用人工公证来防范设备盗窃

10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing Pub Date : 2014-11-11 DOI:10.4108/ICST.COLLABORATECOM.2014.257706

Alana Libonati, Kelly E. Caine, Apu Kapadia, M. Reiter

{"title":"用人工公证来防范设备盗窃","authors":"Alana Libonati, Kelly E. Caine, Apu Kapadia, M. Reiter","doi":"10.4108/ICST.COLLABORATECOM.2014.257706","DOIUrl":null,"url":null,"abstract":"People increasingly rely on mobile phones for storing sensitive information and credentials for access to services. Because these devices are vulnerable to theft, security of this data is put at higher risk-once the attacker is in physical possession of the device, recovering these credentials and impersonating the owner of the phone is hard to defend by purely local means. We introduce the concept of `notarization', a process by which a remote notary verifies the identity of the device user through video chat. We describe the design and implementation of a system that leverages notarization to protect cryptographic keys that the device uses to decrypt device data (e.g., website passwords) or perform signatures in support of client-side TLS, without trusting the notary with these keys. Through a lab-based study with 56 participants, we show that notarization even by strangers is effective for combating device theft.","PeriodicalId":432345,"journal":{"name":"10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing","volume":"73 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-11-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Defending against device theft with human notarization\",\"authors\":\"Alana Libonati, Kelly E. Caine, Apu Kapadia, M. Reiter\",\"doi\":\"10.4108/ICST.COLLABORATECOM.2014.257706\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"People increasingly rely on mobile phones for storing sensitive information and credentials for access to services. Because these devices are vulnerable to theft, security of this data is put at higher risk-once the attacker is in physical possession of the device, recovering these credentials and impersonating the owner of the phone is hard to defend by purely local means. We introduce the concept of `notarization', a process by which a remote notary verifies the identity of the device user through video chat. We describe the design and implementation of a system that leverages notarization to protect cryptographic keys that the device uses to decrypt device data (e.g., website passwords) or perform signatures in support of client-side TLS, without trusting the notary with these keys. Through a lab-based study with 56 participants, we show that notarization even by strangers is effective for combating device theft.\",\"PeriodicalId\":432345,\"journal\":{\"name\":\"10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing\",\"volume\":\"73 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-11-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4108/ICST.COLLABORATECOM.2014.257706\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4108/ICST.COLLABORATECOM.2014.257706","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

人们越来越依赖手机来存储敏感信息和访问服务的凭据。由于这些设备很容易被盗，因此这些数据的安全性面临更高的风险——一旦攻击者实际拥有设备，恢复这些凭证并冒充手机的所有者很难通过纯粹的本地手段进行防御。我们引入了“公证”的概念，这是一个远程公证人通过视频聊天验证设备用户身份的过程。我们描述了一个系统的设计和实现，该系统利用公证来保护设备用于解密设备数据(例如，网站密码)或执行支持客户端TLS的签名的加密密钥，而无需信任这些密钥的公证人。通过一项有56名参与者的实验室研究，我们表明，即使是陌生人的公证对打击设备盗窃也是有效的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Defending against device theft with human notarization

People increasingly rely on mobile phones for storing sensitive information and credentials for access to services. Because these devices are vulnerable to theft, security of this data is put at higher risk-once the attacker is in physical possession of the device, recovering these credentials and impersonating the owner of the phone is hard to defend by purely local means. We introduce the concept of `notarization', a process by which a remote notary verifies the identity of the device user through video chat. We describe the design and implementation of a system that leverages notarization to protect cryptographic keys that the device uses to decrypt device data (e.g., website passwords) or perform signatures in support of client-side TLS, without trusting the notary with these keys. Through a lab-based study with 56 participants, we show that notarization even by strangers is effective for combating device theft.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing

自引率

0.00%

发文量