University of Cambridge > Talks.cam > Computer Laboratory Digital Technology Group (DTG) Meetings > Better authentication: password revolution by evolution

Better authentication: password revolution by evolution

Add to your list(s) Download to your calendar using vCal

If you have a question about this talk, please contact Andrew Rice.

Users authenticate in multiple security domains: at work, at home and to third parties. This is mostly done with passwords, with several shared across many domains. This does not scale well when a device or domain is compromised. We would rather not trust systems not owned by the user. The problems with passwords are well known and yet they are not replaced. With protocols like SSH they are replaced by public-key cryptography where one public SSH key is distributed to many security domains. However that does not work for physically proximate devices or in other contexts requiring password input. We propose a one time token system based on public keys that is backwards compatible with passwords and hence deployable. Our solution proposes a new verification function that does not trust the verifier or expose the user to brute force attacks and allows users to monitor their credentials and revoke access in the case of compromise.

This is a practice talk for the Security Protocols Workshop (2014-03-19—2014-03-21) the maximum time including questions is half an hour and interruptions for questions are encouraged.

This talk is part of the Computer Laboratory Digital Technology Group (DTG) Meetings series.

Tell a friend about this talk:

This talk is included in these lists:

Note that ex-directory lists are not shown.

 

© 2006-2021 Talks.cam, University of Cambridge. Contact Us | Help and Documentation | Privacy and Publicity