Password Attacks and Human-in-the-Loop Protocols
Dr. Paul Van Oorschot
ABSTRACT
A recently proposed innovative login protocol (Pinkas and Sander,
2002) protects against online guessing attacks by employing a
combination of cookies and so-called human-in-the-loop techniques.
We improve its usability for users who frequently
log in from machines other than that they use regularly,
and strengthen its security using records of historical
account-specific login failures. Joint work with
Stuart Stubblebine, to be presented at Financial
Cryptography'04. Preliminary paper available at
http://www.scs.carleton.ca/~paulv/papers/pubs.html
BIOGRAPHY
Paul Van Oorschot is a Professor in the School of Computer Science at
Carleton University, and Canada Research Chair in Network and Software
Security. He is the Director of Carleton's
Digital Security Group.
Since earning his 1988 PhD
(Waterloo), he has been
active in industrial security and applied
cryptography research with a number of companies including Bell-Northern
Research, Nortel Networks, Entrust Technologies, Cloakware Corp., and
Alcatel.