|
Threat Modelling in User Performed Authentication
Date: October 2008 Publication: Proceedings of the 10th International Conference on Information and Communications Security (ICICS '08) Page(s): 49 - 64 Publisher: Springer-Verlag Source 1: https://www-users.cs.york.ac.uk/%7Ejac/PublishedPapers/ThreatModellingUserAuthenticationICICS2008.pdf Source 2: https://doi.org/10.1007/978-3-540-88625-9_4 - Subscription or payment required Abstract or Summary:
User authentication can be compromised both by subverting the system and by subverting the user; the threat modelling of the former is well studied, the latter less so. We propose a method to determine opportunities to subvert the user allowing vulnerabilities to be systematically identified. The method is applied to VeriSign’s OpenID authentication mechanism. Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.
<-- Back to Authentication Research Paper Index |