See this document in CiteSeerX!

Addressing Online Dictionary Attacks with Login Histories and Humans-in-the-Loop (2004)  (Make Corrections)  (3 citations)
S. Stubblebine, P.C. van Oorschot



  Home/Search   Context   Related

 
View or download:
scs.carleton.ca/~pau...FC04extended.pdf
Cached:  PS.gz  PS  PDF   Image  Update  Help

From:  scs.carleton.ca/~paulv/papers/ (more)
(Enter author homepages)

Rate this article: (best)
  Comment on this article  
(Enter summary)

Abstract: Automated Turing Tests (ATTs), also known as human-in-the-loop techniques, were recently employed in a login protocol by Pinkas and Sander (2002) to protect against online password-guessing attacks. We begin by noting that this, and other protocols involving ATTs, are susceptible to minor variations of well-known middle-person attacks. We discuss techniques to address such attacks, and present complementary modifications in a new historybased protocol with ATTs. Analysis indicates that the ... (Update)

Cited by:   More
Pass-thoughts: Authenticating with Our Minds - Thorpe, van Oorschot, Somayaji (2005)   (Correct)
On Countering Online Dictionary Attacks - With Login Histories   (Correct)

Active bibliography (related documents):   More   All
2.9:   Addressing Online Dictionary Attacks - With Login Histories   (Correct)
0.9:   Addressing Online Dictionary Attacks with Login.. - Stubblebine, van.. (2004)   (Correct)
0.3:   A Note on Proactive Password Checking - Yan (2001)   (Correct)

Similar documents based on text:   More   All
0.3:   Group Principals and the Formalization of Anonymity - Syverson, Stubblebine (1999)   (Correct)
0.2:   Countering Identity Theft through Digital Uniqueness.. - van Oorschot.. (2005)   (Correct)
0.2:   An Authentication Logic Supporting Synchronization.. - Stubblebine, Wright (1996)   (Correct)

Related documents from co-citation:   More   All
3:   Securing Passwords Against Dictionary Attacks - Pinkas, Sander - 2002
3:   Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attac.. - Bellovin, Merritt - 1992
3:   Strong password-only authenticated key exchange - Jablon - 1996

BibTeX entry:   (Update)

S. Stubblebine and P.C. van Oorschot. Addressing Online Dictionary Attacks with Login Histories and Humans-in-the-Loop. In Financial Cryptography'04. Springer-Verlag LNCS 3110, 2004. http://citeseer.ist.psu.edu/article/stubblebine04addressing.html   More

@misc{ stubblebine04addressing,
  author = "S. Stubblebine and P. van Oorschot",
  title = "Addressing Online Dictionary Attacks with Login Histories and Humans-in-the-Loop",
  text = "S. Stubblebine and P.C. van Oorschot. Addressing Online Dictionary Attacks
    with Login Histories and Humans-in-the-Loop. In Financial Cryptography'04.
    Springer-Verlag LNCS 3110, 2004.",
  year = "2004",
  url = "citeseer.ist.psu.edu/article/stubblebine04addressing.html" }
Citations (may not include all citations):
1065   Handbook of Applied Cryptography (context) - Menezes, van Oorschot et al. - 1997  ACM
635   New Directions in Cryptography - Di and, Hellman - 1976  ACM
176   Computing Machinery and Intelligence (context) - Turing - 1950  ACM
150   Encrypted Key Exchange: Password-Based Protocols Secure Agai.. - Bellovin, Merritt - 1992
94   Security Engineering: A Guide to Building Dependable Distrib.. (context) - Anderson - 2001
90   Network Security: Private Communication in a Public World (context) - Kaufman, Perlman et al. - 2002
88   Protecting poorly chosen secrets from guessing attacks - Gong, Lomas et al. - 1993  DBLP
81   Pricing via Processing or Combatting Junk Mail (context) - Dwork, Naor - 1993
69   The secure remote password protocol - Wu - 1998
68   Strong password-only authenticated key exchange - Jablon - 1996
44   Reducing risks from poorly chosen keys - Lomas, Gong et al. - 1989  ACM   DBLP
35   Client puzzles: A cryptographic defense against connection d.. (context) - Juels, Brainard - 1999
30   cial PGP User's Guide (context) - Zimmermann - 1995
28   CAPTCHA: Using Hard AI Problems for Security - von Ahn, Blum et al. - 2003  DBLP
21   Authentication and Authenticated Key Exchange (context) - Di and, van Oorschot et al. - 1992
18   Server-Assisted Generation of a Strong Secret from a Passwor.. - Ford, Kaliski - 2000  ACM   DBLP
15   Securing Passwords Against Dictionary Attacks - Pinkas, Sander - 2002  ACM   DBLP
11   Verification of a human in the loop or Identification via th.. - Naor - 1997
10   The Memorability and Security of Passwords -- Some Empirical.. - Yan, Blackwell et al. - 2000
7   Verifiable-text attacks in cryptographic protocols (context) - Gong - 1990
6   Federal Information Processing Standards Publication (context) - Usage - 1985
6   Telling Humans and Computers Apart Automatically - von Ahn, Blum et al. - 2000  ACM   DBLP
5   Defending Against an Internet-based Attack on the Physical W.. (context) - Byers, Rubin et al. - 2002  ACM
4   Moderately Hard, Memory-bound Functions - Abadi, Burrows et al. - 2003
4   A Note on Proactive Password Checking - Yan - 2001  ACM
3   Hackers find new way to bilk eBay users (context) - Wolverton
2   FIPS Pub (context) - Generator - 1993
2   Eurocrypt'03 presentation (context) - von Ahn - 2003

Documents on the same site (http://www.scs.carleton.ca/~paulv/papers/):   More
Authentication and Authenticated Key Exchanges - Diffie, van Oorschot, Wiener (1992)   (Correct)
Security Analysis of the Message Authenticator Algorithm.. - Preneel, Rijmen, van.. (1997)   (Correct)
A Generic Attack on Checksumming-Based Software Tamper.. - Wurster, van Oorschot, .. (2005)   (Correct)

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC