论文信息 - Separating two roles of hashing in one-way message authentication

Separating two roles of hashing in one-way message authentication

We analyse two new and related families of one-way authentication protocols, where a party wants to authenticate its public information to another. In the first, the objective is to do without shared passwords or a PKI, making use of low-bandwidth empirical/authentic channels where messages cannot be faked or modified. The analysis of these leads to a new security principle, termed separation of security concerns, under which protocols should be designed to tackle one-shot attacks and combinatorial search separately. This also leads us develop a new class of protocols for the case such as PKI where a relatively expensive signature mechanism exists. We demonstrate as part of this work that a popular protocol in the area, termed MANA I, neither optimises human effort nor offers as much security as had previously been believed. We offer a number of improved versions for MANA I that provides more security for half the empirical work, using a more general empirical channel.

A. W. Roscoe | Long Hoang Nguyen | L. Nguyen

[1] Diana K. Smetters,et al. Talking to Strangers: Authentication in Ad-Hoc Wireless Networks , 2002, NDSS.

[2] Bill Roscoe. Human−centred computer security , 2006 .

[3] A. W. Roscoe,et al. Efficient group authentication protocols based on human interaction , 2009, IACR Cryptol. ePrint Arch..

[4] A. W. Roscoe,et al. Authenticating ad hoc networks by comparison of short digests , 2008, Inf. Comput..

[5] Christian Gehrmann,et al. Manual authentication for wireless devices , 2004 .

[6] Jaap-Henk Hoepman. The Ephemeral Pairing Problem , 2004, Financial Cryptography.

[7] Hugo Krawczyk,et al. LFSR-based Hashing and Authentication , 1994, CRYPTO.

[8] Douglas R. Stinson. Universal Hashing and Authentication Codes , 1991, CRYPTO.

[9] Mihir Bellare,et al. Entity Authentication and Key Distribution , 1993, CRYPTO.

[10] Serge Vaudenay,et al. An Optimal Non-interactive Message Authentication Protocol , 2006, CT-RSA.

[11] Serge Vaudenay,et al. Secure Communications over Insecure Channels Based on Short Authenticated Strings , 2005, CRYPTO.

[12] A. W. Roscoe,et al. Authentication protocols based on low-bandwidth unspoofable channels: A comparative survey , 2011, J. Comput. Secur..