Towards a secure human-and-computer mutual authentication protocol
Radke, Kenneth, Boyd, Colin, Gonzalez Nieto, Juan M., & Brereton, Margot (2012) Towards a secure human-and-computer mutual authentication protocol. In Pieprzyk, Josef & Thomborson, Clark (Eds.) Proceedings of the Tenth Australasian Information Security Conference (AISC 2012), Australian Computer Society Inc, Melbourne, Vic., pp. 39-46.
We blend research from human-computer interface (HCI) design with computational based crypto- graphic provable security. We explore the notion of practice-oriented provable security (POPS), moving the focus to a higher level of abstraction (POPS+) for use in providing provable security for security ceremonies involving humans. In doing so we high- light some challenges and paradigm shifts required to achieve meaningful provable security for a protocol which includes a human. We move the focus of security ceremonies from being protocols in their context of use, to the protocols being cryptographic building blocks in a higher level protocol (the security cere- mony), which POPS can be applied to. In order to illustrate the need for our approach, we analyse both a protocol proven secure in theory, and a similar proto- col implemented by a �nancial institution, from both HCI and cryptographic perspectives.
Impact and interest:
Citation counts are sourced monthly from and citation databases.
These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.
Citations counts from theindexing service can be viewed at the linked Google Scholar™ search.
Full-text downloads displays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.
|Item Type:||Conference Paper|
|Keywords:||Ceremony, Human, HTTPS, TLS, Security, Privacy, Provable security, Authentication|
|Divisions:||Current > Schools > School of Electrical Engineering & Computer Science
Current > QUT Faculties and Divisions > Science & Engineering Faculty
|Copyright Owner:||Copyright 2012 The Australian Computer Society Inc|
|Copyright Statement:||The series is published by, and most papers are copyright of, the Australian Computer Society Inc. Reproduction for academic research and not-for-profit purposes is granted provided the copyright notice on the first page of each paper is included.|
|Deposited On:||08 Mar 2013 06:36|
|Last Modified:||16 Jul 2013 01:13|
Repository Staff Only: item control page