A New Human Identification Protocol and Coppersmith's Baby-Step Giant-Step Algorithm

We propose a new protocol providing cryptographically secure authentication to unaided humans against passive adversaries. We also propose a new generic passive attack on human identification protocols. The attack is an application of Coppersmith's baby-step giantstep algorithm on human identification protcols. Under this attack, the achievable security of some of the best candidates for human identification protocols in the literature is further reduced. We show that our protocol preserves similar usability while achieves better security than these protocols. A comprehensive security analysis is provided which suggests parameters guaranteeing desired levels of security.

[1]  Heejo Lee,et al.  Image-Feature Based Human Identification Protocols on Limited Display Devices , 2008, WISA.

[2]  Nicolas Christin,et al.  Undercover: authentication usable in front of prying eyes , 2008, CHI.

[3]  Michael K. Reiter,et al.  The Design and Analysis of Graphical Passwords , 1999, USENIX Security Symposium.

[4]  Xiang-Yang Li,et al.  Practical Human-Machine Identification over Insecure Channels , 1999, J. Comb. Optim..

[5]  Hideki Imai,et al.  Human Identification Through Insecure Channel , 1991, EUROCRYPT.

[6]  David A. Wagner,et al.  Cryptanalysis of a Cognitive Authentication Scheme , 2006, IACR Cryptol. ePrint Arch..

[7]  David A. Wagner,et al.  Cryptanalysis of a Cognitive Authentication Scheme (Extended Abstract) , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[8]  Ahmad-Reza Sadeghi,et al.  On the Security of PAS (Predicate-Based Authentication Service) , 2009, 2009 Annual Computer Security Applications Conference.

[9]  Daphna Weinshall,et al.  Cognitive authentication schemes safe against spyware , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[10]  Tsutomu Matsumoto,et al.  Human-computer cryptography: an attempt , 1998, CCS '96.

[11]  T. Hwang,et al.  On the Matsumoto and Imai human identification scheme , 1995 .

[12]  Gordon B. Agnew,et al.  An implementation for a fast public-key cryptosystem , 2004, Journal of Cryptology.

[13]  Manuel Blum,et al.  Secure Human Identification Protocols , 2001, ASIACRYPT.

[14]  Tzonelih Hwang,et al.  On the Matsumoto and Imai's Human Identification Scheme , 1995, EUROCRYPT.

[15]  Heejo Lee,et al.  Human Identification Through Image Evaluation Using Secret Predicates , 2007, CT-RSA.

[16]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[17]  Douglas R. Stinson Some baby-step giant-step algorithms for the low hamming weight discrete logarithm problem , 2002, Math. Comput..

[18]  Harry Shum,et al.  Secure Human-Computer Identification (Interface) Systems against Peeping Attacks: SecHCI , 2005, IACR Cryptol. ePrint Arch..

[19]  Shujun Li,et al.  Secure Human-Computer Identification against Peeping Attacks (SecHCI): A Survey , 2003 .