Yesterday, I submitted a paper to the 2010 ACM DIM (Digital Identity Management) workshop. My paper was about a project I have been working on the last semester. I used several different things in my projects, some of which I have written about before. Rather than try to explain the project now, I will show you the abstract. I’ll post the full paper once it is either officially accepted or rejected.
PEAR: A Hardware Based Protocol Authentication System
AbstractAs users have to manage an increasing number of ac-counts, they have to balance password security and pass-word usability. As such, many users use insecure pass-words resulting in their accounts and data being vulnerableto unauthorized accesses. In this paper, we present Phys-ically Enhanced Authentication Ring, or PEAR, a systemthat alleviates this problem. We leverage Physically Un-clonable Functions (PUF) to create unclonable hardwaredevices, which users use to authenticate. Using a hardwaredevice, our system uses zero-knowledge proofs, which pro-vide better security than traditional passwords, yet usersmust only enter a simple PIN. As such, our system is veryusable and imposes little to no burden on end users andservice providers. We present transaction levels on top ofPEAR of as an extension and then discuss some other workthat could be done in the future.