Download presentation
Presentation is loading. Please wait.
Published byApril Laura Underwood Modified over 9 years ago
1
All Rights Reserved © Alcatel-Lucent 2006, 2007 Mistyping in Two-Factor Password- Assisted Key Exchange Vlad Kolesnikov (Bell Labs) Charles Rackoff(U. Toronto)
2
All Rights Reserved © Alcatel-Lucent 2006, 2007 This talk People often mistype (obvious) It is easy to overlook Formal approach is subtle
3
All Rights Reserved © Alcatel-Lucent 2006, 2007 Warm-up Alice goes to an ATM. Adv looks over her shoulder (and controls the network). Alice’s PIN = 1234 A: 0000 B: Wrong A: 0000 B: Wrong A: 0000 B: Wrong Adv learned PIN 0000 Q: Anything else? Can design a secure protocol, where Adv checks 3 passwords of his choice Natural variants of [HK99] (and its fix [KR06]) have this feature This feature is not an insecurity, but should be understood.
4
All Rights Reserved © Alcatel-Lucent 2006, 2007 Mistyping should not be outside of the model Definition of Robust Fuzzy Extractors (RFE) [B + 05,D + 06] should have stronger guarantees when fingerprint is meta-mistyped (misread beyond the error- correction distance). Their RFE construction satisfies stronger requirements. Their generic KE from RFE is insecure when funky RFE are used. Denial of Access resistance of [KR06] on two-factor KE is vulnerable when parties mistype.
5
All Rights Reserved © Alcatel-Lucent 2006, 2007 How to model mistyping Adv can mess with the fingerprint reader Adv can perform social engineering attacks Adv should be able to effect any mistyping on users.
6
All Rights Reserved © Alcatel-Lucent 2006, 2007 What is so hard about the definition? Current KE definitions do not model mistyping by honest players Secure protocols are “free to be bad” in many creative ways Leaking when C mistypes (randomly or to something related) Long keys = opportunities to be bad Protocol can send encrypted messages to other instances of itself. Protocol’s actions can depend on global state. Leak if a specific sequence of mistyping occurred (e.g. p+1,p+1,p,0,p-2). Difficulty – cannot give too much power to Adv of the definition because of use of short keys and precise allowed quantitative advantage.
7
All Rights Reserved © Alcatel-Lucent 2006, 2007 Summary Mistyping causes subtle issues – give examples. Give the first mistyping-secure definitions Justify them (prove that any badness of a secure protocol can be exploited without mistyping) Give protocols
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.