Intrusion-Resilient Authentication in the Limited Communication Model

We describe a general technique for building authentication systems that resist compromises at the client side. We derive this resistance by storing key information on hardware fast enough for valid use but too slow for an intruder (e.g., a virus) to capture much of the key before being detected and removed. We give formal models for two types of protocols: user authentication and authenticated session-key generation. The first can be used for physical authentication tokens, e.g., used for gaining access to a building. The second can be used for conducting secure remote sessions on laptops that are occasionally infected by viruses. We present and analyze protocols for each of these tasks and describe how they can be implemented. With one example setting of parameters, in the case of user authentication, we are able to guarantee security for 6 months using a device storing 384MB, and in the key generation protocol, a 128GB drive guarantees that an adversary would need 700 days to compromise the key information. The model for intrusion resilience considered in this paper was first introduced by Dagon et al. [DLL05] and motivated by the bounded storage model for cryptography [Mau92]. Recently Dziembowski [Dzi05] independently developed this model, and studied the same problems as the ones addressed in this paper. Our user authentication protocol is essentially the same as that of [Dzi05], while our authenticated session-key generation protocol builds on that of [Dzi05].

[1]  Moni Naor,et al.  Nonmalleable Cryptography , 2000, SIAM Rev..

[2]  Michael O. Rabin,et al.  Hyper-Encryption and Everlasting Security , 2002, STACS.

[3]  Yonatan Aumann,et al.  Information Theoretically Secure Communication in the Limited Storage Space Model , 1999, CRYPTO.

[4]  Ross J. Anderson,et al.  Two remarks on public key cryptology , 2002 .

[5]  Rafail Ostrovsky,et al.  Non-interactive and non-malleable commitment , 1998, STOC '98.

[6]  Mihir Bellare,et al.  A Forward-Secure Digital Signature Scheme , 1999, CRYPTO.

[7]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[8]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[9]  Noam Nisan,et al.  Randomness is Linear in Space , 1996, J. Comput. Syst. Sci..

[10]  Gene Itkis,et al.  Forward-Secure Signatures with Optimal Signing and Verifying , 2001, CRYPTO.

[11]  Shouhuai Xu,et al.  Key-Insulated Public Key Cryptosystems , 2002, EUROCRYPT.

[12]  Yan Zong Ding,et al.  Error Correction in the Bounded Storage Model , 2005, TCC.

[13]  Ueli Maurer Conditionally-perfect secrecy and a provably-secure randomized cipher , 2004, Journal of Cryptology.

[14]  Ran Canetti,et al.  A Forward-Secure Public-Key Encryption Scheme , 2003, Journal of Cryptology.

[15]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[16]  Ran Canetti,et al.  On the Random-Oracle Methodology as Applied to Length-Restricted Signature Schemes , 2004, TCC.

[17]  Leonid Reyzin,et al.  A New Forward-Secure Digital Signature Scheme , 2000, ASIACRYPT.

[18]  Michael O. Rabin Provably unbreakable hyper-encryption in the limited access model , 2005, IEEE Information Theory Workshop on Theory and Practice in Information-Theoretic Security, 2005..

[19]  Rafail Ostrovsky,et al.  Efficient and Non-interactive Non-malleable Commitment , 2001, EUROCRYPT.

[20]  Moni Naor,et al.  Pseudorandom Functions and Factoring , 2002, SIAM J. Comput..

[21]  Eyal Kushilevitz,et al.  Exposure-Resilient Functions and All-or-Nothing Transforms , 2000, EUROCRYPT.

[22]  Yonatan Aumann,et al.  Everlasting security in the bounded storage model , 2002, IEEE Trans. Inf. Theory.

[23]  Richard J. Lipton,et al.  Protecting Secret Data from Insider Attacks , 2005, Financial Cryptography.

[24]  Salil P. Vadhan,et al.  Constructing Locally Computable Extractors and Cryptosystems in the Bounded-Storage Model , 2003, Journal of Cryptology.

[25]  Ueli Maurer,et al.  Optimal Randomizer Efficiency in the Bounded-Storage Model , 2003, Journal of Cryptology.

[26]  Ronen Shaltiel,et al.  Constant-Round Oblivious Transfer in the Bounded Storage Model , 2004, Journal of Cryptology.

[27]  Chi-Jen Lu Encryption against Storage-Bounded Adversaries from On-Line Strong Extractors , 2003, Journal of Cryptology.

[28]  Chi-Jen Lu,et al.  Hyper-encryption against Space-Bounded Adversaries from On-Line Strong Extractors , 2002, CRYPTO.

[29]  Ueli Maurer,et al.  Unconditional Security Against Memory-Bounded Adversaries , 1997, CRYPTO.

[30]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[31]  Boaz Barak,et al.  Constant-round coin-tossing with a man in the middle or realizing the shared random string model , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[32]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[33]  Claude Crépeau,et al.  Oblivious transfer with a memory-bounded receiver , 1998, Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No.98CB36280).

[34]  Rafail Ostrovsky,et al.  Round-Optimal Secure Two-Party Computation , 2004, CRYPTO.

[35]  Mihir Bellare,et al.  Forward-Security in Private-Key Cryptography , 2003, CT-RSA.

[36]  Yan Zong Ding Oblivious Transfer in the Bounded Storage Model , 2001, CRYPTO.

[37]  NaorMoni,et al.  Number-theoretic constructions of efficient pseudo-random functions , 2004 .

[38]  Stefan Dziembowski,et al.  Intrusion-Resilience Via the Bounded-Storage Model , 2006, TCC.