CISPA
Browse
cispa_all_3352.pdf (599.58 kB)

On the Usability of Authenticity Checks for Hardware Security Tokens

Download (599.58 kB)
conference contribution
posted on 2023-11-29, 18:15 authored by Katharina Pfeffer, Alexandra Mai, Adrian DabrowskiAdrian Dabrowski, Matthias Gusenbauer, Philipp Schindler, Edgar Weippl, Michael Franz, Katharina KrombholzKatharina Krombholz
The ultimate responsibility to verify whether a newly purchased hardware security token (HST) is authentic and unmodified lies with the end user. However, recently reported attacks on such tokens suggest that users cannot take the security guarantees of their HSTs for granted - even despite widely deployed authenticity checks. We present the first comprehensive market review evaluating the effectiveness and usability of authenticity checks for the most commonly used HSTs. Furthermore, we conducted a survey (n=194) to examine users’ perceptions and usage of these checks. We found that due to a lack of transparency and information, users often do not carry out - or are not aware of - essential checks but rely on less meaningful methods. Moreover, our results confirm that currently deployed authenticity checks cannot mitigate all variants of distribution attacks. Furthermore, some authenticity concepts of different manufacturers contradict each other. To address these challenges, we suggest a combination of already deployed and novel authenticity checks as well as a user-centered transparent design.

History

Preferred Citation

Katharina Pfeffer, Alexandra Mai, Adrian Dabrowski, Matthias Gusenbauer, Philipp Schindler, Edgar Weippl, Michael Franz and Katharina Krombholz. On the Usability of Authenticity Checks for Hardware Security Tokens. In: Usenix Security Symposium (USENIX-Security). 2021.

Primary Research Area

  • Empirical and Behavioral Security

Name of Conference

Usenix Security Symposium (USENIX-Security)

Legacy Posted Date

2021-02-04

Open Access Type

  • Green

BibTeX

@inproceedings{cispa_all_3352, title = "On the Usability of Authenticity Checks for Hardware Security Tokens", author = "Pfeffer, Katharina and Mai, Alexandra and Dabrowski, Adrian and Gusenbauer, Matthias and Schindler, Philipp and Weippl, Edgar and Franz, Michael and Krombholz, Katharina", booktitle="{Usenix Security Symposium (USENIX-Security)}", year="2021", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC