Human Computing for Handling Strong Corruptions in Authenticated Key Exchange

Abstract : We propose the first user authentication and key exchange protocols that can tolerate strong corruptions on the client-side. If a user happens to log in to a server from a terminal that has been fully compromised, then the other past and future user's sessions initiated from honest terminals stay secure. We define the security model for Human Authenticated Key Exchange (HAKE) protocols and first propose two generic protocols based on human-compatible (HC) function family, password-authenticated key exchange (PAKE), commitment, and authenticated encryption. We prove our HAKE protocols secure under reasonable assumptions and discuss efficient instantiations. We thereafter propose a variant where the human gets help from a small device such as RSA SecurID. This permits to implement an HC function family with stronger security and thus allows to weaken required assumptions on the PAKE. This leads to the very efficient HAKE which is still secure in case of strong corruptions. We believe that our work will promote further developments in the area of human-oriented cryptography.
Type de document :
Communication dans un congrès
CSF 2017 - 30th IEEE Computer Security Foundations Symposium, Aug 2017, Santa Barbara, CA, United States. IEEE, pp.159 - 175, 2017, Proceedings of the 30th IEEE Computer Security Foundations Symposium (CSF '17). 〈10.1109/CSF.2017.31〉
Liste complète des métadonnées

Littérature citée [27 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01628797
Contributeur : David Pointcheval <>
Soumis le : lundi 6 novembre 2017 - 08:37:53
Dernière modification le : jeudi 26 avril 2018 - 10:29:08
Document(s) archivé(s) le : mercredi 7 février 2018 - 13:10:23

Fichier

559.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Collections

Citation

Alexandra Boldyreva, Shan Chen, Pierre-Alain Dupont, David Pointcheval. Human Computing for Handling Strong Corruptions in Authenticated Key Exchange. CSF 2017 - 30th IEEE Computer Security Foundations Symposium, Aug 2017, Santa Barbara, CA, United States. IEEE, pp.159 - 175, 2017, Proceedings of the 30th IEEE Computer Security Foundations Symposium (CSF '17). 〈10.1109/CSF.2017.31〉. 〈hal-01628797〉

Partager

Métriques

Consultations de la notice

165

Téléchargements de fichiers

39