Advertisement

Red Button and Yellow Button: Usable Security for Lost Security Tokens

  • Ian Goldberg
  • Graeme Jenkinson
  • David Llewellyn-Jones
  • Frank Stajano
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10368)

Abstract

Currently, losing a security token places the user in a dilemma: reporting the loss as soon as it is discovered involves a significant burden which is usually overkill in the common case that the token is later found behind a sofa. Not reporting the loss, on the other hand, puts the security of the protected account at risk and potentially leaves the user liable.

We propose a simple architectural solution with wide applicability that allows the user to reap the security benefit of reporting the loss early, but without paying the corresponding usability penalty if the event was later discovered to be a false alarm.

Notes

The authors with a Cambridge affiliation are grateful to the European Research Council for funding this research through grant StG 307224 (Pico). Goldberg thanks NSERC for grant RGPIN-341529. We also thank the workshop attendees for comments.

References

  1. 1.
    Bonneau, J., Preibusch, S., Anderson, R.: A birthday present every eleven wallets? the security of customer-chosen banking PINs. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 25–40. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-32946-3_3 CrossRefGoogle Scholar
  2. 2.
    The Free Software Foundation: The GNU Privacy Handbook (1999). https://www.gnupg.org/gph/en/manual/c14.html#REVOCATION
  3. 3.
    Stajano, F.: Pico: no more passwords!. In: Christianson, B., Crispo, B., Malcolm, J., Stajano, F. (eds.) Security Protocols 2011. LNCS, vol. 7114, pp. 49–81. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-25867-1_6 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Ian Goldberg
    • 1
  • Graeme Jenkinson
    • 2
  • David Llewellyn-Jones
    • 2
  • Frank Stajano
    • 2
  1. 1.University of WaterlooWaterlooCanada
  2. 2.University of CambridgeCambridgeUK

Personalised recommendations