related work
play

Related work SQRL design details Research questions Research - PowerPoint PPT Presentation

May 19, 2023 •137 likes •394 views

A closer look at SQRL Agenda SQRL introduction Related work SQRL design details Research questions Research method Research findings Conclusion UvA-SNE-RP1 presentation 1 A closer look at SQRL SQRL introduction:

  1. A closer look at SQRL Agenda • SQRL introduction • Related work • SQRL design details • Research questions • Research method • Research findings • Conclusion UvA-SNE-RP1 presentation 1

  2. A closer look at SQRL SQRL introduction: trigger Secure Quick Reliable Login UvA-SNE-RP1 presentation 2

  3. A closer look at SQRL SQRL introduction: how it works QR-scanning QR-tapping QR-clicking UvA-SNE-RP1 presentation 3

  4. A closer look at SQRL SQRL introduction: design goals  SSO  2FA  out-of-band (OOB) authentication  no secret(s) exchange  anonymity  no (additional) TTP  low friction deployment UvA-SNE-RP1 presentation 4

  5. A closer look at SQRL Related work: SSO • Open standards • OpenID • TiQR UvA-SNE-RP1 presentation 5

  6. A closer look at SQRL SQRL design details: crypto ID site (fixed) specific secret 1-F secret Elliptic Brute 2-F Curve Force UvA-SNE-RP1 presentation 6

  7. A closer look at SQRL SQRL design details: more crypto Compromised ID ? • ID revocation support • proves ID ownership • uses additional keys • Lock (disable) • Unlock (enable/change) UvA-SNE-RP1 presentation 7

  8. A closer look at SQRL SQRL design details: messages UvA-SNE-RP1 presentation 8

  9. A closer look at SQRL Research questions • How does SQRL improve authentication security compared to related solutions? • What does SQRL offer to both parties? • What constraints must be met to guaranty this behaviour? • What additional features are relevant to extend deployability? • What attacks remain feasible and what countermeasures are to be considered? UvA-SNE-RP1 presentation 9

  10. A closer look at SQRL Research method: attacks • Attacks exploit vulnerabilities • Causes of vulnerabilities • design errors • implementation errors • user mistakes UvA-SNE-RP1 presentation 10

  11. A closer look at SQRL Research method: attacks • Attacks exploit vulnerabilities • Causes of vulnerabilities • design: • uses TLS • covers MiTM • covers eavesdropping • uses HMAC • no reverse operation • uses scrypt • covers brute-force UvA-SNE-RP1 presentation 11

  12. A closer look at SQRL Research method: attacks • Attacks exploit vulnerabilities • Causes of vulnerabilities • design errors • implementation errors • no current (mature) app/server UvA-SNE-RP1 presentation 12

  13. A closer look at SQRL Research method: attacks • Attacks exploit vulnerabilities • Causes of vulnerabilities • design errors • implementation errors • user mistakes UvA-SNE-RP1 presentation 13

  14. A closer look at SQRL Research method: attacks SQRL user interaction • SQRL-app installation • SQRL Identity password generation & use • SQRL Master Key backup & restore • SQRL (Un)lock Key backup & restore SQRL design dependencies • Responsible users • No malware installed • No shoulder surfing • Master Key safely stored (QR on paper) • (Un)lock Key safely stored (QR on paper) UvA-SNE-RP1 presentation 14

  15. A closer look at SQRL Research findings: attacks Malware needs to be Crypto in crypto-chip addressed UvA-SNE-RP1 presentation 15

  16. A closer look at SQRL Research findings: attacks Malware needs to be Crypto in nfc-chip addressed UvA-SNE-RP1 presentation 16

  17. A closer look at SQRL Research findings: research question 2 • What additional features are relevant to extend deployability? • Site-specific key-pairs -E-mail -Membership -Registration UvA-SNE-RP1 presentation 17

  18. A closer look at SQRL Research findings: research question 1 How does SQRL improve authentication security compared to related solutions? • What does SQRL offer to both parties? • What constraints must be met to guaranty this behaviour? SSO 2FA out-of-band (OOB) authentication no secret(s) exchange anonymity no (aditional) TTP ID revocation facility UvA-SNE-RP1 presentation 18

  19. A closer look at SQRL Related work: SSO-Open standards • SURF net • OCRA (OATH Challenge Response Algorithm) RFC6287 UvA-SNE-RP1 presentation 19

  20. A closer look at SQRL Related work: SSO-Open standards • OpenID Authentication 2.0 • Support of algorithms (not prescribed) UvA-SNE-RP1 presentation 20

  21. A closer look at SQRL Related work: SSO-Open standards TiQR OpenID SQRL  (?)   SSO   2FA ?   OOB ? Ҳ  No secret(s) exchange ?  (?)  Anonymity ?   Ҳ No (additional) TTP    Low Friction Deploy Ҳ  ID revocation ? 21 UvA-SNE-RP1 presentation

  22. A closer look at SQRL Research findings: research question 1 How does SQRL improve authentication security compared to related solutions? • What does SQRL offer to both parties? • What constraints must be met to guaranty this behaviour? User: • SSO • 2FA security • anonymity • no cross- site coupling of ID’s • ID revocation support Website: • authenticated identity • alongside alternative solutions UvA-SNE-RP1 presentation 22

  23. A closer look at SQRL Research findings: research question 1 How does SQRL improve authentication security compared to related solutions? • What does SQRL offer to both parties? • What constraints must be met to guaranty this behaviour? • HTTP over TLS • user responsibility/awareness UvA-SNE-RP1 presentation 23

  24. A closer look at SQRL Conclusion SQRL is • open • no new technology • a combination of Best Practices • unique in its offered properties • not operational yet SQRL depends on • responsible users SQRL needs • additional secret protection UvA-SNE-RP1 presentation 24

  25. A closer look at SQRL Questions UvA-SNE-RP1 presentation 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Epistemic Answer Set Programming Ezgi Iraz Su CILC 2019 @ Trieste, ITALY, June 2019 1 / 39

Epistemic Answer Set Programming Ezgi Iraz Su CILC 2019 @ Trieste, ITALY, June 2019 1 / 39

Introduction Related Work Related Work Related Work Our contribution Future Work Epistemic Answer Set Programming Ezgi Iraz Su CILC 2019 @ Trieste, ITALY, June 2019 1 / 39 Introduction Related Work Related Work Related Work Our

868 views • 44 slides
joint work with J. Baumgartner IBM Corporation USA This work is related to a Date 2013

joint work with J. Baumgartner IBM Corporation USA This work is related to a Date 2013

Fast Cone-Of-Influence Computation and Estimation in Problems with Multiple Properties C. Loiacono , M. Palena, P. Pasini, D. Patti, S. Quer, S. Ricossa, D. Vendraminetto joint work with J. Baumgartner IBM Corporation USA This work is related

811 views • 24 slides
TAPPING THE POTENTIAL FOR REDUCING WORK-RELATED ROAD DEATHS AND INJURIES 23 October 2017,

TAPPING THE POTENTIAL FOR REDUCING WORK-RELATED ROAD DEATHS AND INJURIES 23 October 2017,

TAPPING THE POTENTIAL FOR REDUCING WORK-RELATED ROAD DEATHS AND INJURIES 23 October 2017, Brussels #PIN2017 Deirdre Sinnott McFeat on behalf of Work Related Road Collisions Work related road deaths involve: Workers Occupational road

621 views • 22 slides
Case Law Update 2017 Work related and non work related injury Lower court applied

Case Law Update 2017 Work related and non work related injury Lower court applied

10/3/2017 Flug v. Wal Mart Associates, Inc., 2017 Wis. 72 (2017) Case Law Update 2017 Work related and non work related injury Lower court applied 102.42(1m) Inconceivable decisions from the Supreme Court found the Statute did not

439 views • 6 slides
HSE Demands And more demands Does it have to be this way The truth about work-related stress

HSE Demands And more demands Does it have to be this way The truth about work-related stress

Stress and Wellbeing Peter J Kelly HSE Demands And more demands Does it have to be this way The truth about work-related stress No one definition but plenty of Google entries. HSE defines work-related stress as: the adverse

436 views • 25 slides
LIABILITIES RELATED TO WORK ACCIDENTS: THE EXAMPLE OF HARASSMENT

LIABILITIES RELATED TO WORK ACCIDENTS: THE EXAMPLE OF HARASSMENT

LIABILITIES RELATED TO WORK ACCIDENTS: THE EXAMPLE OF HARASSMENT AND VIOLENCE AT WORK 1. Seminars goal and content - DefiniIon and concept -

460 views • 9 slides
2 Related Work and Background 2.2 Aho-Corasick Algorithm 2.1 Related Work A class of

2 Related Work and Background 2.2 Aho-Corasick Algorithm 2.1 Related Work A class of

Multi-Core Architecture on FPGA for Large Dictionary String Matching Qingbo Wang, Viktor K. Prasanna Ming Hsieh Department of Electrical Engineering University of Southern California Los Angeles, CA 90089-2562 qingbow, prasanna@usc.edu

388 views • 8 slides
Challenges for healthcare Profession : work related stress Peter J Kelly HSE What we know

Challenges for healthcare Profession : work related stress Peter J Kelly HSE What we know

Challenges for healthcare Profession : work related stress Peter J Kelly HSE What we know about the Current Situation The Current climate offers some challenges and unique opportunities for the management of work related stress in

271 views • 13 slides
Through the Workers Eyes Developing Learning Activities with Work-Related Documents Workshop

Through the Workers Eyes Developing Learning Activities with Work-Related Documents Workshop

Through the Workers Eyes Developing Learning Activities with Work-Related Documents Workshop framework Whats the point? Review of Essential Skills Collecting work-related documents Developing worker-focused learning activities

889 views • 87 slides
have consistently and testing. Id. The defective work related The focal point of the J.S.U.B.

have consistently and testing. Id. The defective work related The focal point of the J.S.U.B.

General Contractors, General Contractors-- There is Coverage Under the CGL Policy for Defective Work' Pe ormed by a Subcontractor Presented by Wm. Cary Wright 7, Carlton Fields, P.A. have consistently and testing. Id. The defective work related The

322 views • 3 slides
Outline Introduction Motivation & related work Existing visualizers Proposed

Outline Introduction Motivation & related work Existing visualizers Proposed

CloseViz: Visualizing Useful Patterns Chris Carmichael Carson K. Leung Department of Computer Science Th The University of Manitoba, Canada U i it f M it b C d UP @ KDD 2010 Outline Introduction Motivation & related work

375 views • 14 slides
Karthik Dinakar MAS 771 Brief introduction of problem space Prior & related work

Karthik Dinakar MAS 771 Brief introduction of problem space Prior & related work

Karthik Dinakar MAS 771 Brief introduction of problem space Prior & related work Algorithmic approach Demonstration Evaluation Limitations Future Work & lessons learned Pragmatic language impairment [Bishop

360 views • 15 slides
1 Related Work Related Work Related Work Related Work Gromov-Hausdorff Gromov-Hausdorff

1 Related Work Related Work Related Work Related Work Gromov-Hausdorff Gromov-Hausdorff

Goal: Find a map between surfaces Goal: Find a map between surfaces Blended Intrinsic Maps Blended Intrinsic Maps Vladimir G. Kim Vladimir G. Kim Yaron Lipman Yaron Lipman Thomas Funkhouser Thomas Funkhouser Princeton University Goal:

242 views • 10 slides
Why Mahatma Gandhi NREGA in an ILO Retreat Comprehensive range of issues Worker related

Why Mahatma Gandhi NREGA in an ILO Retreat Comprehensive range of issues Worker related

Why Mahatma Gandhi NREGA in an ILO Retreat Comprehensive range of issues Worker related Targeting Rights and entitlements Wages Work related Nature of work Social Safety Net Employer of Last Resort

1.45k views • 55 slides
Contents 1 Backgrounds 2 Related Work 3 IOVTee 4 Evaluation 5 Conclusion 2

Contents 1 Backgrounds 2 Related Work 3 IOVTee 4 Evaluation 5 Conclusion 2

Best Paper Award IOVTee : A Fast and Pragmatic Software-based Zero-copy/Pass-through Mechanism for NFV-nodes Assist. Prof. Ryota Kawashima Nagoya Institute of Technology, Japan 1 Contents 1 Backgrounds 2 Related Work 3 IOVTee 4

483 views • 24 slides
Unhealthy ICT Related (Work) Practices What are they? How might we measure them? Exploring Big

Unhealthy ICT Related (Work) Practices What are they? How might we measure them? Exploring Big

Unhealthy ICT Related (Work) Practices What are they? How might we measure them? Exploring Big Data to Examine Employee Health and Well-Being Seminar Series, February 26, 2016 at Sheffield University Management School Noelle Chesley, Sociology

406 views • 8 slides
Authentication Using Graphical Password: Effects of Increased Security on Usability William M.

Authentication Using Graphical Password: Effects of Increased Security on Usability William M.

Authentication Using Graphical Password: Effects of Increased Security on Usability William M. Martin Aaron G. Cass March 3, 2018 Introduction 01 Human Computer Interface Security (HCIsec) 02 Password Problem 03 Graphical User

633 views • 31 slides
Authorized Tall lly Sales, Service, Integrator & Extender Partner www.dexterityindia.com

Authorized Tall lly Sales, Service, Integrator & Extender Partner www.dexterityindia.com

Authorized Tall lly Sales, Service, Integrator & Extender Partner www.dexterityindia.com %%&%% !'!

240 views • 20 slides
RWIS Automated Advisory System Centralized advisory system for the control of Dynamic Message

RWIS Automated Advisory System Centralized advisory system for the control of Dynamic Message

RWIS Automated Advisory System Centralized advisory system for the control of Dynamic Message Signs Presented by: Jeremy Duensing Product Manager Schneider Electric Presentation Learning Outcomes Weather can have large impacts on small

785 views • 30 slides
for your FC/IE Initiatives IFIE Webinar 12/02/2014 Overview Context Monitoring &

for your FC/IE Initiatives IFIE Webinar 12/02/2014 Overview Context Monitoring &

Building an Evaluation Toolkit for your FC/IE Initiatives IFIE Webinar 12/02/2014 Overview Context Monitoring & Evaluation Objectives Evaluation criteria Analysis of proposals received Conclusions 2 Context

568 views • 17 slides
Keys to the Kingdom A presentation to: E-Business 2008 Mike Auty E-Security at WDL Date: 16 th

Keys to the Kingdom A presentation to: E-Business 2008 Mike Auty E-Security at WDL Date: 16 th

Keys to the Kingdom A presentation to: E-Business 2008 Mike Auty E-Security at WDL Date: 16 th October 2008 Overview Securing Systems Passwords Storing Passwords Guessing Passwords What can I do about it?

518 views • 16 slides
THE PHI PROJECT THE FINANCIAL IMPACT OF BREACHED PROTECTED HEALTH INFORMATION A

THE PHI PROJECT THE FINANCIAL IMPACT OF BREACHED PROTECTED HEALTH INFORMATION A

THE PHI PROJECT THE FINANCIAL IMPACT OF BREACHED PROTECTED HEALTH INFORMATION A BUSINESS CASE FOR ENHANCED PHI SECURITY THE PHI PROJECT REQUIRED: Enhanced programs for safeguarding Protected Health Information (PHI) WHO:

436 views • 29 slides
CYBER - SECURITY PART 2 Keeping you safe in an electronic age David Gibb, Cyber Protect Officer,

CYBER - SECURITY PART 2 Keeping you safe in an electronic age David Gibb, Cyber Protect Officer,

CYBER - SECURITY PART 2 Keeping you safe in an electronic age David Gibb, Cyber Protect Officer, Essex Police Barry Linton, Thorpe Bay U3A Thorpe Bay U3A HOW DO I PROTECT MYSELF 2 ALL ABOUT PASSWORDS Change your passwords regularly.

425 views • 27 slides
Identifying & Addressing Health-Harming Legal Issues www.comm communit nityle

Identifying & Addressing Health-Harming Legal Issues www.comm communit nityle

Justice & Health Partnership Workshop Series: Identifying & Addressing Health-Harming Legal Issues www.comm communit nityle ylega galcen lcentr treca eca 158 George Street, Level 1 Toll Free: 1-877-966-8686 Belleville,

447 views • 31 slides

More recommend