let s authenticate
play

Lets Authenticate Automated Cryptographic Authentication for the - PowerPoint PPT Presentation

May 02, 2023 •275 likes •737 views

Lets Authenticate Automated Cryptographic Authentication for the Web with Simple Account Recovery James Conners Daniel Zappala Brigham Young University Our focus easy registration/login easy account recovery privacy by design What about

  1. Let’s Authenticate Automated Cryptographic Authentication for the Web with Simple Account Recovery James Conners Daniel Zappala Brigham Young University

  4. Our focus easy registration/login easy account recovery privacy by design

  5. What about WebAuthn? Registration/Login Recovery Privacy

  6. Alice wants to register to Facebook

  7. Username One-Time Challenge Key, UID, Relying Party info

  8. JavaScript Client

  9. User Consent User Consent

  10. Alice wants to register to Amazon

  11. Username One-Time Challenge Key, UID, Relying Party info

  12. JavaScript Client

  13. User Consent User Consent

  14. Potential for authenticator bloat

  15. What happens if Alice loses her authenticator?

  16. Alice wants to recover her Amazon account

  18. Alice needs to register a 2nd authenticator with Amazon

  19. Username One-Time Challenge Key, UID, Relying Party info

  20. JavaScript Client

  21. User Consent User Consent

  22. Privacy leaks and Tracking are possible

  23. Let’s Authenticate Easy Registration/Login Easy account recovery Privacy

  24. Let’s Authenticate Registration/Login

  25. Username/Password

  26. Scan/click the QR code User gives consent

  27. Case 1 Let’s Authenticate Server App sends CSR Returns signed cert App forwards cert to destination Facebook Cryptographic proofs

  28. Case 2 Facebook App forwards cert to destination Cryptographic proofs

  29. Scan/click the QR code User gives consent

  30. Let’s Authenticate Server App sends CSR Returns signed cert App forwards cert to destination Amazon Cryptographic proofs

  31. What happens if Alice loses her authenticator?

  32. Username/Password

  33. Let’s Authenticate Username/Password Returns all certificates

  34. Scan/click the QR code User gives consent

  35. Privacy • Want to avoid colluding websites tracking users • Want to avoid giving Let’s Auth CA information about sites a user authenticates to

  36. Privacy • Each certificate is bound to a unique email address: <uniquecode>@letsauth.org • <uniquecode> = hash(username,password,websiteDomain,salt) • Also makes it easy to reclaim accounts after lost authenticator

  37. Comparing Let’s Authenticate to WebAuthn

  39. What’s Next? • In-depth Security and privacy analysis • In lab and longitudinal user studies • Exploration of different account challenges • Consideration of short-lived certificates VS revocation

  40. Discussion

  45. Persona • Allowed email providers to issue certificates to a user • Simpler registration process since their email was verified • Tracking still possible, unless a user creates a different email for each service • Adoption was an issue as well 4 entities of adoption (Users, Websites, Browsers and Email providers) • • They did provide a fallback identity provider and a cross-browser library, but they were short term solutions

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

To whose taste?: assessing public policy to authenticate &amp; promote Japanese cuisine abroad

To whose taste?: assessing public policy to authenticate &amp; promote Japanese cuisine abroad

To whose taste?: assessing public policy to authenticate &amp; promote Japanese cuisine abroad Christopher Pokarier Waseda University place : food cultures within Japan a dynamic ecology of food enterprises, domestic food practices, supply

729 views • 26 slides
B Three Factors Jointed to secure the user and their transactions A C Renaissance Systems,

B Three Factors Jointed to secure the user and their transactions A C Renaissance Systems,

Renaissance Systems, Inc. Adopts and Promotes Teleworking three-factor authentication (3FA) 3FA As part of our identity management process services we see , the first steps of access control is the identify and authenticate the users.

434 views • 4 slides
1 Overview Introduction DNSSEC mechanisms To authenticate servers (TSIG ) To

1 Overview Introduction DNSSEC mechanisms To authenticate servers (TSIG ) To

Welcome! DNS/DNSSEC Deployment tutorial Champika Wijayatunga &lt;champika@apnic.net&gt; 2 August 2006, Karachi, Pakistan In conjunction with SANOG 8 Background The original DNS protocol wasnt designed with security in mind It has

705 views • 15 slides
Two factor authentication Open, trustworthy and enterprise ready Two factor authentication

Two factor authentication Open, trustworthy and enterprise ready Two factor authentication

Version 1.0 Cornelius Klbel (corny@cornelinux.de) May 2014 (CC BY-NC-SA 4.0) Everybody knows that a password - be it simple or even complex - is a potential vulnerability. Two factor authentication is the way to authenticate a user not only

400 views • 5 slides
Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a precondition How to authenticate: Something you know Password, Secrets Something you have Smart Card, Token Something you are Biometrie

607 views • 4 slides
Complex architectures for authentication and authorization on AWS Boyan Dimitrov Director

Complex architectures for authentication and authorization on AWS Boyan Dimitrov Director

Complex architectures for authentication and authorization on AWS Boyan Dimitrov Director Platform Engineering @ Sixt @nathariel September 2019 Our Focus Today ? Authenticate Key patterns for authentication &amp; Authorize and

510 views • 38 slides
User Authentication Passport Jason Situ Passport What is it? Passport is authentication

User Authentication Passport Jason Situ Passport What is it? Passport is authentication

User Authentication Passport Jason Situ Passport What is it? Passport is authentication middleware for Node. It is designed to serve a singular purpose: authenticate requests. Supports a comprehensive set of authentication mechanisms called

808 views • 16 slides
Telco-driven Decentralized Identity Network Kang-Won Lee, Ph.D. Head of Cloud Labs Too

Telco-driven Decentralized Identity Network Kang-Won Lee, Ph.D. Head of Cloud Labs Too

Telco-driven Decentralized Identity Network Kang-Won Lee, Ph.D. Head of Cloud Labs Too expensive! I prefer free WiFi 44M people in 2018* * Korea Tourism Organization 2 3 67% of global population** MNOs have a right to authenticate

358 views • 22 slides
The (Decentralized) USENIX Security 2011 Peter Eckersley Jesse Burns EFF iSEC SSL/TLS

The (Decentralized) USENIX Security 2011 Peter Eckersley Jesse Burns EFF iSEC SSL/TLS

The (Decentralized) USENIX Security 2011 Peter Eckersley Jesse Burns EFF iSEC SSL/TLS : Earth's most popular cryptographic system How strong is this infrastructure? at best, as good as its ability to authenticate the other party

1.18k views • 76 slides
Cycle counts for authenticated encryption D. J. Bernstein http://cr.yp.to /streamciphers

Cycle counts for authenticated encryption D. J. Bernstein http://cr.yp.to /streamciphers

Cycle counts for authenticated encryption D. J. Bernstein http://cr.yp.to /streamciphers /timings.html Standard construction: encrypt with stream cipher; authenticate the ciphertext by appending encrypted hash. How to hash the ciphertext?

323 views • 4 slides
Mary Ellen Zurko (aka Mez) mez@alum.mit.edu 1 2 Security the way Tim intended Server

Mary Ellen Zurko (aka Mez) mez@alum.mit.edu 1 2 Security the way Tim intended Server

Mary Ellen Zurko (aka Mez) mez@alum.mit.edu 1 2 Security the way Tim intended Server says: WWW-Authenticate: Basic realm=&quot; insert realm User prompted for their password Client says: Authorization: Basic

1.49k views • 70 slides
The Future of the Discrete Logarithm Gerhard Frey Institute for Experimental Mathematics

The Future of the Discrete Logarithm Gerhard Frey Institute for Experimental Mathematics

The Future of the Discrete Logarithm Gerhard Frey Institute for Experimental Mathematics University of Essen frey@exp-math.uni-essen.de 1 1 Abstract DL-Systems We want exchange keys sign authenticate (encrypt and decrypt)

410 views • 38 slides
Packet Validation in the Network Environments Yingdi Yu UCLA 1 Packet Authentication How

Packet Validation in the Network Environments Yingdi Yu UCLA 1 Packet Authentication How

Packet Validation in the Network Environments Yingdi Yu UCLA 1 Packet Authentication How to authenticate a data packet containing the electricity usage of a room at certain time? Data is signed, but how to verify the signature?

224 views • 19 slides
EM EMVS Nationa nal Bl Bluepri rint System A Technical Overview for Pharmacies and

EM EMVS Nationa nal Bl Bluepri rint System A Technical Overview for Pharmacies and

EM EMVS Nationa nal Bl Bluepri rint System A Technical Overview for Pharmacies and Wholesalers Charles Young Lo Local System De Desig ign Lo Local User r Authori risation NBS does not authenticate or authorise local users for

357 views • 15 slides
Semi-Secure Semi-Secure where a hash is a secure one-way function. A cookie is a bit of state

Semi-Secure Semi-Secure where a hash is a secure one-way function. A cookie is a bit of state

One-Slide Summary Users often authenticate themselves by providing passwords. We store and compare hashes of passwords, Semi-Secure Semi-Secure where a hash is a secure one-way function. A cookie is a bit of state associated with a webpage

103 views • 9 slides
Perspectives of the Discrete Logarithm Systems Gerhard Frey Institute for Experimental

Perspectives of the Discrete Logarithm Systems Gerhard Frey Institute for Experimental

Perspectives of the Discrete Logarithm Systems Gerhard Frey Institute for Experimental Mathematics University of Duisburg-Essen frey@exp-math.uni-essen.de 1 1 Abstract DL-Systems We want exchange keys sign authenticate

841 views • 53 slides
Network Access Security Torino, IT March 4 th , 2005 Carsten Bormann &lt;cabo@tzi.de&gt;

Network Access Security Torino, IT March 4 th , 2005 Carsten Bormann &lt;cabo@tzi.de&gt;

An introduction to Network Access Security Torino, IT March 4 th , 2005 Carsten Bormann &lt;cabo@tzi.de&gt; Overview Network Access Security: Traditions WLAN Security WLAN Roaming 2 Overview Network Access Security:

782 views • 20 slides
How does TLS know this is really the Google web site? Google Authenticating the Server web

How does TLS know this is really the Google web site? Google Authenticating the Server web

How does TLS know this is really the Google web site? Google Authenticating the Server web site ? Public Key Private Key 1. Did we reach the intended web server? 2. Did we receive the servers public key? https://www.google.com Google

423 views • 16 slides
Securing Internet Communication: TLS CS 161: Computer Security Prof. Vern Paxson TAs: Paul

Securing Internet Communication: TLS CS 161: Computer Security Prof. Vern Paxson TAs: Paul

Securing Internet Communication: TLS CS 161: Computer Security Prof. Vern Paxson TAs: Paul Bramsen, Apoorva Dornadula, David Fifield, Mia Gil Epner, David Hahn, Warren He, Grant Ho, Frank Li, Nathan Malkin, Mitar Milutinovic, Rishabh Poddar,

873 views • 56 slides
Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Authentication Establish and verify identity allow access to resources Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as otherwise noted, the content of this presentation is licensed under the

228 views • 10 slides
Kerberos and Single Sign-On with HTTP Joe Orton Senior Software Engineer, Red Hat Overview

Kerberos and Single Sign-On with HTTP Joe Orton Senior Software Engineer, Red Hat Overview

Kerberos and Single Sign-On with HTTP Joe Orton Senior Software Engineer, Red Hat Overview Introduction The Problem Current Solutions Future Solutions Conclusion Introduction WebDAV: common complaint of poor

481 views • 26 slides
1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

Authentication Protocols Guevara Noubir College of Computer and Information Science Northeastern University noubir@ccs.neu.edu Outline Overview of Authentication Systems [Chapter 9] Authentication of People [Chapter 10]

396 views • 17 slides
Lecture 4 - Authorization CMPSC 443 - Spring 2012 Introduction Computer and Network Security

Lecture 4 - Authorization CMPSC 443 - Spring 2012 Introduction Computer and Network Security

Lecture 4 - Authorization CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Why

1.06k views • 22 slides
Pushed Authorization Requests https://tools.ietf.org/html/draft-lodderstedt-oauth-par IETF-106,

Pushed Authorization Requests https://tools.ietf.org/html/draft-lodderstedt-oauth-par IETF-106,

Pushed Authorization Requests https://tools.ietf.org/html/draft-lodderstedt-oauth-par IETF-106, 21.11.2019, Singapore Brian Campbell, Nat Sakimura, Dave Tonge, Filip Skokan, Torsten Lodderstedt { &quot;userinfo&quot;:{

340 views • 16 slides

More recommend