The Future of Authenticating Websites (FAWN) – 2
Following the discussion at the Radboud University on the future of authenticating websites, I lead a similar discussion at TNO. This again lead to many remarks and suggestions, many of which were also raised in Nijmegen. But a few new observations were made as well.
Using a mobile phone number as an authentic identifier
This idea came up when I saw a guy in the train today, carrying a cardboard box with a number written on it.
I stared at the box, and it took a short while before I realised the number was a phone number. I wondered why that was, and then it occurred to me that maybe the guy carrying the box was the recipient of the box. Maybe the phone number on the box was used to call him up to say his parcel was waiting for him…
Fast anonymous credentials on smart cards
My group in Nijmegen, together with colleagues from TNO, have been working on efficient implementations of anonymous credentials on smart cards. Last year we managed to implement a simple authentication protocol (using self-blindable credentials) that executes a full protocol run in roughly 1.6 seconds on the card. We will present these results at the CARDIS 2010 conference at Passau, Germany, in a few weeks. But we have made some interesting progress the last month, that allows us to run the protocol in 0.6 seconds on the card instead.
SMS authenticatie: nog steeds waardevol (voor two-factor authentication).
Govcert raadt aanbieders van sms authenticatie diensten (zoals telebankieren of DigiD) aan om geen nieuwe diensten aan te beiden en voor bestaande diensten een hernieuwde risico analyse uit te voeren. Dit naar aanleiding van de nieuwste ontwikkelingen rondom het kraken van het encryptie algoritme A5/1 in mobiele telefoons (GSM).
leave a comment