TU Darmstadt / ULB / TUbiblio

ZeTA - Zero-Trust Authentication: Relying on Innate Human Ability, not Technology

Gutmann, Andreas and Renaud, Karen and Maguire, Joseph and Mayer, Peter and Volkamer, Melanie and Matsuura, Kanta and Müller-Quade, Jörn (2016):
ZeTA - Zero-Trust Authentication: Relying on Innate Human Ability, not Technology.
In: 2016 IEEE European Symposium on Security and Privacy (EuroS&P), IEEE, Saarbrucken, DOI: 10.1109/EuroSP.2016.35,
[Conference or Workshop Item]

Abstract

Reliable authentication requires the devices and channels involved in the process to be trustworthy; otherwise authentication secrets can easily be compromised. Given the unceasing efforts of attackers worldwide such trustworthiness is increasingly not a given. A variety of technical solutions, such as utilising multiple devices/channels and verification protocols, has the potential to mitigate the threat of untrusted communications to a certain extent. Yet such technical solutions make two assumptions: (1) users have access to multiple devices and (2) attackers will not resort to hacking the human, using social engineering techniques.

In this paper, we propose and explore the potential of using human-based computation instead of solely technical solutions to mitigate the threat of untrusted devices and channels. ZeTA (Zero Trust Authentication on untrusted channels) has the potential to allow people to authenticate despite compromised channels or communications and easily observed usage.

Our contributions are threefold: (1) We propose the ZeTA protocol with a formal definition and security analysis that utilises semantics and human-based computation to ameliorate the problem of untrusted devices and channels. (2) We outline a security analysis to assess the envisaged performance of the proposed authentication protocol. (3) We report on a usability study that explores the viability of relying on human computation in this context.

Item Type: Conference or Workshop Item
Erschienen: 2016
Creators: Gutmann, Andreas and Renaud, Karen and Maguire, Joseph and Mayer, Peter and Volkamer, Melanie and Matsuura, Kanta and Müller-Quade, Jörn
Title: ZeTA - Zero-Trust Authentication: Relying on Innate Human Ability, not Technology
Language: English
Abstract:

Reliable authentication requires the devices and channels involved in the process to be trustworthy; otherwise authentication secrets can easily be compromised. Given the unceasing efforts of attackers worldwide such trustworthiness is increasingly not a given. A variety of technical solutions, such as utilising multiple devices/channels and verification protocols, has the potential to mitigate the threat of untrusted communications to a certain extent. Yet such technical solutions make two assumptions: (1) users have access to multiple devices and (2) attackers will not resort to hacking the human, using social engineering techniques.

In this paper, we propose and explore the potential of using human-based computation instead of solely technical solutions to mitigate the threat of untrusted devices and channels. ZeTA (Zero Trust Authentication on untrusted channels) has the potential to allow people to authenticate despite compromised channels or communications and easily observed usage.

Our contributions are threefold: (1) We propose the ZeTA protocol with a formal definition and security analysis that utilises semantics and human-based computation to ameliorate the problem of untrusted devices and channels. (2) We outline a security analysis to assess the envisaged performance of the proposed authentication protocol. (3) We report on a usability study that explores the viability of relying on human computation in this context.

Title of Book: 2016 IEEE European Symposium on Security and Privacy (EuroS&P)
Publisher: IEEE
Uncontrolled Keywords: Security, Usability and Society;Secure Protocols;authentication;authentication secrets;human computation;innate human ability;reliable authentication;untrusted communications;untrusted devices;semantics;usability;usability study
Divisions: LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
20 Department of Computer Science > SECUSO - Security, Usability and Society
20 Department of Computer Science > Kryptographische Protokolle
Profile Areas > Cybersecurity (CYSEC)
LOEWE > LOEWE-Zentren
20 Department of Computer Science
Profile Areas
LOEWE
Event Location: Saarbrucken
Date Deposited: 28 Jul 2016 18:35
DOI: 10.1109/EuroSP.2016.35
Identification Number: TUD-CS-2016-0007
Related URLs:
Export:
Suche nach Titel in: TUfind oder in Google

Optionen (nur für Redakteure)

View Item View Item