Title: Moving from passwords to authenticators
Advisor: Yoshi Kohno
Supervisory Committee: Yoshi Kohno (Chair), Edward Mack (GSR, Asian Languages & Literature), Alexei Czeskis (Google), and Franzi Roesner
Abstract:
Humans have used passwords for access control since ancient times. Upon the advent of the internet, passwords naturally transitioned to the web and have since become the standard mode of web authentication. However, over the last 25 years, certain issues with password authentication have proven to be unavoidable security and usability problems. Many within the computer security industry believe that we can improve the state of the art in both security and usability by utilizing asymmetric challenge-response protocols for authentication. For example, the FIDO Alliance, a group of industry and academic partners working together to bring secure and usable authentication protocols to the web, utilize such asymmetric cryptographic protocols to help strengthen the authentication flow. However, despite industry and academic desire to improve web authentication, passwords remain the status quo for users. In this dissertation proposal, I present the landscape of authentication protocols and attempt to solve some of the remaining technical challenges that prevent modern authentication schemes from supplanting passwords as the dominant method of web authentication.