Conor Gilsenan, Noura Alomar, Andrew Huang, Serge Egelman
{"title":"分散备份和恢复TOTP机密","authors":"Conor Gilsenan, Noura Alomar, Andrew Huang, Serge Egelman","doi":"10.1145/3384217.3386396","DOIUrl":null,"url":null,"abstract":"This work proposes a set of security, privacy, and usability design requirements for the backup and recovery systems of apps implementing the Time-based One-Time Password (TOTP) algorithm, a widely deployed method of two-factor authentication (2FA). We explain how several prevalent apps fail to satisfy these requirements and outline how our scheme leverages decentralized security techniques to satisfy the majority of these requirements and provide stronger security and privacy guarantees.","PeriodicalId":205173,"journal":{"name":"Proceedings of the 7th Symposium on Hot Topics in the Science of Security","volume":"27 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Decentralized backup and recovery of TOTP secrets\",\"authors\":\"Conor Gilsenan, Noura Alomar, Andrew Huang, Serge Egelman\",\"doi\":\"10.1145/3384217.3386396\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This work proposes a set of security, privacy, and usability design requirements for the backup and recovery systems of apps implementing the Time-based One-Time Password (TOTP) algorithm, a widely deployed method of two-factor authentication (2FA). We explain how several prevalent apps fail to satisfy these requirements and outline how our scheme leverages decentralized security techniques to satisfy the majority of these requirements and provide stronger security and privacy guarantees.\",\"PeriodicalId\":205173,\"journal\":{\"name\":\"Proceedings of the 7th Symposium on Hot Topics in the Science of Security\",\"volume\":\"27 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-08-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 7th Symposium on Hot Topics in the Science of Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3384217.3386396\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 7th Symposium on Hot Topics in the Science of Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3384217.3386396","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
This work proposes a set of security, privacy, and usability design requirements for the backup and recovery systems of apps implementing the Time-based One-Time Password (TOTP) algorithm, a widely deployed method of two-factor authentication (2FA). We explain how several prevalent apps fail to satisfy these requirements and outline how our scheme leverages decentralized security techniques to satisfy the majority of these requirements and provide stronger security and privacy guarantees.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
