Susanne Wetzel scite author profile

We propose a technique to reliably generate a cryptographic key from a user's voice while speaking a password.The key resists cryptanalysis even against an attacker who captures all system information related to generating or veribing the cryptographic key. Moreover; the technique is suficiently robust to enable the user to reliably regenerate the key by uttering her password again. We describe an empirical evaluation of this technique using 250 utterances recorded from 50 users.

show abstract

Security Weaknesses in Bluetooth

Jakobsson¹,

Wetzel²

2001

182

144

View full text Add to dashboard Cite

Password hardening based on keystroke dynamics

Monrose¹,

Reiter²,

Wetzel³

1999

229

102

View full text Add to dashboard Cite

Abstract. We present a novel approach to improving the security of passwords. In our approach, the legitimate user's typing patterns (e.g., durations of keystrokes and latencies between keystrokes) are combined with the user's password to generate a hardened password that is convincingly more secure than conventional passwords alone. In addition, our scheme automatically adapts to gradual changes in a user's typing patterns while maintaining the same hardened password across multiple logins, for use in file encryption or other applications requiring a long-term secret key. Using empirical data and a prototype implementation of our scheme, we give evidence that our approach is viable in practice, in terms of ease of use, improved security, and performance.

show abstract

Password hardening based on keystroke dynamics

Monrose¹,

Reiter²,

Wetzel³

2002

212

View full text Add to dashboard Cite

We present a novel approach to improving the security of passwords. In our approach, the legitimate user's typing patterns (e.g., durations of keystrokes and latencies between keystrokes) are combined with the user's password to generate a hardened password that is convincingly more secure than conventional passwords alone. In addition, our scheme automatically adapts to gradual changes in a user's typing patterns while maintaining the same hardened password across multiple lo-gins, for use in file encryption or other applications requiring a long-term secret key. Using empirical data and a prototype implementation of our scheme, we give evidence that our approach is viable in practice, in terms of ease of use, improved security, and performance.

show abstract

A man-in-the-middle attack on UMTS

Meyer

Wetzel

2004

167

View full text Add to dashboard Cite

In this paper we present a man-in-the-middle attack on the Universal Mobile Telecommunication Standard (UMTS), one of the newly emerging 3G mobile technologies. The attack allows an intruder to impersonate a valid GSM base station to a UMTS subscriber regardless of the fact that UMTS authentication and key agreement are used. As a result, an intruder can eavesdrop on all mobile-station-initiated traffic.Since the UMTS standard requires mutual authentication between the mobile station and the network, so far UMTS networks were considered to be secure against man-in-themiddle attacks. The network authentication defined in the UMTS standard depends on both the validity of the authentication token and the integrity protection of the subsequent security mode command.We show that both of these mechanisms are necessary in order to prevent a man-in-the-middle attack. As a consequence we show that an attacker can mount an impersonation attack since GSM base stations do not support integrity protection. Possible victims to our attack are all mobile stations that support the UTRAN and the GSM air interface simultaneously. In particular, this is the case for most of the equipment used during the transition phase from 2G (GSM) to 3G (UMTS) technology.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Susanne Wetzel

Cryptographic key generation from voice

Security Weaknesses in Bluetooth

Password hardening based on keystroke dynamics

Password hardening based on keystroke dynamics

A man-in-the-middle attack on UMTS

Contact Info

Product

Resources

About