Smart Cards and remote entrusting

Aussel, Jean-Daniel; d'Annoville, Jerome; Castillo, Laurent; Durand, Stephane; Fabre, Thierry; Lu, Karen; Ali, Asad

doi:10.1007/978-3-8348-9324-6_4

Cited by 3 publications

(1 citation statement)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Related to but not to be confused with the remote trust authentication problem discussed in Sec. 1 is the problem of remote entrusting [20,3,5], a more general computer security problem in which an application running on an untrusted device requests resources from a remote entity. Solving the remote trust authentication problem does not solve the remote entrusting problem, because establishing that a user is authentic does not ensure that the device has not been compromised by malware.…”

Section: Introductionmentioning

confidence: 99%

CALIPER: Continuous Authentication Layered with Integrated PKI Encoding Recognition

Rudd

Boult

2016

2016 IEEE Conference on Computer Vision and Pattern Recognition Workshops (CVPRW)

View full text Add to dashboard Cite

Architectures relying on continuous authentication require a secure way to challenge the user's identity without trusting that the Continuous Authentication Subsystem (CAS) has not been compromised, i.e., that the response to the layer which manages service/application access is not fake. In this paper, we introduce the CALIPER protocol, in which a separate Continuous Access Verification Entity (CAVE) directly challenges the user's identity in a continuous authentication regime. Instead of simply returning authentication probabilities or confidence scores, CALIPER's CAS uses live hard and soft biometric samples from the user to extract a cryptographic private key embedded in a challenge posed by the CAVE. The CAS then uses this key to sign a response to the CAVE. CALIPER supports multiple modalities, key lengths, and security levels and can be applied in two scenarios: One where the CAS must authenticate its user to a CAVE running on a remote server (device-server) for access to remote application data, and another where the CAS must authenticate its user to a locally running trusted computing module (TCM) for access to local application data (device-TCM). We further demonstrate that CALIPER can leverage device hardware resources to enable privacy and security even when the device's kernel is compromised, and we show how this authentication protocol can even be expanded to obfuscate direct kernel object manipulation (DKOM) malwares.

show abstract

Section: Introductionmentioning

confidence: 99%