Level-3 exam - Mohammed Jubur

This is a past event.

Title: On the Security and Usability of New Paradigms of Web Authentication 

Abstract: 

Passwords are widely used by web services to authenticate their users. Unfortunately, passwords suffer from several well-documented security and usability issues. The two of the main techniques to address password problems are password managers and two-factor authentication (2FA), which form the central focus of this dissertation work. 

In particular, we explore the security and usability of newly proposed and emerging forms of password managers and 2FA systems. We first investigate a “store-less” online password manager that can prevent the leakage of the passwords from the password manager service itself. We also design and evaluate a new 2FA scheme that offers end-to-end security protection with user interaction models different from currently deployed2FA schemes. Further, we investigate the currently deployed password management and 2FA schemes in terms of their security and usability. 

This dissertation comprises two parts: password management and two-factor authentication. In the first part of the dissertation, we first study the usability of a new class of online password managers (referred to as HIPPO) that does not reveal the password or the master password to the password management service itself. Second, we compare the usability and the security of two forms of password management, a store-less password manager (i.e., HIPPO)and traditionally- deployed store-based password managers(e.g., LastPass). In the second part of this dissertation, we first study the usability of a recently designed 2FA protocol (referred to as Op-2FA), which aims to provide optimal security from both server-side and authentication terminal sides based on simple and flexible users interaction modes. Second, we introduce and study a fundamental design vulnerability of push-based 2FA (a form of “Just Confirm” approach such as Duo Push), and we run a lab study to investigate this vulnerability. Third, we evaluate the usability and security of the “Compare-and-Confirm” approach of push-based 2FA. We consider two scenarios where the user deploys a second-factor device physically separated from the authentication terminal, and when the user utilizes the second-factor device as the authentication terminal itself. 

Monday, July 12 at 11:15am to 12:05pm

Virtual Event
Event Type

Lectures & Presentations

Department
Department of Computer Science
Subscribe
Google Calendar iCal Outlook

Recent Activity

UAB is an Equal Opportunity/Affirmative Action Employer committed to fostering a diverse, equitable and family-friendly environment in which all faculty and staff can excel and achieve work/life balance irrespective of race, national origin, age, genetic or family medical history, gender, faith, gender identity and expression as well as sexual orientation. UAB also encourages applications from individuals with disabilities and veterans.