The Security of Lazy Users in Out-of-Band Authentication

Faced with the threats posed by man-in-the-middle attacks, messaging platforms rely on “out-of-band” authentication, assuming that users have access to an external channel for authenticating one short value. For example, assuming that users recognizing each other’s voice can authenticate a short value, Telegram and WhatApp ask their users to compare 288-bit and 200-bit values, respectively. The existing protocols, however, do not take into account the plausible behavior of users who may be “lazy” and only compare parts of these values (rather than their entirety).

[1]  Hoeteck Wee,et al.  Constant-Round Non-malleable Commitments from Sub-exponential One-Way Functions , 2010, EUROCRYPT.

[2]  Vinod Vaikuntanathan,et al.  Adaptive One-Way Functions and Applications , 2008, CRYPTO.

[3]  Ivan Flechais,et al.  Security Practices for Households Bank Customers in the Kingdom of Saudi Arabia , 2015, SOUPS.

[4]  Moni Naor,et al.  Nonmalleable Cryptography , 2000, SIAM Rev..

[5]  Cormac Herley,et al.  So long, and no thanks for the externalities: the rational rejection of security advice by users , 2009, NSPW '09.

[6]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[7]  Paul Rösler,et al.  Towards Bidirectional Ratcheted Key Exchange , 2018, CRYPTO.

[8]  Silas Richelson,et al.  An Algebraic Approach to Non-malleability , 2014, 2014 IEEE 55th Annual Symposium on Foundations of Computer Science.

[9]  Oded Goldreich Foundations of Cryptography: Index , 2001 .

[10]  Budi Arief,et al.  Computer security impaired by legitimate users , 2004, Comput. Secur..

[11]  Rafail Ostrovsky,et al.  Constructing Non-malleable Commitments: A Black-Box Approach , 2012, 2012 IEEE 53rd Annual Symposium on Foundations of Computer Science.

[12]  Mihir Bellare,et al.  Ratcheted Encryption and Key Exchange: The Security of Messaging , 2017, CRYPTO.

[13]  Oded Goldreich,et al.  Foundations of Cryptography: List of Figures , 2001 .

[14]  Igors Stepanovs,et al.  Optimal Channel Security Against Fine-Grained State Compromise: The Safety of Messaging , 2018, IACR Cryptol. ePrint Arch..

[15]  Steven M. Bellovin,et al.  An attack on the Interlock Protocol when used for authentication , 1994, IEEE Trans. Inf. Theory.

[16]  Edward Lank,et al.  Privacy Personas: Clustering Users via Attitudes and Behaviors toward Security Practices , 2016, CHI.

[17]  Moni Naor,et al.  Bit commitment using pseudorandomness , 1989, Journal of Cryptology.

[18]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[19]  Andrew S. Patrick,et al.  HCI and security systems , 2003, CHI Extended Abstracts.

[20]  Gil Segev,et al.  Out-of-Band Authentication in Group Messaging: Computational, Statistical, Optimal , 2018, IACR Cryptol. ePrint Arch..

[21]  Moni Naor,et al.  Tight Bounds for Unconditional Authentication Protocols in the Manual Channel and Shared Key Models , 2006, IEEE Transactions on Information Theory.

[22]  Oded Goldreich,et al.  The Foundations of Cryptography - Volume 1: Basic Techniques , 2001 .

[23]  Serge Vaudenay,et al.  An Optimal Non-interactive Message Authentication Protocol , 2006, CT-RSA.

[24]  Carl M. Ellison Cybercash Establishing Identity Without Certification Authorities , 1996 .

[25]  Vipul Goyal,et al.  Constant round non-malleable protocols using one way functions , 2011, STOC '11.

[26]  Ueli Maurer,et al.  Efficient Ratcheting: Almost-Optimal Guarantees for Secure Messaging , 2019, IACR Cryptol. ePrint Arch..

[27]  Cas J. F. Cremers,et al.  On Ends-to-Ends Encryption: Asynchronous Group Messaging with Strong Security Guarantees , 2018, IACR Cryptol. ePrint Arch..

[28]  Karthikeyan Bhargavan,et al.  Automated Verification for Secure Messaging Protocols and Their Implementations: A Symbolic and Computational Approach , 2017, 2017 IEEE European Symposium on Security and Privacy (EuroS&P).

[29]  Rafael Pass,et al.  Constant-round non-malleable commitments from any one-way function , 2011, STOC '11.

[30]  Rafael Pass,et al.  New and Improved Constructions of Nonmalleable Cryptographic Protocols , 2008, SIAM J. Comput..

[31]  Boaz Barak,et al.  Constant-round coin-tossing with a man in the middle or realizing the shared random string model , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[32]  Serge Vaudenay,et al.  Secure Communications over Insecure Channels Based on Short Authenticated Strings , 2005, CRYPTO.

[33]  Amir Herzberg,et al.  Can Johnny finally encrypt?: evaluating E2E-encryption in popular IM applications , 2016, STAST.

[34]  Hoeteck Wee,et al.  Black-Box, Round-Efficient Secure Computation via Non-malleability Amplification , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[35]  Serge Vaudenay,et al.  Bidirectional Asynchronous Ratcheted Key Agreement without Key-Update Primitives , 2018, IACR Cryptol. ePrint Arch..

[36]  Adi Shamir,et al.  How to expose an eavesdropper , 1984, CACM.

[37]  Jörg Schwenk,et al.  More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema , 2018, 2018 IEEE European Symposium on Security and Privacy (EuroS&P).

[38]  Rafael Pass,et al.  Non-malleability amplification , 2009, STOC '09.

[39]  Jörg Schwenk,et al.  How Secure is TextSecure? , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[40]  Oded Goldreich,et al.  Modern Cryptography, Probabilistic Proofs and Pseudorandomness , 1998, Algorithms and Combinatorics.

[41]  Cas J. F. Cremers,et al.  Mind the Gap: Where Provable Security and Real-World Messaging Don't Quite Meet , 2017, IACR Cryptol. ePrint Arch..

[42]  Yevgeniy Dodis,et al.  The Double Ratchet: Security Notions, Proofs, and Modularization for the Signal Protocol , 2019, IACR Cryptol. ePrint Arch..

[43]  Alexander De Luca,et al.  It's a Hard Lock Life: A Field Study of Smartphone (Un)Locking Behavior and Risk Perception , 2014, SOUPS.

[44]  Silas Richelson,et al.  Textbook non-malleable commitments , 2016, STOC.

[45]  Shujun Li,et al.  Secure Human-Computer Identification against Peeping Attacks (SecHCI): A Survey , 2003 .

[46]  Michael Schliep,et al.  Is Bob Sending Mixed Signals? , 2017, WPES@CCS.

[47]  Douglas Stebila,et al.  A Formal Security Analysis of the Signal Messaging Protocol , 2017, Journal of Cryptology.