Password Attacks and Human-in-the-Loop Protocols

Dr. Paul Van Oorschot


ABSTRACT

A recently proposed innovative login protocol (Pinkas and Sander, 2002) protects against online guessing attacks by employing a combination of cookies and so-called human-in-the-loop techniques. We improve its usability for users who frequently log in from machines other than that they use regularly, and strengthen its security using records of historical account-specific login failures. Joint work with Stuart Stubblebine, to be presented at Financial Cryptography'04. Preliminary paper available at http://www.scs.carleton.ca/~paulv/papers/pubs.html

BIOGRAPHY

Paul Van Oorschot is a Professor in the School of Computer Science at Carleton University, and Canada Research Chair in Network and Software Security. He is the Director of Carleton's Digital Security Group. Since earning his 1988 PhD (Waterloo), he has been active in industrial security and applied cryptography research with a number of companies including Bell-Northern Research, Nortel Networks, Entrust Technologies, Cloakware Corp., and Alcatel.