Show simple item record

dc.contributor.authorChristianson, B.
dc.contributor.authorStajano, Frank
dc.contributor.authorLomas, Mark
dc.contributor.authorJenkinson, Graeme
dc.contributor.authorJeunese, Payne
dc.contributor.authorStafford-Fraser, Quentin
dc.contributor.authorSpencer, Max
dc.date.accessioned2018-08-16T00:02:46Z
dc.date.available2018-08-16T00:02:46Z
dc.date.issued2015-11-25
dc.identifier.citationChristianson , B , Stajano , F , Lomas , M , Jenkinson , G , Jeunese , P , Stafford-Fraser , Q & Spencer , M 2015 , Pico without public keys . in Security Protocols XXIII . Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) , Springer-Verlag, (Berlin-Heidelberg) , pp. 195-211 , Security Protocols XXIII 23rd International Workshop , Cambridge , United Kingdom , 31/03/15 . https://doi.org/10.1007/978-3-319-26096-9_21
dc.identifier.citationconference
dc.identifier.isbn978-3-319-26095-2
dc.identifier.isbn978-3-319-26096-9
dc.identifier.otherPURE: 9233760
dc.identifier.otherPURE UUID: a1d077ea-5a97-4ade-a189-010544233290
dc.identifier.otherScopus: 84952837480
dc.identifier.urihttp://hdl.handle.net/2299/20332
dc.descriptionThis document is the Accepted Manuscript version of the following paper: Frank Stajano, Bruce Christianson, Mark Lomas, Graeme Jenkinson, Jeunese Payne, Max Spencer, and Quentin Stafford Fraser, 'Pico without Public Keys', Security Protocols XXIII, 23rd International Workshop Cambridge, March 31- April 2, 2015, Revised Selected Papers, pp. 195-211, part of the Lecture Notes in Computer Science book series (LNCS, Vol. 9379), first online 25 November 2015, ISBN: 978-3-319-26095-2. The final publication is available at Springer via: https://link.springer.com/chapter/10.1007%2F978-3-319-26096-9_21v.
dc.description.abstractPico is a user authentication system that does not require remembering secrets. It is based on a personal handheld token that holds the user’s credentials and that is unlocked by a “personal aura” generated by digital accessories worn by the owner. The token, acting as prover, engages in a public-key-based authentication protocol with the verifier. What would happen to Pico if success of the mythical quantum computer meant secure public key primitives were no longer available, or if for other reasons such as energy consumption we preferred not to deploy them? More generally, what would happen under those circumstances to user authentication on the web, which relies heavily on public key cryptography through HTTPS/TLS? Although the symmetric-key-vs-public-key debate dates back to the 1990s, we note that the problematic aspects of public key deployment that were identified back then are still ubiquitous today. In particular, although public key cryptography is widely deployed on the web, revocation still doesn’t work. We discuss ways of providing desirable properties of public-key-based user authentication systems using symmetric-key primitives and tamperevident tokens. In particular, we present a protocol through which a compromise of the user credentials file at one website does not require users to change their credentials at that website or any other. We also note that the current prototype of Pico, when working in compatibility mode through the Pico Lens (i.e. with websites that are unaware of the Pico protocols), doesn’t actually use public key cryptography, other than that implicit in TLS. With minor tweaks we adopt this as the native mode for Pico, dropping public key cryptography and achieving much greater deployability without any noteworthy loss in security.en
dc.format.extent17
dc.language.isoeng
dc.publisherSpringer-Verlag, (Berlin-Heidelberg)
dc.relation.ispartofSecurity Protocols XXIII
dc.relation.ispartofseriesLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
dc.titlePico without public keysen
dc.contributor.institutionSchool of Computer Science
dc.contributor.institutionCentre for Computer Science and Informatics Research
rioxxterms.versionAM
rioxxterms.versionofrecordhttps://doi.org/10.1007/978-3-319-26096-9_21
rioxxterms.typeOther
herts.preservation.rarelyaccessedtrue


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record