Threat Modelling in User Performed Authentication

Xun Dong; John A. Clark; Jeremy L. Jacob

doi:10.1007/978-3-540-88625-9_4

Threat Modelling in User Performed Authentication

Xun Dong, John A. Clark, Jeremy L. Jacob

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

User authentication can be compromised both by subverting the system and by subverting the user; the threat modelling of the former is well studied, the latter less so. We propose a method to determine opportunities to subvert the user allowing vulnerabilities to be systematically identified. The method is applied to VeriSign's OpenID authentication mechanism.

Original language	English
Title of host publication	INFORMATION AND COMMUNICATIONS SECURITY, PROCEEDINGS
Editors	L Chen, MD Ryan, G Wang
Place of Publication	BERLIN
Publisher	Springer
Pages	49-64
Number of pages	16
Volume	5308 LNCS
ISBN (Print)	978-3-540-88624-2
DOIs	https://doi.org/10.1007/978-3-540-88625-9_4
Publication status	Published - 2008
Event	10th International Conference on Information and Communications Security - Birmingham Duration: 20 Oct 2008 → 22 Oct 2008

Conference

Conference	10th International Conference on Information and Communications Security
City	Birmingham
Period	20/10/08 → 22/10/08

Access to Document

10.1007/978-3-540-88625-9_4

Cite this

@inproceedings{a61f6926ebc74b379253e2b2c2c8ca94,

title = "Threat Modelling in User Performed Authentication",

abstract = "User authentication can be compromised both by subverting the system and by subverting the user; the threat modelling of the former is well studied, the latter less so. We propose a method to determine opportunities to subvert the user allowing vulnerabilities to be systematically identified. The method is applied to VeriSign's OpenID authentication mechanism.",

author = "Xun Dong and Clark, {John A.} and Jacob, {Jeremy L.}",

year = "2008",

doi = "10.1007/978-3-540-88625-9_4",

language = "English",

isbn = "978-3-540-88624-2",

volume = "5308 LNCS",

pages = "49--64",

editor = "L Chen and MD Ryan and G Wang",

booktitle = "INFORMATION AND COMMUNICATIONS SECURITY, PROCEEDINGS",

publisher = "Springer",

address = "Germany",

note = "10th International Conference on Information and Communications Security ; Conference date: 20-10-2008 Through 22-10-2008",

}

TY - GEN

T1 - Threat Modelling in User Performed Authentication

AU - Dong, Xun

AU - Clark, John A.

AU - Jacob, Jeremy L.

PY - 2008

Y1 - 2008

N2 - User authentication can be compromised both by subverting the system and by subverting the user; the threat modelling of the former is well studied, the latter less so. We propose a method to determine opportunities to subvert the user allowing vulnerabilities to be systematically identified. The method is applied to VeriSign's OpenID authentication mechanism.

AB - User authentication can be compromised both by subverting the system and by subverting the user; the threat modelling of the former is well studied, the latter less so. We propose a method to determine opportunities to subvert the user allowing vulnerabilities to be systematically identified. The method is applied to VeriSign's OpenID authentication mechanism.

UR - http://www.scopus.com/inward/record.url?scp=57049164284&partnerID=8YFLogxK

U2 - 10.1007/978-3-540-88625-9_4

DO - 10.1007/978-3-540-88625-9_4

M3 - Conference contribution

SN - 978-3-540-88624-2

VL - 5308 LNCS

SP - 49

EP - 64

BT - INFORMATION AND COMMUNICATIONS SECURITY, PROCEEDINGS

A2 - Chen, L

A2 - Ryan, MD

A2 - Wang, G

PB - Springer

CY - BERLIN

T2 - 10th International Conference on Information and Communications Security

Y2 - 20 October 2008 through 22 October 2008

ER -

Threat Modelling in User Performed Authentication

Abstract

Conference

Access to Document

Other files and links

Defending the weakest link - Intrusion via ...

Cite this

Threat Modelling in User Performed Authentication

Abstract

Conference

Access to Document

Other files and links

Projects

Defending the weakest link - Intrusion via ...

Cite this