Research output: Chapter in Book/Report/Conference proceeding › Conference contribution
Pico without public keys. / Christianson, B.; Stajano, Frank; Lomas, Mark; Jenkinson, Graeme ; Jeunese, Payne; Stafford-Fraser, Quentin; Spencer, Max.
Security Protocols XXIII. Springer-Verlag, (Berlin-Heidelberg), 2015. p. 195-211 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).Research output: Chapter in Book/Report/Conference proceeding › Conference contribution
}
TY - GEN
T1 - Pico without public keys
AU - Christianson, B.
AU - Stajano, Frank
AU - Lomas, Mark
AU - Jenkinson, Graeme
AU - Jeunese, Payne
AU - Stafford-Fraser, Quentin
AU - Spencer, Max
N1 - This document is the Accepted Manuscript version of the following paper: Frank Stajano, Bruce Christianson, Mark Lomas, Graeme Jenkinson, Jeunese Payne, Max Spencer, and Quentin Stafford Fraser, 'Pico without Public Keys', Security Protocols XXIII, 23rd International Workshop Cambridge, March 31- April 2, 2015, Revised Selected Papers, pp. 195-211, part of the Lecture Notes in Computer Science book series (LNCS, Vol. 9379), first online 25 November 2015, ISBN: 978-3-319-26095-2. The final publication is available at Springer via: https://link.springer.com/chapter/10.1007%2F978-3-319-26096-9_21v.
PY - 2015/11/25
Y1 - 2015/11/25
N2 - Pico is a user authentication system that does not requireremembering secrets. It is based on a personal handheld token that holdsthe user’s credentials and that is unlocked by a “personal aura” generatedby digital accessories worn by the owner. The token, acting as prover,engages in a public-key-based authentication protocol with the verifier.What would happen to Pico if success of the mythical quantum computermeant secure public key primitives were no longer available, or if forother reasons such as energy consumption we preferred not to deploythem? More generally, what would happen under those circumstancesto user authentication on the web, which relies heavily on public keycryptography through HTTPS/TLS?Although the symmetric-key-vs-public-key debate dates back to the 1990s,we note that the problematic aspects of public key deployment that wereidentified back then are still ubiquitous today. In particular, althoughpublic key cryptography is widely deployed on the web, revocation stilldoesn’t work.We discuss ways of providing desirable properties of public-key-baseduser authentication systems using symmetric-key primitives and tamperevidenttokens. In particular, we present a protocol through which acompromise of the user credentials file at one website does not requireusers to change their credentials at that website or any other.We also note that the current prototype of Pico, when working in compatibilitymode through the Pico Lens (i.e. with websites that are unawareof the Pico protocols), doesn’t actually use public key cryptography,other than that implicit in TLS. With minor tweaks we adopt this as thenative mode for Pico, dropping public key cryptography and achievingmuch greater deployability without any noteworthy loss in security.
AB - Pico is a user authentication system that does not requireremembering secrets. It is based on a personal handheld token that holdsthe user’s credentials and that is unlocked by a “personal aura” generatedby digital accessories worn by the owner. The token, acting as prover,engages in a public-key-based authentication protocol with the verifier.What would happen to Pico if success of the mythical quantum computermeant secure public key primitives were no longer available, or if forother reasons such as energy consumption we preferred not to deploythem? More generally, what would happen under those circumstancesto user authentication on the web, which relies heavily on public keycryptography through HTTPS/TLS?Although the symmetric-key-vs-public-key debate dates back to the 1990s,we note that the problematic aspects of public key deployment that wereidentified back then are still ubiquitous today. In particular, althoughpublic key cryptography is widely deployed on the web, revocation stilldoesn’t work.We discuss ways of providing desirable properties of public-key-baseduser authentication systems using symmetric-key primitives and tamperevidenttokens. In particular, we present a protocol through which acompromise of the user credentials file at one website does not requireusers to change their credentials at that website or any other.We also note that the current prototype of Pico, when working in compatibilitymode through the Pico Lens (i.e. with websites that are unawareof the Pico protocols), doesn’t actually use public key cryptography,other than that implicit in TLS. With minor tweaks we adopt this as thenative mode for Pico, dropping public key cryptography and achievingmuch greater deployability without any noteworthy loss in security.
U2 - 10.1007/978-3-319-26096-9_21
DO - 10.1007/978-3-319-26096-9_21
M3 - Conference contribution
SN - 978-3-319-26095-2
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 195
EP - 211
BT - Security Protocols XXIII
PB - Springer-Verlag, (Berlin-Heidelberg)
T2 - Security Protocols XXIII 23rd International Workshop
Y2 - 31 March 2015 through 2 April 2015
ER -