Red Button and Yellow Button: Usable Security for Lost Security Tokens View Full Text


Ontology type: schema:Chapter      Open Access: True


Chapter Info

DATE

2017

AUTHORS

Ian Goldberg , Graeme Jenkinson , David Llewellyn-Jones , Frank Stajano

ABSTRACT

Currently, losing a security token places the user in a dilemma: reporting the loss as soon as it is discovered involves a significant burden which is usually overkill in the common case that the token is later found behind a sofa. Not reporting the loss, on the other hand, puts the security of the protected account at risk and potentially leaves the user liable. We propose a simple architectural solution with wide applicability that allows the user to reap the security benefit of reporting the loss early, but without paying the corresponding usability penalty if the event was later discovered to be a false alarm. More... »

PAGES

165-171

References to SciGraph publications

  • 2011. Pico: No More Passwords! in SECURITY PROTOCOLS XIX
  • 2012. A Birthday Present Every Eleven Wallets? The Security of Customer-Chosen Banking PINs in FINANCIAL CRYPTOGRAPHY AND DATA SECURITY
  • Book

    TITLE

    Security Protocols XXIV

    ISBN

    978-3-319-62032-9
    978-3-319-62033-6

    From Grant

    Identifiers

    URI

    http://scigraph.springernature.com/pub.10.1007/978-3-319-62033-6_19

    DOI

    http://dx.doi.org/10.1007/978-3-319-62033-6_19

    DIMENSIONS

    https://app.dimensions.ai/details/publication/pub.1090775585


    Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
    Incoming Citations Browse incoming citations for this publication using opencitations.net

    JSON-LD is the canonical representation for SciGraph data.

    TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

    [
      {
        "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
        "about": [
          {
            "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0801", 
            "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
            "name": "Artificial Intelligence and Image Processing", 
            "type": "DefinedTerm"
          }, 
          {
            "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
            "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
            "name": "Information and Computing Sciences", 
            "type": "DefinedTerm"
          }
        ], 
        "author": [
          {
            "affiliation": {
              "alternateName": "University of Waterloo", 
              "id": "https://www.grid.ac/institutes/grid.46078.3d", 
              "name": [
                "University of Waterloo"
              ], 
              "type": "Organization"
            }, 
            "familyName": "Goldberg", 
            "givenName": "Ian", 
            "id": "sg:person.012057510223.72", 
            "sameAs": [
              "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012057510223.72"
            ], 
            "type": "Person"
          }, 
          {
            "affiliation": {
              "alternateName": "University of Cambridge", 
              "id": "https://www.grid.ac/institutes/grid.5335.0", 
              "name": [
                "University of Cambridge"
              ], 
              "type": "Organization"
            }, 
            "familyName": "Jenkinson", 
            "givenName": "Graeme", 
            "id": "sg:person.015752742217.50", 
            "sameAs": [
              "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015752742217.50"
            ], 
            "type": "Person"
          }, 
          {
            "affiliation": {
              "alternateName": "University of Cambridge", 
              "id": "https://www.grid.ac/institutes/grid.5335.0", 
              "name": [
                "University of Cambridge"
              ], 
              "type": "Organization"
            }, 
            "familyName": "Llewellyn-Jones", 
            "givenName": "David", 
            "id": "sg:person.010654463564.24", 
            "sameAs": [
              "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010654463564.24"
            ], 
            "type": "Person"
          }, 
          {
            "affiliation": {
              "alternateName": "University of Cambridge", 
              "id": "https://www.grid.ac/institutes/grid.5335.0", 
              "name": [
                "University of Cambridge"
              ], 
              "type": "Organization"
            }, 
            "familyName": "Stajano", 
            "givenName": "Frank", 
            "id": "sg:person.015754042145.63", 
            "sameAs": [
              "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015754042145.63"
            ], 
            "type": "Person"
          }
        ], 
        "citation": [
          {
            "id": "sg:pub.10.1007/978-3-642-25867-1_6", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1037644204", 
              "https://doi.org/10.1007/978-3-642-25867-1_6"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-642-32946-3_3", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1042848834", 
              "https://doi.org/10.1007/978-3-642-32946-3_3"
            ], 
            "type": "CreativeWork"
          }
        ], 
        "datePublished": "2017", 
        "datePublishedReg": "2017-01-01", 
        "description": "Currently, losing a security token places the user in a dilemma: reporting the loss as soon as it is discovered involves a significant burden which is usually overkill in the common case that the token is later found behind a sofa. Not reporting the loss, on the other hand, puts the security of the protected account at risk and potentially leaves the user liable. We propose a simple architectural solution with wide applicability that allows the user to reap the security benefit of reporting the loss early, but without paying the corresponding usability penalty if the event was later discovered to be a false alarm.", 
        "editor": [
          {
            "familyName": "Anderson", 
            "givenName": "Jonathan", 
            "type": "Person"
          }, 
          {
            "familyName": "Maty\u00e1\u0161", 
            "givenName": "Vashek", 
            "type": "Person"
          }, 
          {
            "familyName": "Christianson", 
            "givenName": "Bruce", 
            "type": "Person"
          }, 
          {
            "familyName": "Stajano", 
            "givenName": "Frank", 
            "type": "Person"
          }
        ], 
        "genre": "chapter", 
        "id": "sg:pub.10.1007/978-3-319-62033-6_19", 
        "inLanguage": [
          "en"
        ], 
        "isAccessibleForFree": true, 
        "isFundedItemOf": [
          {
            "id": "sg:grant.3798313", 
            "type": "MonetaryGrant"
          }
        ], 
        "isPartOf": {
          "isbn": [
            "978-3-319-62032-9", 
            "978-3-319-62033-6"
          ], 
          "name": "Security Protocols XXIV", 
          "type": "Book"
        }, 
        "name": "Red Button and Yellow Button: Usable Security for Lost Security Tokens", 
        "pagination": "165-171", 
        "productId": [
          {
            "name": "doi", 
            "type": "PropertyValue", 
            "value": [
              "10.1007/978-3-319-62033-6_19"
            ]
          }, 
          {
            "name": "readcube_id", 
            "type": "PropertyValue", 
            "value": [
              "779bde257c39a9d71fb8dd07d3d19af22fe6166238477c5629b183f16aefac91"
            ]
          }, 
          {
            "name": "dimensions_id", 
            "type": "PropertyValue", 
            "value": [
              "pub.1090775585"
            ]
          }
        ], 
        "publisher": {
          "location": "Cham", 
          "name": "Springer International Publishing", 
          "type": "Organisation"
        }, 
        "sameAs": [
          "https://doi.org/10.1007/978-3-319-62033-6_19", 
          "https://app.dimensions.ai/details/publication/pub.1090775585"
        ], 
        "sdDataset": "chapters", 
        "sdDatePublished": "2019-04-15T20:44", 
        "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
        "sdPublisher": {
          "name": "Springer Nature - SN SciGraph project", 
          "type": "Organization"
        }, 
        "sdSource": "s3://com-uberresearch-data-dimensions-target-20181106-alternative/cleanup/v134/2549eaecd7973599484d7c17b260dba0a4ecb94b/merge/v9/a6c9fde33151104705d4d7ff012ea9563521a3ce/jats-lookup/v90/0000000001_0000000264/records_8687_00000600.jsonl", 
        "type": "Chapter", 
        "url": "http://link.springer.com/10.1007/978-3-319-62033-6_19"
      }
    ]
     

    Download the RDF metadata as:  json-ld nt turtle xml License info

    HOW TO GET THIS DATA PROGRAMMATICALLY:

    JSON-LD is a popular format for linked data which is fully compatible with JSON.

    curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-319-62033-6_19'

    N-Triples is a line-based linked data format ideal for batch operations.

    curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-319-62033-6_19'

    Turtle is a human-readable linked data format.

    curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-319-62033-6_19'

    RDF/XML is a standard XML format for linked data.

    curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-319-62033-6_19'


     

    This table displays all metadata directly associated to this object as RDF triples.

    114 TRIPLES      23 PREDICATES      29 URIs      20 LITERALS      8 BLANK NODES

    Subject Predicate Object
    1 sg:pub.10.1007/978-3-319-62033-6_19 schema:about anzsrc-for:08
    2 anzsrc-for:0801
    3 schema:author N1c5b8630da64422e95d035beb2f38ba5
    4 schema:citation sg:pub.10.1007/978-3-642-25867-1_6
    5 sg:pub.10.1007/978-3-642-32946-3_3
    6 schema:datePublished 2017
    7 schema:datePublishedReg 2017-01-01
    8 schema:description Currently, losing a security token places the user in a dilemma: reporting the loss as soon as it is discovered involves a significant burden which is usually overkill in the common case that the token is later found behind a sofa. Not reporting the loss, on the other hand, puts the security of the protected account at risk and potentially leaves the user liable. We propose a simple architectural solution with wide applicability that allows the user to reap the security benefit of reporting the loss early, but without paying the corresponding usability penalty if the event was later discovered to be a false alarm.
    9 schema:editor N61a54499f99f47e49d1593b0d7888b11
    10 schema:genre chapter
    11 schema:inLanguage en
    12 schema:isAccessibleForFree true
    13 schema:isPartOf N1e466b71df9c49b2b44ec4fa82832867
    14 schema:name Red Button and Yellow Button: Usable Security for Lost Security Tokens
    15 schema:pagination 165-171
    16 schema:productId N25e6a0f5b4aa4802bf6222cc03da106f
    17 N3758beb6250c42babafbd3fb3e716277
    18 N8572ce7c622b4a69b0083403ab1dab16
    19 schema:publisher Nf4f8650c6c224d65b52ad6793f0a8570
    20 schema:sameAs https://app.dimensions.ai/details/publication/pub.1090775585
    21 https://doi.org/10.1007/978-3-319-62033-6_19
    22 schema:sdDatePublished 2019-04-15T20:44
    23 schema:sdLicense https://scigraph.springernature.com/explorer/license/
    24 schema:sdPublisher N472574ae315c4b0a92e31e6825f114e6
    25 schema:url http://link.springer.com/10.1007/978-3-319-62033-6_19
    26 sgo:license sg:explorer/license/
    27 sgo:sdDataset chapters
    28 rdf:type schema:Chapter
    29 N01baa9a0ff3a45d18ac0a3332814bb51 rdf:first sg:person.015752742217.50
    30 rdf:rest Na3795f89acdb43dca0dbacc8991637ab
    31 N1c5b8630da64422e95d035beb2f38ba5 rdf:first sg:person.012057510223.72
    32 rdf:rest N01baa9a0ff3a45d18ac0a3332814bb51
    33 N1e466b71df9c49b2b44ec4fa82832867 schema:isbn 978-3-319-62032-9
    34 978-3-319-62033-6
    35 schema:name Security Protocols XXIV
    36 rdf:type schema:Book
    37 N201459f644224ac99464ab7865fcf8ac rdf:first N2ef55ea7d04f4ed8896fd41a8a805a39
    38 rdf:rest rdf:nil
    39 N25e6a0f5b4aa4802bf6222cc03da106f schema:name doi
    40 schema:value 10.1007/978-3-319-62033-6_19
    41 rdf:type schema:PropertyValue
    42 N29df911a956d4f62b637c7cbdabbd17b rdf:first N495d0917c77244aea6d4c12a9093fdaa
    43 rdf:rest Na1b33356267045e2b06aab2d20f30d60
    44 N2ef55ea7d04f4ed8896fd41a8a805a39 schema:familyName Stajano
    45 schema:givenName Frank
    46 rdf:type schema:Person
    47 N3758beb6250c42babafbd3fb3e716277 schema:name dimensions_id
    48 schema:value pub.1090775585
    49 rdf:type schema:PropertyValue
    50 N3caf1a0a1d1148428175251ce34b2aa3 schema:familyName Anderson
    51 schema:givenName Jonathan
    52 rdf:type schema:Person
    53 N472574ae315c4b0a92e31e6825f114e6 schema:name Springer Nature - SN SciGraph project
    54 rdf:type schema:Organization
    55 N495d0917c77244aea6d4c12a9093fdaa schema:familyName Matyáš
    56 schema:givenName Vashek
    57 rdf:type schema:Person
    58 N4d9242bd4cd1458786b3a894d2e89345 rdf:first sg:person.015754042145.63
    59 rdf:rest rdf:nil
    60 N61a54499f99f47e49d1593b0d7888b11 rdf:first N3caf1a0a1d1148428175251ce34b2aa3
    61 rdf:rest N29df911a956d4f62b637c7cbdabbd17b
    62 N8572ce7c622b4a69b0083403ab1dab16 schema:name readcube_id
    63 schema:value 779bde257c39a9d71fb8dd07d3d19af22fe6166238477c5629b183f16aefac91
    64 rdf:type schema:PropertyValue
    65 Na1b33356267045e2b06aab2d20f30d60 rdf:first Nc0d7defbcbb648fe8d07bb4036800758
    66 rdf:rest N201459f644224ac99464ab7865fcf8ac
    67 Na3795f89acdb43dca0dbacc8991637ab rdf:first sg:person.010654463564.24
    68 rdf:rest N4d9242bd4cd1458786b3a894d2e89345
    69 Nc0d7defbcbb648fe8d07bb4036800758 schema:familyName Christianson
    70 schema:givenName Bruce
    71 rdf:type schema:Person
    72 Nf4f8650c6c224d65b52ad6793f0a8570 schema:location Cham
    73 schema:name Springer International Publishing
    74 rdf:type schema:Organisation
    75 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
    76 schema:name Information and Computing Sciences
    77 rdf:type schema:DefinedTerm
    78 anzsrc-for:0801 schema:inDefinedTermSet anzsrc-for:
    79 schema:name Artificial Intelligence and Image Processing
    80 rdf:type schema:DefinedTerm
    81 sg:grant.3798313 http://pending.schema.org/fundedItem sg:pub.10.1007/978-3-319-62033-6_19
    82 rdf:type schema:MonetaryGrant
    83 sg:person.010654463564.24 schema:affiliation https://www.grid.ac/institutes/grid.5335.0
    84 schema:familyName Llewellyn-Jones
    85 schema:givenName David
    86 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010654463564.24
    87 rdf:type schema:Person
    88 sg:person.012057510223.72 schema:affiliation https://www.grid.ac/institutes/grid.46078.3d
    89 schema:familyName Goldberg
    90 schema:givenName Ian
    91 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012057510223.72
    92 rdf:type schema:Person
    93 sg:person.015752742217.50 schema:affiliation https://www.grid.ac/institutes/grid.5335.0
    94 schema:familyName Jenkinson
    95 schema:givenName Graeme
    96 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015752742217.50
    97 rdf:type schema:Person
    98 sg:person.015754042145.63 schema:affiliation https://www.grid.ac/institutes/grid.5335.0
    99 schema:familyName Stajano
    100 schema:givenName Frank
    101 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015754042145.63
    102 rdf:type schema:Person
    103 sg:pub.10.1007/978-3-642-25867-1_6 schema:sameAs https://app.dimensions.ai/details/publication/pub.1037644204
    104 https://doi.org/10.1007/978-3-642-25867-1_6
    105 rdf:type schema:CreativeWork
    106 sg:pub.10.1007/978-3-642-32946-3_3 schema:sameAs https://app.dimensions.ai/details/publication/pub.1042848834
    107 https://doi.org/10.1007/978-3-642-32946-3_3
    108 rdf:type schema:CreativeWork
    109 https://www.grid.ac/institutes/grid.46078.3d schema:alternateName University of Waterloo
    110 schema:name University of Waterloo
    111 rdf:type schema:Organization
    112 https://www.grid.ac/institutes/grid.5335.0 schema:alternateName University of Cambridge
    113 schema:name University of Cambridge
    114 rdf:type schema:Organization
     




    Preview window. Press ESC to close (or click here)


    ...