Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		 Previous revision
public:papers:wistp2016 [2016-07-08 14:49] – created petrspublic:papers:wistp2016 [2016-12-01 13:28] (current) – external edit 127.0.0.1
Line 1: Line 1:
-====== On Secrecy Amplification Protocols WISTP2015 ====== +====== Codes v. People: A comparative usability study of two password recovery mechanisms WISTP2016 ====== 
-**Authors: Radim OstadalPetr Svenda, Vaclav Matyas**+**Authors: Vlasta StavovaVashek Matyas, and Mike Just**
  
-<note tip>FIXME 8-)</note> 
  
-**Abstract:** //We review the most important secrecy amplification protocolswhich are especially suitable for ad-hoc networks of devices with limited resourcesproviding additional resistance against various attacks +**Abstract:** //Password recovery is a criticaland often overlooked, requirement of account management. Currently popular solutions, such as security questions and out-of-band communicationshave recognized security and usability issues. In this paper we evaluate two alternate recovery solutions considered by our industrial partner, using backup codes and trusted people, in order to determine their suitability as a viable password recovery solutionIn this paper we focus on the usability evaluation of these two representative recovery methods, and not on the specifics of their design -- while our evaluation results do indirectly point to general design enhancements. Our study determined that participants felt that backup codes (implemented as a QR-code in our solution) offer levels of usability and security that are acceptable to users for securing their ``ordinary'' accounts. For accounts perceived to require more security (e.g., online banking) more security was preferred by participants, resulting in a preference for trusted party recovery compared to backup codes. Our results also suggest that further research and deployment considerations should be given to options for other methods of password recovery, such as backup codes and trusted parties.//
-on used cryptographic keys without necessity for asymmetric cryptography. We discuss and evaluate different designs as well as approaches to create new protocolsA special focus is given to suitability of these protocols with respect to different underlying key distribution schemes and also to open research questions.//+
  
-  * Conference page: [[http://wistp2015.wistp.org/|WISTP 2015]] +  * Conference page: [[http://www.wistp.org|WISTP 2016]]
-  * Download author pre-print of the paper: {{:public:papers:secamplif_wistp15.pdf|pdf}} +
-  * Download extended version of paper: {{:public:papers:secamplif_tr15_final.pdf|FIMU-RS-2015-01}} (technical report, FI MUNI)+
   * Download presentation: {{:public:papers:secamplif_wistp15_svenda_slides.pdf|pdf}}   * Download presentation: {{:public:papers:secamplif_wistp15_svenda_slides.pdf|pdf}}
-  * Download used simulator and configuration files: {{:public:papers:sensorsim.zip|zip source code}}, {{:public:papers:sensorsim.exe.zip|executable file}}+
  
 **Bibtex:** **Bibtex:**
-   @inproceedings{secrecyamplif_wistp2015+ 
-     author = {Radim O\v{s}\v{t}\'{a}dal \Petr \v{S}venda \and V{\'a}clav Maty{\'a}\v{s}}, +  @inproceedings{stavova2016codes
-     title = {On Secrecy Amplification Protocols}, +  title={Codes v. People: A Comparative Usability Study of Two Password Recovery Mechanisms}, 
-     booktitle = {The 9th WISTP International Conference on Information Security Theory and Practice (WISTP’2015), +  author={Stavova, Vlasta and Matyas, Vashek and Just, Mike}, 
-     LNCS 9311}, +  booktitle={IFIP International Conference on Information Security Theory and Practice}, 
-     year = {2015}, +  pages={35--50}, 
-     pages = {3--19}, +  year={2016}, 
-     doi = {10.1007/978-3-319-24018-3 1}, +  organization={Springer} 
-     publisher = {Springer} +  }
-   }+
      
      
Line 34: Line 29:
 ===== What is this paper about? ===== ===== What is this paper about? =====
  
-The secrecy amplification protocol provides description how messages with a fresh key material should be propagated inside a target network to provide secure link key to nodes with key currently compromised by an attacker. As wireless networks running on batteries are targeted, not only protocol's success rate (number of newly secured links), but also message overhead (significantly impacting energy consumption) must be considered.  
- 
-//A secrecy amplification protocol can be pretty effective: a network with 50-70 % of compromised links can be turned into network with 95+ % secure links for the price of small hundreds of messages (per node) in only tens of seconds.// 
- 
-**In this we paper, we:** 
-  * Gave motivation, why secrecy amplification protocols should be used -- if enough neighbours are available in network and random compromise pattern is assumed, network with only 30 % secure can be turned into network with more then 95 % secure links.  
-  * Provided survey of all published secrecy amplification protocols (13 in total). 
-  * Established upper bound of secrecy amplification protocol success rate for given network. 
-  * Compared protocols wrt message efficiency, number of links they are able to secure and other characteristics. 
-  * Discussed how hard is to execute secrecy amplification protocol in practice on real node (TelosB, TinyOS). 
-  * Introduced new class of hybrid secrecy amplification protocols, which are easier to synchronize and provide very good tradeoff between number of secure links (higher the better) and messages transmitted (lower the better). 
- 
-{{:public:papers:secure_links_random.png|}} 
- 
-//Figure showing increase in the number of secured links after secrecy amplification protocols in the random 
-compromise pattern on network with 20.3 legal neighbours on average. With in- 
-creasing number of neighbouring nodes the general effectiveness of protocol grows. 
-As can be seen, a strong majority of secure links (> 90%) can be obtained even 
-when the initial network had 70% of compromised links.// 
- 
-{{:public:papers:sa_normalized_messages.png|}} 
  
-//Figure showing increase in the number of secured links per message used during the protocol execution (random compromise pattern, 20.3 legal neighbours on average). The higher value is better - more links are secured per single message. Node-oriented protocols send significantly more messages with rising network density making them less effective per single message. This stands especially for 4-party node-oriented protocols, which are the least effective. The best tradeoff shows group-oriented and hybrid protocols.//