English
Related papers

Related papers: TUSH-Key: Transferable User Secrets on Hardware Ke…

200 papers

Authentication systems have evolved a lot since the 1960s when Fernando Corbato first proposed the password-based authentication. In 2013, the FIDO Alliance proposed using secure hardware for authentication, thus marking a milestone in the…

Cryptography and Security · Computer Science 2025-10-27 Aditya Mitra , Sibi Chakkaravarthy Sethuraman

Credential theft and remote attacks are the most serious threats to user authentication mechanisms. The crux of these problems is that we cannot control such behaviors. However, if a password does not contain user secrets, stealing it is…

Cryptography and Security · Computer Science 2024-06-03 Suyun Borjigin

Phishing attacks remain one of the most prevalent threats to online security, with the Anti-Phishing Working Group reporting over 890,000 attacks in Q3 2025 alone. Traditional password-based authentication is particularly vulnerable to such…

Cryptography and Security · Computer Science 2026-04-23 Alexander Berladskyy , Andreas Aßmuth

Password-authenticated identities, where users establish username-password pairs with individual servers and use them later on for authentication, is the most widespread user authentication method over the Internet. Although they are…

Cryptography and Security · Computer Science 2021-09-17 Pawel Szalachowski

Threats to passwords are still very relevant due to attacks like phishing or credential stuffing. One way to solve this problem is to remove passwords completely. User studies on passwordless FIDO2 authentication using security tokens…

Cryptography and Security · Computer Science 2021-05-27 Johannes Kunke , Stephan Wiefling , Markus Ullmann , Luigi Lo Iacono

Modern smartphones support FIDO2 passwordless authentication using either external security keys or internal biometric authentication, but it is unclear whether users appreciate and accept these new forms of web authentication for their own…

Cryptography and Security · Computer Science 2023-04-21 Leon Würsching , Florentin Putz , Steffen Haesler , Matthias Hollick

User authentication can rely on various factors (e.g., a password, a cryptographic key, biometric data) but should not reveal any secret or private information. This seemingly paradoxical feat can be achieved through zero-knowledge proofs.…

Cryptography and Security · Computer Science 2020-09-15 Laurent Chuat , Sarah Plocher , Adrian Perrig

Personal cryptographic keys are the foundation of many secure services, but storing these keys securely is a challenge, especially if they are used from multiple devices. Storing keys in a centralized location, like an Internet-accessible…

Cryptography and Security · Computer Science 2018-10-04 Arseny Kurnikov , Andrew Paverd , Mohammad Mannan , N. Asokan

The proliferation of consumer IoT products in our daily lives has raised the need for secure device authentication and access control. Unfortunately, these resource-constrained devices typically use token-based authentication, which is…

Cryptography and Security · Computer Science 2024-03-25 Yue Xiao , Yi He , Xiaoli Zhang , Qian Wang , Renjie Xie , Kun Sun , Ke Xu , Qi Li

Authentication and authorization are critical security layers to protect a wide range of online systems, services and content. However, the increased prevalence of wearable and mobile devices, the expectations of a frictionless experience…

Cryptography and Security · Computer Science 2018-02-21 Tim Van hamme , Vera Rimmer , Davy Preuveneers , Wouter Joosen , Mustafa A. Mustafa , Aysajan Abidin , Enrique Argones Rúa

Many users would prefer the privacy of end-to-end encryption in their online communications if it can be done without significant inconvenience. However, because existing key distribution methods cannot be fully trusted enough for automatic…

Cryptography and Security · Computer Science 2013-12-02 Stuart Heinrich

Current authentication methods on the Web have serious weaknesses. First, services heavily rely on the traditional password paradigm, which diminishes the end-users' security and usability. Second, the lack of attribute-based authentication…

Single sign-on (SSO) allows users to authenticate to third-party applications through a central identity provider. Despite their wide adoption, deployed SSO systems suffer from privacy problems such as user tracking by the identity…

Cryptography and Security · Computer Science 2023-12-15 Rongwu Xu , Sen Yang , Fan Zhang , Zhixuan Fang

The Internet of Things (IoT) is rapidly increasing the number of connected devices. This causes new concerns towards solutions for authenticating numerous IoT devices. Most of these devices are resource-constrained. Therefore, the use of…

Cryptography and Security · Computer Science 2020-12-07 Mohammad Mohammadinodoushan

Unequivocally, a single man in possession of a strong password is not enough to solve the issue of security. Studies indicate that passwords have been subjected to various attacks, regardless of the applied protection mechanisms due to the…

Cryptography and Security · Computer Science 2021-07-02 Anna Angelogianni , Ilias Politis , Christos Xenakis

Cloud computing is a revolutionary concept that has brought a paradigm shift in the IT world. This has made it possible to manage and run businesses without even setting up an IT infrastructure. It offers multi-fold benefits to the users…

Cryptography and Security · Computer Science 2013-08-06 Rohit Bhadauria , Rajdeep Borgohain , Abirlal Biswas , Sugata Sanyal

Cashless payment systems offer many benefits over cash, but also have some drawbacks. Fake terminals, skimming, wireless connectivity, and relay attacks are persistent problems. Attempts to overcome one problem often lead to another - for…

Cryptography and Security · Computer Science 2024-09-27 Jack Sturgess , Ivan Martinovic

Passkeys -- discoverable WebAuthn credentials synchronised across devices are widely promoted as the future of passwordless authentication. Built on the FIDO2 standard, they eliminate shared secrets and resist phishing while offering…

Cryptography and Security · Computer Science 2026-03-23 Prince Bhardwaj , Nishanth Sastry

With the advent of cloud technologies, there is a growing number of easy-to-use services to store files and share them with other cloud users. By providing security features, cloud service providers try to encourage users to store personal…

Cryptography and Security · Computer Science 2016-07-14 Kemal Bicakci , Davut Deniz Yavuz , Sezin Gurkan

Quantum Key Distribution (QKD) enables Information-Theoretically Secure (ITS) key exchange, robust even against future quantum computing threats. However, a fundamental limitation of QKD is the requirement for an authenticated classical…

Quantum Physics · Physics 2026-05-07 Nicolas Laurent-Puig , Mina Doosti , Adriano Innocenzi , Eleni Diamanti