We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Vanquishing Voyeurs: Secure Ways to Authenticate Insecurely

3
 Zitieren
 Teilen
 Zugehöriges Material
 Herunterladen
 Bestellen
Kein Logo verfügbarDEF CON
 Zoz Bianchi, Andrea

Formale Metadaten

Titel
Vanquishing Voyeurs: Secure Ways to Authenticate Insecurely
Serientitel
Anzahl der Teile
122
Autor
Lizenz
CC-Namensnennung 3.0 Unported:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.
Identifikatoren
Herausgeber
Erscheinungsjahr
Sprache

Inhaltliche Metadaten

Fachgebiet
Genre
Abstract
https://www.defcon.org/images/defcon-19/dc-19-presentations/Zoz-Bianchi/DEFCON-19-Zoz-Bianchi-Vanquishing-Voyeurs.pdf Zoz, Andrea Bianchi - Vanquishing Voyeurs: Secure Ways To Authenticate Insecurely Observation is one of the principal means of compromise of authentication methods relying on secret information such as PINs and login/password combinations. Attackers can gather this information via observation, either from without by methods such as shoulder surfing and camera-based ATM skimmers, or from within by methods such as keystroke loggers and button-overlay-based ATM skimmers. Though these vulnerabilities of PIN/password based authentication mechanisms are well known, they have been difficult to correct due to the prevalence and general acceptance of such systems -- they are used in essentially all ATMs, mobile device locking mechanisms, and most web-based authentication schemes. It is difficult to avoid at least the occasional use of untrusted public terminals and devices and the unlocking of one's mobile device in public. We therefore present our research into devices and techniques for mitigating the threat of credential compromise when doing so. These include haptic and auditory mechanisms for password entry into public terminals, mobile device tools for turning one's mobile device into an observation-resistant password entry system, and strategies and tools for secure password entry in the presence of keyloggers and other input recording devices. These techniques can successfully evade observation even when one does not have administrative control of the terminal, as in the case of internet cafe computers and public ATMs. Zoz is a robotics interface designer and rapid prototyping specialist. He is co-founder of Cannytrophic Design in Boston and CTO of BlueSky in San Francisco. He is a visiting professor at KAIST in Korea. He is best known for the Discovery Channel shows 'Prototype This!' and 'Time Warp', and for faking a crop circle. Andrea Bianchi is an interface inventor and designer. He is the director of the DALSMA (Digital Architecture and Large Scale Media Art) conference and is currently completing his PhD in Culture Technology at KAIST in Korea. He owns 19 pairs of glasses.