The development of interfaces for trustworthy information has not progressed at the same rate as computing technology in general. Today we enter passwords using a text-based interface that we assume is trustworthy, much like what we did thirty-plus years ago.
On June 19, 2006 I attended (and gave a talk at) the TIPPI Workshop that was held on the Stanford University campus. TIPPI stands for “Trustworthy Interfaces for Passwords and Personal Information”. The workshop brings together people who design security schemes with those who build user interfaces. The goal is to help solve the problem of designing trustworthy user interfaces, which has specific implications for fighting online fraud, especially when it comes to phishing.
There has been considerable progress in designing protocols for secure password authentication. For example, password authenticated key exchange (PAKE) protocols provide an excellent level of cryptographic security. These protocols give consideration to several methods of protection, which I have listed here:
• The protocols are secure against offline dictionary attacks. That is, an attacker cannot figure out a way to go offline and try every possible password until one “works”, even if the attacker eavesdrops or actively participates in the protocol.
• The protocols provide mutual authentication. That is, both sides are assured that they are talking to the correct party. Today, most protocols only provide uni-directional authentication (you tell the other party your password and they believe you are who you say you are, but you still do not know if the other party is legitimate).
• The protocols allow users to choose their own passwords. That is, the protocol does not have to generate some strange password that the user finds hard to remember.
Despite these excellent features, there is one very subtle shortcoming that PAKE schemes suffer from (as do most other cryptographic protocols for user authentication). There is nothing forcing a malicious party to use the protocol. Even if your bank decides to implement a PAKE protocol for its authentication on its Web page, someone who is trying to spoof your bank’s Web page (for example, in a phishing attack) is not obliged to implement a protocol that provides this level of security. To make PAKE and other protocols really work, one must consider how to tie the user interface into the protocol itself.
If you get the chance, I would highly encourage you to check out the TIPPI Web page that contains slides for many of the talks from the workshop.