Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
- Discipline
- Publication Year
- Publication Type
Articles 1 - 12 of 12
Full-Text Articles in Physical Sciences and Mathematics
Usability-Driven Security Enhancements In Person-To-Person Communication, Tarun Kumar Yadav
Usability-Driven Security Enhancements In Person-To-Person Communication, Tarun Kumar Yadav
Theses and Dissertations
In the contemporary digital landscape, ensuring secure communication amid widespread data exchange is imperative. This dissertation focuses on enhancing the security and privacy of end-to-end encryption (E2EE) applications while maintaining or improving usability. The dissertation first investigates and proposes improvements in two areas of existing E2EE applications: countering man-in-the-middle and impersonation attacks through automated key verification and studying user perceptions of cryptographic deniability. Insights from privacy-conscious users reveal concerns about the lack of E2EE support, app siloing, and data accessibility by client apps. To address these issues, we propose an innovative user-controlled encryption system, enabling encryption before data reaches the …
Automatic Detection And Prevention Of Fake Key Attacks In Signal, Tarun Kumar Yadav
Automatic Detection And Prevention Of Fake Key Attacks In Signal, Tarun Kumar Yadav
Theses and Dissertations
The Signal protocol provides end-to-end encryption for billions of users in popular instant messaging applications like WhatsApp, Facebook Messenger, and Google Allo. The protocol relies on an app-specific central server to distribute public keys and relay encrypted messages between the users. Signal prevents passive attacks. However, it is vulnerable to some active attacks due to its reliance on a trusted key server. A malicious key server can distribute fake keys to users to perform man-in-the-middle or impersonation attacks. Signal applications support an authentication ceremony to detect these active attacks. However, this places an undue burden on the users to manually …
Towards Using Certificate-Based Authentication As A Defense Against Evil Twins In 802.11 Networks, Travis S. Hendershot
Towards Using Certificate-Based Authentication As A Defense Against Evil Twins In 802.11 Networks, Travis S. Hendershot
Theses and Dissertations
Wireless clients are vulnerable to exploitation by evil twins due to flaws in the authentication process of 802.11 Wi-Fi networks. Current certificate-based wireless authentication protocols present a potential solution, but are limited in their ability to provide a secure and usable platform for certificate validation. Our work seeks to mitigate these limitations by exploring a client-side strategy for utilizing alternative trust models in wireless network authentication. We compile a taxonomy of various trust models for conducting certificate-based authentication of wireless networks and methodically evaluate each model according to desirable properties of security, usability, and deployability. We then build a platform …
Authentication Melee: A Usability Analysis Of Seven Web Authentication Systems, Scott Ruoti
Authentication Melee: A Usability Analysis Of Seven Web Authentication Systems, Scott Ruoti
Theses and Dissertations
Passwords continue to dominate the authentication landscape in spite of numerous proposals to replace them. Even though usability is a key factor in replacing passwords, very few alternatives have been subjected to formal usability studies and even fewer have been analyzed using a standard metric. We report the results of four within-subjects usability studies for seven web authentication systems. These systems span federated, smartphone, paper tokens, and email-based approaches. Our results indicate that participants prefer single sign-on systems. We utilize the Systems Usability Scale (SUS) as a standard metric for empirical analysis and find that it produces reliable, replicable results. …
Framework To Implement Authentication, Authorization And Secure Communications In A Multiuser Collaborative Cax Environment, Francis Mensah
Framework To Implement Authentication, Authorization And Secure Communications In A Multiuser Collaborative Cax Environment, Francis Mensah
Theses and Dissertations
Computer Aided Design (CAD) applications have historically been based on a single user per application architecture. Although this architecture is still popular to date, it does have several drawbacks. First of all the single user CAD architecture inhibits a concurrent engineering design process where several designers can work on the same model simultaneously. This limitation introduces time inefficiency especially when a project involves geographically dispersed designers. A solution to these drawbacks could be a transition from the traditional single user CAD architecture to a multiuser collaborative architecture. Advances in computer networking technologies, especially relating to the Internet, have provided the …
Convenient Decentralized Authentication Using Passwords, Timothy W. Van Der Horst
Convenient Decentralized Authentication Using Passwords, Timothy W. Van Der Horst
Theses and Dissertations
Passwords are a very convenient way to authenticate. In terms of simplicity and portability they are very difficult to match. Nevertheless, current password-based login mechanisms are vulnerable to phishing attacks and typically require users to create and manage a new password for each of their accounts. This research investigates the potential for indirect/decentralized approaches to improve password-based authentication. Adoption of a decentralized authentication mechanism requires the agreement between users and service providers on a trusted third party that vouches for users' identities. Email providers are the de facto trusted third parties on the Internet. Proof of email address ownership is …
Simple, Secure, Selective Delegation In Online Identify Systems, Bryant Gordon Cutler
Simple, Secure, Selective Delegation In Online Identify Systems, Bryant Gordon Cutler
Theses and Dissertations
The ability to delegate privileges to others is so important to users of online identity systems that users create ad hoc delegation systems by sharing authentication credentials if no other easy delegation mechanism is available. With the rise of internet-scale relationship-based single sign-on protocols like OpenID, the security risks of password sharing are unacceptable. We therefore propose SimpleAuth, a simple modification to relationship-based authentication protocols that gives users a secure way to selectively delegate subsets of their privileges, making identity systems more flexible and increasing user security. We also present a proof-of-concept implementation of the SimpleAuth pattern using the sSRP …
Wireless Authentication Using Remote Passwords, Andrew S. Harding
Wireless Authentication Using Remote Passwords, Andrew S. Harding
Theses and Dissertations
Current authentication methods for wireless networks are difficult to maintain. They often rely on globally shared secrets or heavyweight public-key infrastructure. Wireless Authentication using Remote Passwords (WARP) mitigates authentication woes by providing usable mechanisms for both administrators and end-users. Administrators grant access by simply adding users' personal messaging identifiers (e.g., email addresses, IM handles, cell phone numbers) to an access control list. There is no need to store passwords or other account information. Users simply prove ownership of their authorized identifier to obtain wireless access.
Extensible Pre-Authentication In Kerberos, Phillip L. Hellewell
Extensible Pre-Authentication In Kerberos, Phillip L. Hellewell
Theses and Dissertations
Organizations need to provide services to a wide range of people, including strangers outside their local security domain. As the number of users grows larger, it becomes increasingly tedious to maintain and provision user accounts. It remains an open problem to create a system for provisioning outsiders that is secure, flexible, efficient, scalable, and easy to manage. Kerberos is a secure, industry-standard protocol. Currently, Kerberos operates as a closed system; all users must be specified upfront and managed on an individual basis. This paper presents EPAK (Extensible Pre-Authentication in Kerberos), a framework that enables Kerberos to operate as an open …
Digital Receipts: A System To Detect The Compromise Of Digital Certificates, Nathaniel Allen Seeley
Digital Receipts: A System To Detect The Compromise Of Digital Certificates, Nathaniel Allen Seeley
Theses and Dissertations
The ease of copying digital materials creates difficulty in detecting the theft of digital certificates. Uneducated users frequently fail to protect their digital certificate keys by not encrypting them, storing them in insecure places, and using them unwisely. In addition, there is no way to prove that protocols involving certificates are completely secure. This thesis introduces a system to ameliorate these problems by detecting the compromise of digital certificates. It leverages dual logging messages sent via side channels to a trusted third party. This third party correlates these messages and automatically detects when an imposter presents a certificate based on …
Preserving Trust Across Multiple Sessions In Open Systems, Fuk-Wing Thomas Chan
Preserving Trust Across Multiple Sessions In Open Systems, Fuk-Wing Thomas Chan
Theses and Dissertations
Trust negotiation, a new authentication paradigm, enables strangers on the Internet to establish trust through the gradual disclosure of digital credentials and access control policies. Previous research in trust negotiation does not address issues in preserving trust across multiple sessions. This thesis discusses issues in preserving trust between parties who were previously considered strangers. It also describes the design and implementation of trust preservation in TrustBuilder, a prototype trust negotiation system. Preserving trust information can reduce the frequency and cost of renegotiation. A scenario is presented that demonstrates that a server supporting trust preservation can recoup the cost of the …
Trust Negotiation For Authentication And Authorization In Healthcare Information Systems, Charles D. Knutson, Kent E. Seamons, Tore L. Sundelin, David K. Vawdrey
Trust Negotiation For Authentication And Authorization In Healthcare Information Systems, Charles D. Knutson, Kent E. Seamons, Tore L. Sundelin, David K. Vawdrey
Faculty Publications
The expanding availability of health information in an electronic format is strategic for industry-wide efforts to improve the quality and reduce the cnst of health care. The implementation of electronic medical record systems has been hindered by inadequate security provisions. This paper describes the use of frust negotiation as a framework for providing authentication and access control services in healthcare information systems. nust negotiation enables two parties with no pre-existing relationship to establish the trust necessary to perform sensitive transactions via the mutual disclosure of attributes contained within digital credentials. An extension of this system, surrogate irusf negoikiion is introduced …