(2021) On the Usability of Authenticity Checks for Hardware Security Tokens.
|
Text
USENIX_USec_Hardware_Attestation.pdf Download (613kB) | Preview |
Abstract
The ultimate responsibility to verify whether a newly purchased hardware security token (HST) is authentic and unmodified lies with the end user. However, recently reported attacks on such tokens suggest that users cannot take the security guarantees of their HSTs for granted - even despite widely deployed authenticity checks. We present the first comprehensive market review evaluating the effectiveness and usability of authenticity checks for the most commonly used HSTs. Furthermore, we conducted a survey (n=194) to examine users’ perceptions and usage of these checks. We found that due to a lack of transparency and information, users often do not carry out - or are not aware of - essential checks but rely on less meaningful methods. Moreover, our results confirm that currently deployed authenticity checks cannot mitigate all variants of distribution attacks. Furthermore, some authenticity concepts of different manufacturers contradict each other. To address these challenges, we suggest a combination of already deployed and novel authenticity checks as well as a user-centered transparent design.
Item Type: | Conference or Workshop Item (A Paper) (Paper) |
---|---|
Divisions: | Katharina Krombholz (Human-Oriented Security, HOS) |
Conference: | USENIX-Security Usenix Security Symposium |
Depositing User: | Katharina Krombholz |
Date Deposited: | 04 Feb 2021 11:16 |
Last Modified: | 12 Feb 2021 15:08 |
Primary Research Area: | NRA5: Empirical & Behavioral Security |
URI: | https://publications.cispa.saarland/id/eprint/3352 |
Actions
Actions (login required)
View Item |