Mohammed H. Almeshekah, Mikhail J. Atallah and Eugene H. Spafford
[Paper] SPW’13, in Security Protocols XXI (B. Christianson, J. Malcolm, F. Stajano, and J. Anderson, eds.), vol. 8263 of Lecture Notes in Computer Science, Springer Berlin Heidelberg, 2013
[Poster] 14th Annual Information Security Symposium, CERIAS, Purdue, March 2013 (3rd Best Paper Award
Paper (full text)
ABSTRACT: This paper argues the need for providing a covert back- channel communication mechanism in authentication protocols, discusses various practical uses for such a channel, and desirable features for its design and deployment. Such a mechanism would leverage the current authentication channel to carry out the covert communication rather than introducing a separate one. The communication would need to be oblivious to an adversary observing it, possibly as a man-in-the-middle. We discuss the properties that such channels would need to have for the various scenarios in which they would be used. Also, we show their potential for mitigating the effects of a number of security breaches currently occurring in these scenarios.
Paper Presentation During the Workshop: