Advanced search
Start date
Betweenand

Addressing human factors in the design of cryptographic solutions: a two-case study in item validation and authentication

Grant number: 09/02350-3
Support Opportunities:Scholarships in Brazil - Doctorate
Effective date (Start): July 01, 2009
Effective date (End): October 01, 2011
Field of knowledge:Physical Sciences and Mathematics - Computer Science - Theory of Computation
Principal Investigator:Ricardo Dahab
Grantee:Fabio Rogério Piva
Host Institution: Instituto de Computação (IC). Universidade Estadual de Campinas (UNICAMP). Campinas , SP, Brazil

Abstract

Designing secure cryptographic solutions from a purely theoretical perspective is not enough to guarantee their success in a realistic scenario. Many times, the assumptions under which these solutions are designed could not be further from real-world necessities. One particular, often-overlooked aspect that may impact how the solution performs after deployment is how the final user interacts with it (i.e., human factors). In this work, we take a deeper look into this issue by analyzing two well known application scenarios from Information Security research: The electronic commerce of digital items and Internet banking. Fair exchange protocols have been widely studied, but are still not implemented on most e-commercetransactions available. For several types of digital items (e-goods),the current e-commerce business model fails to provide fairness tocustomers. A critical step in fair exchange is item validation, which still lacks proper attention from researchers.We believe this issue should be addressed in a comprehensive and integrated fashion before fair exchange protocols can be effectively deployed in the marketplace. More generally, we also believe this to be the consequence of ongoing system-oriented security solution design paradigms that are data-centered, as opposed to user-centered, thus leading to methods and techniques that often disregard users' requirements.We contextualize how, byoverlooking the subtleties of the item validation problem, thefor buying and selling digital items fails to provideguarantees of a successful transaction outcome to customers, thusbeing unfair by design. We also introduce the concept of ReversibleDegradation, a method for enhancing buy-sell transactions concerningdigital items that inherently includes the item validation step in thepurchase protocol in order to tackle the discussed problems. As a proof of concept, we produce a deliverable instantiation of Reversible Degradation based on systematic error correction codes (SECCs), suitable for multimedia content. This method is also the byproduct of an attempt to include users' requirements into the cryptographic method construction process, an approach that we further develop into a so-called item-aware protocol design.From a similar perspective, we also propose a novel method for user and transaction authentication for Internet Banking scenarios. The proposed method, which uses Visual Cryptography, takes both technical and user requirements into account, and is suitable as a secure -- yet intuitive -- component for practical transaction authentication scenarios.

News published in Agência FAPESP Newsletter about the scholarship:
More itemsLess items
Articles published in other media outlets ( ):
More itemsLess items
VEICULO: TITULO (DATA)
VEICULO: TITULO (DATA)

Academic Publications
(References retrieved automatically from State of São Paulo Research Institutions)
PIVA, Fabio Rogério. Abordando fatores humanos no projeto de soluções criptográficas: dois estudos de caso em validação de itens e autenticação. 2014. Doctoral Thesis - Universidade Estadual de Campinas (UNICAMP). Instituto de Computação Campinas, SP.

Please report errors in scientific publications list using this form.