User authentication in computing systems traditionally depends on three factors: something you have (e.g., a hardware token), something you are (e.g., a fingerprint), and something you know (e.g., a password). In this paper, we explore a fourth factor, the social network of the user, that is, somebody you know.Human authentication through mutual acquaintance is an age-old practice. In the arena of computer security, it plays roles in privilege delegation, peer-level certification, helpdesk assistance, and reputation networks. As a direct means of logical authentication, though, the reliance of human being on another has little supporting scientific literature or practice.In this paper, we explore the notion of vouching, that is, peer-level, human-intermediated authentication for access control. We explore its use in emergency authentication, when primary authenticators like passwords or hardware tokens become unavailable. We describe a practical, prototype vouching system based on SecurID, a popular hardware authentication token. We address traditional, cryptographic security requirements, but also consider questions of social engineering and user behavior.
Public blockchains such as Ethereum and Bitcoin provide transparency and accountability, and have strong nonrepudiation properties, but fall far short of enterprise privacy requirements for business processes. Consequently consortiums are exploring private blockchains to keep their membership and transactions private. However, private blockchains do not provide adequate protection against potential collusion by consortium members to revert the state of the blockchain. To countenance this, the private blockchain state may be "pinned" to a tamper resistant public blockchain. Existing solutions offering pinning to the public blockchain would reveal the transaction rate of the private blockchain, and do not provide a mechanism to contest the validity of a pin. Moreover, they require that all transactions and members of the private blockchain be revealed. These challenges are hampering the wider adoption of private blockchain technology. We describe the primary author's 'Anonymous State Pinning approach', which overcomes these limitations and present a security proof to demonstrate pins can be challenged without compromising these properties. We perform a gas cost analysis of the implementation to estimate the operating cost of this technology, which shows that pinning a private blockchain at the rate of one pin per hour would cost US$508 per year. A hierarchical pinning approach is proposed which would allow many private blockchains to pin to a management blockchain which would then pin to Ethereum MainNet. This approach saves money, but at the cost of increased finality times.
A "blocker" tag is a privacy-enhancing radio-frequency identification (RFID) tag. It operates by interfering with the protocol in which a reader communicates individually with other RFID tags. While inexpensive to manufacture in quantity, blockers are nonetheless special-purpose devices, and thus introduce level of complexity that may pose an obstacle to their deployment.We propose a variant on the blocker concept that we call soft blocking. This involves software (or firmware) modules that offer a different balance of characteristics than ordinary blockers. Soft blocking offers somewhat weaker privacy enforcement that is essentially voluntary or internally auditable (much like P3P). It has the significant advantage, however, of relying on standard (or very slightly modified) RFID tags. Additionally, soft blocking offers the possibility of flexible privacy policies in which partial or scrubbed data is revealed about "private" tags, in lieu of the all-or-nothing policy enforced by a blocker.We show, moreover, how the correct functioning of a softblocker system may be rendered externally auditable with minor modifications to the basic tag-reading protocol. We also briefly discuss the special, attractive approach of unblocking, a soft-blocking variant that permits an "opt-in" approach to consumer privacy.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.