ABSTRACT
An authentication system is duress-resistant if it allows a user or system administrator to covertly send a silent alarm during the login process, indicating that they are being forced to authenticate against their will. The adversary knows that the system has this feature, e.g., if two passwords are used (one normal and one duress) then the adversary will demand from a victim both passwords. We require that the adversary is not able to distinguish a non-cooperating victim from a cooperating victim, even if there are multiple victims some of whom cooperate while others do not. To avoid a false alarm, we also require that the probability of a user accidentally sending a duress signal (e.g., through typos) is small. After arguing that existing techniques are inadequate for such requirements, we present our design and implementation of a duress-resistant authentication system that can be used by any number of administrators and users. Our system is compatible with existing authentication systems, and can be implemented as an augmentation of their capabilities that does not require modification of their internals.
- }}Clark, Jeremy and Hengartner, Urs. Panic passwords: authenticating under duress. In Proceedings of the 3rd Conference on Hot Topics in Security (2008), USENIX Association, 1--6. Google ScholarDigital Library
- }}Russikoff, Ronald K. Computerized password verification system and method for ATM transactions. United States Patent, 6871288, March 22, 2005.Google Scholar
- }}Leemon C. Baird, et al. Apparatus and method for authenticating access to a network resource. United States Patent, 6732278, May 4, 2004.Google Scholar
- }}Michael Wayne Brown, Rabindranath Dutta, Michael A. Paolini, Newton James Smith, Jr. Cash register and method of accounting for cash transactions. United States Patent, 6550671, April 22, 2003.Google Scholar
- }}RESEARCH IN MOTION. Duress Notification Address IT policy rule. Retreived July 2, 2009 from BlackBerry Enterprise Solution Security - Policy Reference Guide: http://na.blackberry.com/eng/deliverables/4222/Duress_Notification_Address_204132_11.jsp.Google Scholar
- }}SPRINT. WebID Authentication with a SecurID PINPAD. Retreived July 2, 2009 from: http://cagate.sprint.com/documentation/securid/documents/SecurID_Pinpad_Token.pdf.Google Scholar
- }}ALMEX LTD. Bioscrypt Fingerprint readers for door access sold by Almex. Retreived July 2, 2009 from: http://www.almexltd.com/fingerprint-readers.htm.Google Scholar
- }}Howie, John. Authentication Options. Windows IT Pro (July 2006).Google Scholar
- }}Weinshall, Daphna and Kirkpatrick, Scott. Passwords youll never forget, but cant recall. In Conference on Human Factors in Computing Systems (2004), ACM, 1399--1402. Google ScholarDigital Library
Index Terms
- Duress detection for authentication attacks against multiple administrators
Recommendations
Parallel authentication and public-key encryption
ACISP'03: Proceedings of the 8th Australasian conference on Information security and privacyA parallel authentication and public-key encryption is introduced and exemplified on joint encryption and signing which compares favorably with sequential Encrypt-then-Sign (EtS) or Sign-then-Encrypt (StE) schemes as far as both efficiency and security ...
Attacks and improvements to an RIFD mutual authentication protocol and its extensions
WiSec '09: Proceedings of the second ACM conference on Wireless network securityIn WiSec'08, Song and Mitchell proposed an RFID mutual authentication protocol. Song also extended this protocol for RFID tag ownership transfer. These two protocols are designed to have the most security properties in the literature. We discover that, ...
Network Service Authentication Timing Attacks
The common wisdom is that string comparison timing attacks against a hashed password are impossible. However, these attacks can still be effective if attackers give up on the ideal of stealing all the characters representing the user's password or the ...
Comments