2015
DOI: 10.1007/978-3-319-26096-9_17
|View full text |Cite
|
Sign up to set email alerts
|

Device Attacker Models: Fact and Fiction

Abstract: Abstract. According to standard fiction, a user is able to securely keep long term keys on his device. However, in fact his device may become infected with malware, and an adversary may obtain a copy of his key. We propose an attacker model in which devices are "periodically trustworthy" -they may become infected by malware, and then later become trustworthy again after software patches and malware scans have been applied, in an ongoing cycle. This paper proposes a solution to make the usage of private keys by… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1

Citation Types

0
2
0

Year Published

2015
2015
2023
2023

Publication Types

Select...
2
1
1

Relationship

1
3

Authors

Journals

citations
Cited by 4 publications
(2 citation statements)
references
References 9 publications
0
2
0
Order By: Relevance
“…While PFS considers how to protect the past communications, PCS considers how to automatically reinstate and re-establish the secure communication channels, for future communications. This security property has so far been considered only in the specific scenario of secure messaging [135], and only limited works [133,134] are available. In particular, we consider that when anchor has been compromised by an attacker (e.g., through the exploitation of software vulnerabilities), and has been reinstated by the operator (e.g., by applying software patches and rebuilding servers), the system should have a way to automatically re-establish secure communications between anchor and all other participants, without having to reinstate these components (controllers and forwarding devices in this case, whose shared secrets became compromised).…”
Section: Hardening Anchormentioning
confidence: 99%
“…While PFS considers how to protect the past communications, PCS considers how to automatically reinstate and re-establish the secure communication channels, for future communications. This security property has so far been considered only in the specific scenario of secure messaging [135], and only limited works [133,134] are available. In particular, we consider that when anchor has been compromised by an attacker (e.g., through the exploitation of software vulnerabilities), and has been reinstated by the operator (e.g., by applying software patches and rebuilding servers), the system should have a way to automatically re-establish secure communications between anchor and all other participants, without having to reinstate these components (controllers and forwarding devices in this case, whose shared secrets became compromised).…”
Section: Hardening Anchormentioning
confidence: 99%
“…For each website, the user's token picks a different, strong and totally random password of generous length 11 and remembers it. The user never has to type it or even see it 12 . The strong password 8 This corresponds to having different passwords for the different site, but without Emily having to remember them because the Pico does that for her.…”
Section: The Core Ideamentioning
confidence: 99%