{"title":"Coercion resistance in authentication responsibility shifting","authors":"Payas Gupta, Xuhua Ding, Debin Gao","doi":"10.1145/2414456.2414512","DOIUrl":null,"url":null,"abstract":"To meet the demand of scalability and usability, many real-world authentication systems have adopted the idea of responsibility shifting, explicitly or implicitly, where a user's responsibility of authentication is shifted to another entity, usually in case of failure of the primary authentication method. One example of responsibility shifting is in the fourth-factor authentication [1] whereby a user gets the crucial authentication assistance from a helper who takes over the responsibility. In the fourth-factor authentication system [1], subverting/coercing the helper (trustee) allows the adversary to log in without capturing the password of the user.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2012-05-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2414456.2414512","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 6
Abstract
To meet the demand of scalability and usability, many real-world authentication systems have adopted the idea of responsibility shifting, explicitly or implicitly, where a user's responsibility of authentication is shifted to another entity, usually in case of failure of the primary authentication method. One example of responsibility shifting is in the fourth-factor authentication [1] whereby a user gets the crucial authentication assistance from a helper who takes over the responsibility. In the fourth-factor authentication system [1], subverting/coercing the helper (trustee) allows the adversary to log in without capturing the password of the user.