Efficient group authentication protocols based on human interaction

We re-examine the needs of computer security in pervasive computing from first principles, specifically the problem of bootstrapping secure networks. We consider the case of systems that may have no shared secret information, and where there is no structure such as a PKI available. We propose several protocols which achieve a high degree of security based on a combination of human-mediated communication and an ordinary Dolev-Yao communication medium. In particular they resist combinatorial attacks on the hash or digest values that have to be compared by human users, seemingly optimising the amount of security they can achieve for a given amount of human effort. We compare our protocols with recent pairwise protocols proposed by, for example, Hoepman and Vaudenay.

[1]  Michael Goldsmith,et al.  Security properties and mechanisms in human−centric computing , 2004 .

[2]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[3]  Ming Xiao,et al.  Bootstrapping multi-party ad-hoc security , 2006, SAC '06.

[4]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[5]  Sadie Creese,et al.  Exploiting Empirical Engagement in Authentication Protocol Design , 2005, SPC.

[6]  Christian Gehrmann,et al.  Manual authentication for wireless devices , 2004 .

[7]  Jaap-Henk Hoepman Ephemeral Pairing on Anonymous Networks , 2005, SPC.

[8]  Yehuda Lindell,et al.  Universally Composable Password-Based Key Exchange , 2005, EUROCRYPT.

[9]  Hugo Krawczyk,et al.  A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract) , 1998, STOC '98.

[10]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[11]  Diana K. Smetters,et al.  Talking to Strangers: Authentication in Ad-Hoc Wireless Networks , 2002, NDSS.

[12]  Sadie Creese,et al.  The attacker in ubiquitous computing environments: formalising the threat model , 2003 .

[13]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[14]  Serge Vaudenay,et al.  Secure Communications over Insecure Channels Based on Short Authenticated Strings , 2005, CRYPTO.

[15]  Frank Stajano,et al.  The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks , 1999, Security Protocols Workshop.

[16]  Markus Jakobsson,et al.  Security Weaknesses in Bluetooth , 2001, CT-RSA.

[17]  Bill Roscoe Human−centred computer security , 2006 .

[18]  Srdjan Capkun,et al.  Key Agreement in Peer-to-Peer Wireless Networks , 2006, Proceedings of the IEEE.