MétaCan
Menu
Back to cohort
Record W2157242295 · doi:10.22215/etd/2009-06380

Authentication and securing personal information in an untrusted internet

2009· dissertation· en· W2157242295 on OpenAlex
Mohammad Mannan

Why this work is in the frame

A frame that forgets how it found something cannot be audited. These are the routes that admitted this work.

aboutThe title or abstract carries a Canadian signal from the geographic lexicon.
no affNo Canadian affiliation: this work is invisible to an affiliation-only frame.
No Canadian affiliation. An affiliation-only frame, the usual design, would never have seen this work. It is one of the works that make the case for inverting the frame.

Bibliographic record

Venuenot available
Typedissertation
Languageen
FieldComputer Science
TopicUser Authentication and Security Systems
Canadian institutionsnot available
Fundersnot available
KeywordsComputer sciencePasswordComputer securityLoginPhishingAuthentication (law)UsabilityWorld Wide WebThe InternetInternet privacyInternet securityInformation securitySecurity serviceHuman–computer interaction

Abstract

fetched live from OpenAlex

A large number of user PCs are currently infected with different types of malicious software including spyware, keyloggers, and rootkits. In general, any Internet-connected end-host cannot be fully trusted. In addition to this compromised host problem, attacks exploiting usability drawbacks of web services and security tools when used by everyday users, and semantic attacks such as phishing are commonly observed. In the given untrusted environment, traditional threat models which assume trusted end-hosts need to be re-evaluated. We propose a number of techniques to improve the trustworthiness of the web considering the current untrusted environment. To understand what is expected from regular users for performing sensitive online tasks, we review security requirements of six Canadian online banks, and identified an emerging gap between these requirements and usability. Instead of requiring users to follow an extensive list of security best-practices for online banking, we propose the Mobile Password Authentication (MP-Auth) protocol. Using a trusted personal device (e.g., cellphone) in conjunction with a PC, MP-Auth protects a user's long-term login credentials, and offers transaction integrity assuming the user PC is untrustworthy and the user is unaware of phishing attacks. MP-Auth's security largely depends on user-chosen passwords, which are generally weak. To assist users in generating strong but usable passwords, we propose an Object-based Password (ObPwd) scheme which creates text passwords from user-selected objects, e.g., photos or music files. As part of the compromised host problem, we further assume that sensitive identity numbers (e.g., Social Insurance Number) will eventually be breached. To reduce the value of compromised credential information to attackers in such a scenario, we propose the use of localized ID numbers that are valid only for a particular relying party. A similar localization approach for banking PINs to prevent exploitation of compromised PINs from intermediate banking switches is also proposed.

Fetched live from OpenAlex and de-inverted. Abstracts are not stored in this database: the inverted indexes are 8.6 GB of the frame’s 9.3 GB of text, and the host has 13 GB free.

Full frame distilled prediction

Teacher imitation

Not calibrated prevalence, not ground truth. Human validation pending. Learned from the 10,348 direct Codex labels and 10,348 direct Gemma labels. Candidate is the union of thresholded teacher heads; consensus is their intersection. These outputs are machine_predicted_unvalidated and are not human labels or direct frontier model labels.

metaresearch head score (Codex)0.000
metaresearch head score (Gemma)0.000
Version: codex-gemma-dda1882f352aValidation status: machine_predicted_unvalidated
Candidate categoriesnone
Consensus categoriesnone
DomainCandidate signal: none · Consensus signal: none
Study designCandidate signal: Simulation or modeling · Consensus signal: none
GenreCandidate signal: Empirical · Consensus signal: Empirical
Teacher disagreement score0.866
Threshold uncertainty score0.693

Codex and Gemma teacher scores by category

CategoryCodexGemma
Metaresearch0.0000.000
Meta-epidemiology (narrow)0.0000.000
Meta-epidemiology (broad)0.0000.000
Bibliometrics0.0000.000
Science and technology studies0.0000.000
Scholarly communication0.0010.002
Open science0.0000.000
Research integrity0.0000.000
Insufficient payload (model declined to judge)0.0000.000

Machine scores (provisional)

The two teacher heads of the student model, read on this work. A score orders the frame for review; it never asserts a category, and the validation status ships verbatim with every row.

Baseline scores from an immature model (maturity gate not passed, 7 training rounds). Scores rank; they never assert a category.

Opus teacher head0.010
GPT teacher head0.252
Teacher spread0.242 · how far apart the two teachers sit on this one work
Validation statusscore_only:v0-immature-baseline · verbatim from the scoring run: score_only means the number may rank works, and no category label ships from it

Quick stats

Citations2
Published2009
Admission routes1
Has abstractyes

Explore more

Same topicUser Authentication and Security SystemsFrench-language works237,207