Authors:
Panayiotis Charalambous
;
Marios Karapetris
and
Elias Athanasopoulos
Affiliation:
University of Cyprus and Cyprus
Keyword(s):
Authentication, Passwords, PKI.
Related
Ontology
Subjects/Areas/Topics:
Access Control
;
Applied Cryptography
;
Cryptographic Techniques and Key Management
;
Data and Application Security and Privacy
;
Data Engineering
;
Databases and Data Security
;
Identification, Authentication and Non-Repudiation
;
Identity Management
;
Information and Systems Security
;
Internet Technology
;
Security and Privacy in Web Services
;
Web Information Systems and Technologies
Abstract:
We deploy PKI for human authentication. We use a publicly available infrastructure, namely Keybase, for managing public-key pairs across devices. In addition, Keybase offers us several features for identifying users in social networks and a login-to-Keybase process which is password-less, meaning that authentication takes place using digital signatures produced by an Elliptic Curve (EC) cryptosystem. By using Keybase, we minimize the required cryptographic keys to the absolute minimum: one. We transform Keybase to a Single Sign-On (SSO) service which can vet users for using other services, exactly as it happens now with very popular, but entirely password-based, services. We implement two authentication schemes based on Keybase, KAuth and KAuth+, and we evaluate them using a state-of-the-art methodology.