Change search
ReferencesLink to record
Permanent link

Direct link
ZeTA - Zero-Trust Authentication: Relying on Innate Human Ability, not Technology
Show others and affiliations
2016 (English)In: 2016 IEEE European Symposium on Security and Privacy (EuroS&P), IEEE conference proceedings, 2016, 357-371 p.Conference paper (Refereed)
Abstract [en]

Reliable authentication requires the devices and channels involved in theprocess to be trustworthy; otherwise authentication secrets can easily becompromised. Given the unceasing efforts of attackers worldwide suchtrustworthiness is increasingly not a given. A variety of technicalsolutions, such as utilising multiple devices/channels and verificationprotocols, has the potential to mitigate the threat of untrustedcommunications to a certain extent. Yet such technical solutions make twoassumptions: (1) users have access to multiple devices and (2) attackerswill not resort to hacking the human, using social engineering techniques.In this paper, we propose and explore the potential of using human-basedcomputation instead of solely technical solutions to mitigate the threat ofuntrusted devices and channels. ZeTA (Zero  Trust Authentication on untrusted channels) has the potentialto allow people to authenticate despite compromised channels orcommunications and easily observed usage. Our contributions are threefold:(1) We propose the ZeTA protocol with a formal definition and securityanalysis that utilises semantics and human-based computation to amelioratethe problem of untrusted devices and channels.(2) We  outline a security analysis to assess the envisaged performance ofthe proposed authentication protocol.(3) We report on  a  usability study that explores the viability of relyingon human computation in this context.

Place, publisher, year, edition, pages
IEEE conference proceedings, 2016. 357-371 p.
National Category
Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-42084DOI: 10.1109/EuroSP.2016.35ISBN: 978-1-5090-1751-5OAI: oai:DiVA.org:kau-42084DiVA: diva2:930056
Conference
EuroS&P'16 : IEEE European Symposium on Security and Privacy, 21-24 March 2016, Saarbrucken
Available from: 2016-05-21 Created: 2016-05-21 Last updated: 2016-07-08Bibliographically approved

Open Access in DiVA

No full text

Other links

Publisher's full text

Search in DiVA

By author/editor
Volkamer, Melanie
By organisation
Department of Mathematics and Computer Science
Computer Science

Search outside of DiVA

GoogleGoogle Scholar

Altmetric score

Total: 23 hits
ReferencesLink to record
Permanent link

Direct link