國立虎尾科技大學 |

On the Security and Usability of New Paradigms of Web Authentication.

紀錄類型:	書目-語言資料,印刷品 : Monograph/item
正題名/作者:	On the Security and Usability of New Paradigms of Web Authentication./
作者:	Jubur, Mohammed.
出版者:	Ann Arbor : ProQuest Dissertations & Theses, : 2021,
面頁冊數:	161 p.
附註:	Source: Dissertations Abstracts International, Volume: 83-03, Section: B.
Contained By:	Dissertations Abstracts International83-03B.
標題:	Information science. -
電子資源:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=28645059
ISBN:	9798544235224

On the Security and Usability of New Paradigms of Web Authentication.
Jubur, Mohammed.

On the Security and Usability of New Paradigms of Web Authentication. - Ann Arbor : ProQuest Dissertations & Theses, 2021 - 161 p.

Source: Dissertations Abstracts International, Volume: 83-03, Section: B.

Thesis (Ph.D.)--The University of Alabama at Birmingham, 2021.

This item must not be sold to any third party vendors.

Passwords are widely used by web services to authenticate their users. Unfortunately, passwords suffer from several well-documented security and usability issues. The two of the main techniques to address password problems are password managers and two-factor authentication (2FA), which form the central focus of this dissertation work.In particular, we explore the security and usability of newly proposed and emerging forms of password managers and 2FA systems. We first investigate a “store-less” online password manager that can prevent the leakage of the passwords from the password manager service itself. We also design and evaluate a new 2FA scheme that offers end-to-end security protection with user interaction models different from currently deployed2FA schemes. Further, we investigate the currently deployed password management and 2FA schemes in terms of their security and usability.This dissertation comprises two parts: password management and two-factor authentication. In the first part of the dissertation, we first study the usability of a new class of online password managers (referred to as HIPPO) that does not reveal the password or the master password to the password management service itself. Second, we compare the usability and the security of two forms of password management, a store-less password manager (i.e., HIPPO)and traditionally- deployed store-based password managers(e.g., LastPass). In the second part of this dissertation, we first study the usability of a recently designed 2FA protocol (referred to as Op-2FA), which aims to provide optimal security from both server-side and authentication terminal sides based on simple and flexible users interaction modes. Second, we introduce and study a fundamental design vulnerability of push-based 2FA (a form of “Just Confirm” approach such as Duo Push), and we run a lab study to investigate this vulnerability. Third, we evaluate the usability and security of the “Compare-and-Confirm” approach of push-based 2FA. We consider two scenarios where the user deploys a second-factor device physically separated from the authentication terminal, and when the user utilizes the second-factor device as the authentication terminal itself.

ISBN: 9798544235224Subjects--Topical Terms:

561178
Information science.
Subjects--Index Terms:

Authentication

On the Security and Usability of New Paradigms of Web Authentication.
LDR:03403nam a2200361 4500 001 1067215
005 20220823142318.5
008 221020s2021 ||||||||||||||||| ||eng d
020 $a 9798544235224
035 $a (MiAaPQ)AAI28645059
035 $a AAI28645059
040 $a MiAaPQ $c MiAaPQ
100 1 $a Jubur, Mohammed. $3 1372666
245 1 0 $a On the Security and Usability of New Paradigms of Web Authentication.
260 1 $a Ann Arbor : $b ProQuest Dissertations & Theses, $c 2021
300 $a 161 p.
500 $a Source: Dissertations Abstracts International, Volume: 83-03, Section: B.
500 $a Advisor: Saxena, Nitesh.
502 $a Thesis (Ph.D.)--The University of Alabama at Birmingham, 2021.
506 $a This item must not be sold to any third party vendors.
520 $a Passwords are widely used by web services to authenticate their users. Unfortunately, passwords suffer from several well-documented security and usability issues. The two of the main techniques to address password problems are password managers and two-factor authentication (2FA), which form the central focus of this dissertation work.In particular, we explore the security and usability of newly proposed and emerging forms of password managers and 2FA systems. We first investigate a “store-less” online password manager that can prevent the leakage of the passwords from the password manager service itself. We also design and evaluate a new 2FA scheme that offers end-to-end security protection with user interaction models different from currently deployed2FA schemes. Further, we investigate the currently deployed password management and 2FA schemes in terms of their security and usability.This dissertation comprises two parts: password management and two-factor authentication. In the first part of the dissertation, we first study the usability of a new class of online password managers (referred to as HIPPO) that does not reveal the password or the master password to the password management service itself. Second, we compare the usability and the security of two forms of password management, a store-less password manager (i.e., HIPPO)and traditionally- deployed store-based password managers(e.g., LastPass). In the second part of this dissertation, we first study the usability of a recently designed 2FA protocol (referred to as Op-2FA), which aims to provide optimal security from both server-side and authentication terminal sides based on simple and flexible users interaction modes. Second, we introduce and study a fundamental design vulnerability of push-based 2FA (a form of “Just Confirm” approach such as Duo Push), and we run a lab study to investigate this vulnerability. Third, we evaluate the usability and security of the “Compare-and-Confirm” approach of push-based 2FA. We consider two scenarios where the user deploys a second-factor device physically separated from the authentication terminal, and when the user utilizes the second-factor device as the authentication terminal itself.
590 $a School code: 0005.
650 4 $a Information science. $3 561178
650 4 $a Questionnaires. $3 557573
650 4 $a Demographics. $3 1004800
650 4 $a Hypotheses. $3 1372657
650 4 $a Usability. $3 1062032
650 4 $a Computer science. $3 573171
653 $a Authentication
653 $a Password managers
653 $a Two factor authentication
653 $a Store-less password management
653 $a Usability
690 $a 0984
690 $a 0723
710 2 $a The University of Alabama at Birmingham. $b Computer and Information Sciences. $3 1180241
773 0 $t Dissertations Abstracts International $g 83-03B.
790 $a 0005
791 $a Ph.D.
792 $a 2021
793 $a English
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=28645059