Threat Modelling in User Performed Authentication
نویسندگان
چکیده
User authentication can be compromised both by subverting the system and by subverting the user; the threat modelling of the former is well studied, the latter less so. We propose a method to determine opportunities to subvert the user allowing vulnerabilities to be systematically identified. The method is applied to VeriSign’s OpenID authentication mechanism.
منابع مشابه
Biometric Authentication of Fingerprint for Banking Users, Using Stream Cipher Algorithm
Providing banking services, especially online banking and electronic payment systems, has always been associated with high concerns about security risks. In this paper, customer authentication for their transactions in electronic banking has been discussed, and a more appropriate way of using biometric fingerprint data, as well as encrypting those data in a different way, has been suggest...
متن کاملA Mutual Authentication Method for Internet of Things
Today, we are witnessing the expansion of various Internet of Things (IoT) applications and services such as surveillance and health. These services are delivered to users via smart devices anywhere and anytime. Forecasts show that the IoT, which is controlled online in the user environment, will reach 25 billion devices worldwide by 2020. Data security is one of the main concerns in the IoT. ...
متن کاملOpportunistic protected login: Next step in traditional password based user authentication
Password based authentication faces security related threats from phishing, server compromise and man-inthe-middle attack. Despite the poor security, it has been the primary method of user authentication on web since a decade now. This paper is a systematic review of a proposal, by Czeskis et al., which aims to provide opportunistic protected login for user authentication, for web services with...
متن کاملA Distributed Authentication Architecture and Protocol
Original scientific paper Most user authentication methods rely on a single verifier being stored at a central location within the information system. Such information storage presents a single point of compromise from a security perspective. If this system is compromised it poses a direct threat to users’ digital identities if the verifier can be extracted from the system. This paper proposes ...
متن کاملTaking Control of the Digital and Mobile User Authentication Challenge
More websites, more mobile devices, more user accounts. It all adds up to more passwords and more access pathways. Traditional password strategies just aren’t keeping pace with the evolving landscape, where identity is increasingly a critical threat vector. The challenge is complex, complicated not just by rapidly changing user needs, but also by the information they need to access and the devi...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2008