Advertisement

Back Channels Can Be Useful! – Layering Authentication Channels to Provide Covert Communication

  • Mohammed H. Almeshekah
  • Mikhail J. Atallah
  • Eugene H. Spafford
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8263)

Abstract

This paper argues the need for providing a covert back-channel communication mechanism in authentication protocols, discusses various practical uses for such a channel, and desirable features for its design and deployment. Such a mechanism would leverage the current authentication channel to carry out the covert communication rather than introducing a separate one. The communication would need to be oblivious to an adversary observing it, possibly as a man-in-the-middle. We discuss the properties that such channels would need to have for the various scenarios in which they would be used. Also, we show their potential for mitigating the effects of a number of security breaches currently occurring in these scenarios.

Keywords

Authentication Server Impersonation Back-channels Phishing 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Clark, J., Hengartner, U.: Panic Passwords: Authenticating Under Duress. In: Proceedings: The 3rd Conference on Hot Topics in Security. USENIX Association (2008)Google Scholar
  2. 2.
    Stefanov, E., Atallah, M.: Duress Detection for Authentication Attacks Against Multiple Administrators. In: Proceedings: The 2010 ACM Workshop on Insider Threats, pp. 37–46. ACM (2010)Google Scholar
  3. 3.
    Anderson, R.: Can We Fix the Security Economics of Federated Authentication? In: Christianson, B., Crispo, B., Malcolm, J., Stajano, F. (eds.) Security Protocols 2011. LNCS, vol. 7114, pp. 33–48. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  4. 4.
  5. 5.
    The White House, National Strategy for Trusted Identities in Cyberspace, NSTIC (2011)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Mohammed H. Almeshekah
    • 1
  • Mikhail J. Atallah
    • 1
  • Eugene H. Spafford
    • 1
  1. 1.Purdue UniversityWest LafayetteUSA

Personalised recommendations