642-41717-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation