Abstract
This paper argues the need for providing a covert back-channel communication mechanism in authentication protocols, discusses various practical uses for such a channel, and desirable features for its design and deployment. Such a mechanism would leverage the current authentication channel to carry out the covert communication rather than introducing a separate one. The communication would need to be oblivious to an adversary observing it, possibly as a man-in-the-middle. We discuss the properties that such channels would need to have for the various scenarios in which they would be used. Also, we show their potential for mitigating the effects of a number of security breaches currently occurring in these scenarios.
Keywords
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Clark, J., Hengartner, U.: Panic Passwords: Authenticating Under Duress. In: Proceedings: The 3rd Conference on Hot Topics in Security. USENIX Association (2008)
Stefanov, E., Atallah, M.: Duress Detection for Authentication Attacks Against Multiple Administrators. In: Proceedings: The 2010 ACM Workshop on Insider Threats, pp. 37–46. ACM (2010)
Anderson, R.: Can We Fix the Security Economics of Federated Authentication? In: Christianson, B., Crispo, B., Malcolm, J., Stajano, F. (eds.) Security Protocols 2011. LNCS, vol. 7114, pp. 33–48. Springer, Heidelberg (2011)
Trend Micro, How ZeuS/ZBOT Bypasses Two-Factor Authentication (October 2010), http://community.trendmicro.com/t5/Web-Threat-Spotlight/ZeuS-ZBOT-Variant-Bypasses-Two-Factor-Authentication/ba-p/16514
The White House, National Strategy for Trusted Identities in Cyberspace, NSTIC (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Almeshekah, M.H., Atallah, M.J., Spafford, E.H. (2013). Back Channels Can Be Useful! – Layering Authentication Channels to Provide Covert Communication. In: Christianson, B., Malcolm, J., Stajano, F., Anderson, J., Bonneau, J. (eds) Security Protocols XXI. Security Protocols 2013. Lecture Notes in Computer Science, vol 8263. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41717-7_22
Download citation
DOI: https://doi.org/10.1007/978-3-642-41717-7_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-41716-0
Online ISBN: 978-3-642-41717-7
eBook Packages: Computer ScienceComputer Science (R0)