Is it too late for PAKE? John Engler (UC Berkeley) Chris Karlof - - PowerPoint PPT Presentation

is it too late for pake
SMART_READER_LITE
LIVE PREVIEW

Is it too late for PAKE? John Engler (UC Berkeley) Chris Karlof - - PowerPoint PPT Presentation

Mar 31, 2024 99 likes •206 views

Is it too late for PAKE? John Engler (UC Berkeley) Chris Karlof Elaine Shi Dawn Song (Usable Security (PARC) (UC Berkeley) Systems) What is PAKE? Password Authenticated Key Exchange 1 Enter Password 2 Crypto

slide-1
SLIDE 1

Is it too late for PAKE?

Chris Karlof Elaine Shi Dawn Song

(Usable Security (PARC) (UC Berkeley) Systems)

John Engler (UC Berkeley)

slide-2
SLIDE 2

What is PAKE?

  • Password Authenticated Key Exchange

1 Enter Password 2 Crypto Protocol 3 Generate Session Key

slide-3
SLIDE 3

Why PAKE?

  • Password not transmitted
  • Mutual Authentication
slide-4
SLIDE 4

T wo Hurdles

  • Secure password entry
  • Branding and message
slide-5
SLIDE 5

Problem: Mimicry Attacks

slide-6
SLIDE 6

Possible Solution: Secure UI

Oiwa, et al. MAP-HTTP's In-chrome Login Rachna, et al. Dynamic Security Skin Login

slide-7
SLIDE 7

Problem: Confusion Attacks

slide-8
SLIDE 8

Problem: Branding and Messaging

slide-9
SLIDE 9

Conclusion

  • More issues remain:

– User Training – Implementation – Deployment

  • PAKE: Potential benefits but hurdles.
  • Full Paper:Firefox implemenation:

http://webblaze.cs.berkeley.edu/2009/pake/