BIB-VERSION:: CS-TR-v2.0
ID:: ncstrl.dartmouthcs//TR2008-632
ENTRY:: August 04, 2008
ORGANIZATION:: Dartmouth College, Computer Science
REQUESTED-BY:: sws@cs.dartmouth.edu
REQUESTED-FOR:: akapadia@cs
REQUESTED-DATE:: Thu Jul 31 18:15:39 EDT 2008
TITLE:: TwoKind Authentication: Protecting Private Information in Untrustworthy Environments (Extended Version)
TYPE:: Technical Report (paper)
REVISION:: 1
AUTHOR:: Bailey, Katelin
AUTHOR:: Kapadia, Apu
AUTHOR:: Vongsathorn, Linden
AUTHOR:: Smith, Sean W.
DATE:: August 2008
EMBARGO:: 08/17/2008
RETRIEVAL:: For a paper copy, email <reports@cs.dartmouth.edu>
RETRIEVAL:: For a paper copy, write to
       Technical Report Librarian
       Department of Computer Science
       Dartmouth College
       6211 Sudikoff Laboratory
       Hanover, NH 03755-3510
       USA
RETRIEVAL:: PDF at http://www.cs.dartmouth.edu/reports/TR2008-632.pdf
ABSTRACT:: 
 We propose and evaluate TwoKind Authentication, a simple and effective technique that allows users to limit access to their private information in untrustworthy environments. Users often log in to Internet sites from insecure computers, and more recently have started divulging their email passwords to social-networking sites, thereby putting their private communications at risk. To mitigate this problem, we explore the use of multiple authenticators for the same account that are associated with specific sets of privileges. In its simplest form, TwoKind features two modes of authentication, a low and a high authenticator. By using a low authenticator, users can signal to the server they are in an untrusted environment, following which the server restricts the user's actions, including access to private data.
 In this paper, we seek to evaluate the effectiveness of multiple authenticators in promoting safer behavior in users. We demonstrate the effectiveness of this approach through a user experiment --- we find that users make a distinction between the two authenticators and generally behave in a security-conscientious way, protecting their high authenticator a majority of the time. Our study suggests that TwoKind will be beneficial to several Internet applications, particularly if the privileges can be customized to a user's security preferences.
NOTE:: 
Expanded version of the WPES 2008 paper.
END:: ncstrl.dartmouthcs//TR2008-632

From dfk Sun Aug 17 08:00:00 2008
To: XBIB.2008/TR2008-632.xbib
Subject: do-update