Towards a secure human-and-computer mutual authentication protocol

Radke, Kenneth, Boyd, Colin, Gonzalez Nieto, Juan M., & Brereton, Margot (2012) Towards a secure human-and-computer mutual authentication protocol. In Pieprzyk, Josef & Thomborson, Clark (Eds.) Proceedings of the Tenth Australasian Information Security Conference (AISC 2012), Australian Computer Society Inc, Melbourne, Vic., pp. 39-46.

Published paper (PDF 712kB)
Submitted Version.

View at publisher


We blend research from human-computer interface (HCI) design with computational based crypto- graphic provable security. We explore the notion of practice-oriented provable security (POPS), moving the focus to a higher level of abstraction (POPS+) for use in providing provable security for security ceremonies involving humans. In doing so we high- light some challenges and paradigm shifts required to achieve meaningful provable security for a protocol which includes a human. We move the focus of security ceremonies from being protocols in their context of use, to the protocols being cryptographic building blocks in a higher level protocol (the security cere- mony), which POPS can be applied to. In order to illustrate the need for our approach, we analyse both a protocol proven secure in theory, and a similar proto- col implemented by a �nancial institution, from both HCI and cryptographic perspectives.

Impact and interest:

0 citations in Scopus
Search Google Scholar™

Citation counts are sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

Full-text downloads:

145 since deposited on 08 Mar 2013
23 in the past twelve months

Full-text downloads displays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.

ID Code: 57928
Item Type: Conference Paper
Refereed: Yes
Keywords: Ceremony, Human, HTTPS, TLS, Security, Privacy, Provable security, Authentication
ISBN: 978-1-921770-06-7
ISSN: 1445-1336
Divisions: Current > Schools > School of Electrical Engineering & Computer Science
Current > QUT Faculties and Divisions > Science & Engineering Faculty
Copyright Owner: Copyright 2012 The Australian Computer Society Inc
Copyright Statement: The series is published by, and most papers are copyright of, the Australian Computer Society Inc. Reproduction for academic research and not-for-profit purposes is granted provided the copyright notice on the first page of each paper is included.
Deposited On: 08 Mar 2013 06:36
Last Modified: 16 Jul 2013 01:13

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page