Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
ZeTA - Zero-Trust Authentication: Relying on Innate Human Ability, not Technology
Tech Univ Darmstadt, Darmstadt, Germany.
Glasgow University, Scotland.
Glasgow University, Scotland.
Tech Univ Darmstadt, Darmstadt, Germany.
Show others and affiliations
2016 (English)In: 2016 IEEE European Symposium on Security and Privacy (EuroS&P), IEEE, 2016, 357-371 p.Conference paper, Published paper (Refereed)
Abstract [en]

Reliable authentication requires the devices and channels involved in theprocess to be trustworthy; otherwise authentication secrets can easily becompromised. Given the unceasing efforts of attackers worldwide suchtrustworthiness is increasingly not a given. A variety of technicalsolutions, such as utilising multiple devices/channels and verificationprotocols, has the potential to mitigate the threat of untrustedcommunications to a certain extent. Yet such technical solutions make twoassumptions: (1) users have access to multiple devices and (2) attackerswill not resort to hacking the human, using social engineering techniques.In this paper, we propose and explore the potential of using human-basedcomputation instead of solely technical solutions to mitigate the threat ofuntrusted devices and channels. ZeTA (Zero  Trust Authentication on untrusted channels) has the potentialto allow people to authenticate despite compromised channels orcommunications and easily observed usage. Our contributions are threefold:(1) We propose the ZeTA protocol with a formal definition and securityanalysis that utilises semantics and human-based computation to amelioratethe problem of untrusted devices and channels.(2) We  outline a security analysis to assess the envisaged performance ofthe proposed authentication protocol.(3) We report on  a  usability study that explores the viability of relyingon human computation in this context.

Place, publisher, year, edition, pages
IEEE, 2016. 357-371 p.
Series
IEEE Symposium on Security and Privacy, ISSN 1081-6011
Keyword [en]
MRC PSYCHOLINGUISTIC DATABASE; SEMANTIC RELATIONS; COMMUNICATION; SIMILARITY; ENGLISH
National Category
Computer Science
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-42084DOI: 10.1109/EuroSP.2016.35ISI: 000386286200023ISBN: 978-1-5090-1751-5 (print)OAI: oai:DiVA.org:kau-42084DiVA: diva2:930056
Conference
EuroS&P'16 : IEEE European Symposium on Security and Privacy, 21-24 March 2016, Saarbrucken
Available from: 2016-05-21 Created: 2016-05-21 Last updated: 2017-11-02Bibliographically approved

Open Access in DiVA

No full text

Other links

Publisher's full text

Authority records BETA

Volkamer, Melanie

Search in DiVA

By author/editor
Volkamer, Melanie
By organisation
Department of Mathematics and Computer Science
Computer Science

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 127 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf