User-Aided Data Authentication

Sylvain Pasini
2009
Article

All classical authentication protocols are based on pre-shared authentic information such as long-term secret keys or a public key infrastructure. However, there are many practical settings, where participants can additionally employ authentic Out-Of-Band (OOB) communication, e.g., manual message transfer. In this paper, we study the corresponding user-aided message authentication and key agreement protocols. In particular, we give a unified treatment of many previous results and outline common design principles. We also show that certain properties of user-aided protocols simplify the security analysis in complex environments compared to the standard authentication protocols.

À propos de ce résultat

Cette page est générée automatiquement et peut contenir des informations qui ne sont pas correctes, complètes, à jour ou pertinentes par rapport à votre recherche. Il en va de même pour toutes les autres pages de ce site. Veillez à vérifier les informations auprès des sources officielles de l'EPFL.

Concepts associés

Chargement

Publications associées

Chargement

Sylvain Pasini
2009
Article

Résumé

Official source

https://infoscience.epfl.ch/record/136661?ln=fr

À propos de ce résultat

Concepts associés (8)

Concepts associés

Chargement

Publications associées (2)

Publications associées

Chargement

Infrastructure à clés publiques

thumb|Diagramme de principe d'une autorité de certification, exemple d'infrastructure à clés publiquesCA : autorité de certification ;VA : autorité de validation ;RA : autorité d'enregistr

Key-agreement protocol

In cryptography, a key-agreement protocol is a protocol whereby two or more parties can agree on a cryptographic key in such a way that both influence the outcome. If properly done, this precludes un

Simple Mail Transfer Protocol

Simple Mail Transfer Protocol (SMTP, littéralement « protocole simple de transfert de courrier ») est un protocole de communication utilisé pour transférer le courrier électronique (courriel) vers les

SAS-Based Group Authentication and Key Agreement Protocols

Sylvain Pasini

New trends in consumer electronics have created a strong demand for fast, reliable and user-friendly key agreement protocols. However, many key agreement protocols are secure only against passive attacks. Therefore, message authentication is often unavoidable in order to achieve security against active adversaries. Pasini and Vaudenay were the ﬁrst to propose a new compelling methodology for message authentication. Namely, their two-party protocol uses short authenticated strings (SAS) instead of pre-shared secrets or public-key infrastructure that are classical tools to achieve authenticity. In this article, we generalise this methodology for multi-party settings. We give a new group message authentication protocol that utilises only limited authenticated communication and show how to combine this protocol with classical key agreement procedures. More precisely, we describe how to transform any group key agreement protocol that is secure against passive attacks into a new protocol that is secure against active attacks.

Springer2008

Chargement

Key Agreement in Peer-to-Peer Wireless Networks

Mario Cagalj, Srdan Capkun, Jean-Pierre Hubaux

We present a set of simple techniques for key establishment over a radio link in peer-to-peer networks. Our approach is based on the Diffie-Hellman key agreement protocol, which is known to be vulnerable to the ``man-in-the-middle" attack if the two users involved in the protocol share no authenticated information about each other (e.g., public keys, certificates, passwords, shared keys, etc.) prior to the protocol execution. In this paper, we show how the users can establish a shared key even if they share no authenticated information in advance; for this purpose, we leverage on the natural ability of users to authenticate each other by visual and verbal contact. Each of our techniques is based on a specific mechanism: (i) visual comparison of short strings, (ii) distance bounding, and (iii) integrity codes; in each case, the users do not need to enter any password or other data, nor do they need physical or infra-red connectivity between their devices. We base our analysis on a well-established methodology, leading us to a rigorous modularization and robustness proof of our proposal.

2006

Chargement