Repository logo
 

Red Button and Yellow Button: Usable Security for Lost Security Tokens

Accepted version
Peer-reviewed

Repository URI

https://www.repository.cam.ac.uk/handle/1810/256292

Repository DOI

https://doi.org/10.17863/CAM.233

Files

Accepted version (255.24 KB)

Type

Conference Object

Change log

Authors

Goldberg, I 
Jenkinson, G 
Llewellyn-Jones, D 

Abstract

Currently, losing a security token places the user in a dilemma: reporting the loss as soon as it is discovered involves a significant burden which is usually overkill in the common case that the token is later found behind a sofa. Not reporting the loss, on the other hand, puts the security of the protected account at risk and potentially leaves the user liable.

We propose a simple architectural solution with wide applicability that allows the user to reap the security benefit of reporting the loss early, but without paying the corresponding usability penalty if the event was later discovered to be a false alarm.

Description

Keywords

46 Information and Computing Sciences, 4604 Cybersecurity and Privacy

Journal Title

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Conference Name

Cambridge International Workshop on Security Protocols

Journal ISSN

0302-9743
1611-3349

Volume Title

10368 LNCS

Publisher

Springer

Publisher DOI

https://doi.org/10.1007/978-3-319-62033-6_19

Rights

http://www.rioxx.net/licenses/all-rights-reserved
Sponsorship
European Research Council (307224)
The authors with a Cambridge affiliation are grateful to the European Research Council for funding this research through grant StG 307224 (Pico). Goldberg thanks NSERC for grant RGPIN-341529. We also thank the workshop attendees for comments.

Collections

Scholarly Works - Computer Science and Technology
Symplectic mapped items for data match