论文信息 - Panic Passwords: Authenticating under Duress

Panic Passwords: Authenticating under Duress

Panic passwords allow a user to signal duress during authentication. We show that the well-known model of giving a user two passwords, a 'regular' and a 'panic' password, is susceptible to iteration and forced-randomization attacks, and is secure only within a very narrow threat model. We expand this threat model significantly, making explicit assumptions and tracking four parameters. We also introduce several new panic password systems to address new categories of scenarios.

Jeremy Clark | Urs Hengartner

[1] Jeremy Clark,et al. Scantegrity II: End-to-End Verifiability for Optical Scan Election Systems using Invisible Ink Confirmation Codes , 2008, EVT.

[2] Niels Provos,et al. A Virtual Honeypot Framework , 2004, USENIX Security Symposium.

[3] David Chaum,et al. Achieving Electronic Privacy , 1992 .

[4] Robert Biddle,et al. Graphical Password Authentication Using Cued Click Points , 2007, ESORICS.

[5] ルシコフ，ロナルド，ケイ．. Computerized password verification system and method for Atm transaction , 2004 .

[6] Gregory V. Bard,et al. Spelling-Error Tolerant, Order-Independent Pass-Phrases via the Damerau-Levenshtein String-Edit Distance Metric , 2007, ACSW.

[7] 罗纳德·K.·鲁西科夫. Computerized password verification system and method for ATM transactions , 2004 .

[8] Nasir D. Memon,et al. PassPoints: Design and longitudinal evaluation of a graphical password system , 2005, Int. J. Hum. Comput. Stud..

[9] Adi Shamir,et al. The Steganographic File System , 1998, Information Hiding.