Interdisciplinary Research Group in Socio-technical CybersecurityAuthentication and Key Management Automation in Decentralized Secure Email and Messaging via Low-Entropy SecretsItzel Vazquez Sandoval, Arash Atashpendar, Gabriele LenziniAbstract:We revisit the problem of entity authentication in decentralized end-to-end encrypted email and secure messaging to propose a practical and self-sustaining cryptographic solution based on password-authenticated key exchange (PAKE). This not … Continued
Interdisciplinary Research Group in Socio-technical CybersecurityA Critical Security Analysis of the Password-Based Authentication Honeywords System Under Code-Corruption AttackZiya Alper Genç, Gabriele Lenzini, Peter Y. A. Ryan, Itzel Vazquez SandovalAbstract:Password-based authentication is a widespread method to access into systems, thus password files are a valuable resource often target of attacks. To detect when a password file … Continued
Interdisciplinary Research Group in Socio-technical CybersecurityA Formal Security Analysis of the pEp Authentication Protocol for Decentralized Key Distribution and End-to-End Encrypted EmailVazquez Sandoval Itzel, Lenzini GabrieleAbstract:To send encrypted emails, users typically need to create and exchange keys which later should be manually authenticated, for instance, by comparing long strings of characters. These tasks are cumbersome … Continued
The set of impressions that a user has about distinct aspects of a system depends on the experience perceived while interacting with the system.
Interdisciplinary Research Group in Socio-technical CybersecurityA Protocol to Strengthen Password-Based AuthenticationVazquez Sandoval Itzel, Lenzini Gabriele, Stojkovski BorceAbstract:We discuss a password-based authentication protocol that we argue to be robust against password-guessing and o-line dictionary attacks. The core idea is to hash the passwords with a seed that comes from an OTP device, making the resulting identity … Continued
Interdisciplinary Research Group in Socio-technical CybersecurityExperience report: How to extract security protocols’ specifications from C librariesItzel Vazquez Sandoval, Gabriele LenziniAbstract:Often, analysts have to face a challenging situation when formally verifying the implementation of a security protocol: they need to build a model of the protocol from only poorly or not documented code, and with little … Continued
Interdisciplinary Research Group in Socio-technical CybersecurityA Security Analysis, and a Fix, of a Code-Corrupted Honeywords SystemGenç Ziya Alper, Lenzini Gabriele, Ryan Peter, Vazquez Sandoval ItzelAbstract:In 2013 Juels and Rivest introduced the Honeywords System, a password-based authentication system designed to detect when a password file has been stolen. A Honeywords System stores passwords together with indistinguishable … Continued