Presentation is loading. Please wait.

Presentation is loading. Please wait.

All Rights Reserved © Alcatel-Lucent 2006, 2007 Mistyping in Two-Factor Password- Assisted Key Exchange Vlad Kolesnikov (Bell Labs) Charles Rackoff(U.

Published byApril Laura Underwood Modified over 9 years ago

Similar presentations

Presentation on theme: "All Rights Reserved © Alcatel-Lucent 2006, 2007 Mistyping in Two-Factor Password- Assisted Key Exchange Vlad Kolesnikov (Bell Labs) Charles Rackoff(U."— Presentation transcript:

1 All Rights Reserved © Alcatel-Lucent 2006, 2007 Mistyping in Two-Factor Password- Assisted Key Exchange Vlad Kolesnikov (Bell Labs) Charles Rackoff(U. Toronto)

2 All Rights Reserved © Alcatel-Lucent 2006, 2007 This talk People often mistype (obvious) It is easy to overlook Formal approach is subtle

3 All Rights Reserved © Alcatel-Lucent 2006, 2007 Warm-up Alice goes to an ATM. Adv looks over her shoulder (and controls the network). Alice’s PIN = 1234 A: 0000 B: Wrong A: 0000 B: Wrong A: 0000 B: Wrong Adv learned PIN  0000 Q: Anything else? Can design a secure protocol, where Adv checks 3 passwords of his choice Natural variants of [HK99] (and its fix [KR06]) have this feature This feature is not an insecurity, but should be understood.

4 All Rights Reserved © Alcatel-Lucent 2006, 2007 Mistyping should not be outside of the model Definition of Robust Fuzzy Extractors (RFE) [B + 05,D + 06] should have stronger guarantees when fingerprint is meta-mistyped (misread beyond the error- correction distance).  Their RFE construction satisfies stronger requirements.  Their generic KE from RFE is insecure when funky RFE are used. Denial of Access resistance of [KR06] on two-factor KE is vulnerable when parties mistype.

5 All Rights Reserved © Alcatel-Lucent 2006, 2007 How to model mistyping  Adv can mess with the fingerprint reader  Adv can perform social engineering attacks Adv should be able to effect any mistyping on users.

6 All Rights Reserved © Alcatel-Lucent 2006, 2007 What is so hard about the definition? Current KE definitions do not model mistyping by honest players Secure protocols are “free to be bad” in many creative ways  Leaking when C mistypes (randomly or to something related) Long keys = opportunities to be bad Protocol can send encrypted messages to other instances of itself. Protocol’s actions can depend on global state.  Leak if a specific sequence of mistyping occurred (e.g. p+1,p+1,p,0,p-2). Difficulty – cannot give too much power to Adv of the definition because of use of short keys and precise allowed quantitative advantage.

7 All Rights Reserved © Alcatel-Lucent 2006, 2007 Summary Mistyping causes subtle issues – give examples. Give the first mistyping-secure definitions Justify them (prove that any badness of a secure protocol can be exploited without mistyping) Give protocols

Download ppt "All Rights Reserved © Alcatel-Lucent 2006, 2007 Mistyping in Two-Factor Password- Assisted Key Exchange Vlad Kolesnikov (Bell Labs) Charles Rackoff(U."

Similar presentations

Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors Ronald Cramer, Yevgeniy Dodis, Serge Fehr, Carles Padro,

Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors Ronald Cramer, Yevgeniy Dodis, Serge Fehr, Carles Padro,
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CSE331: Introduction to Networks and Security Lecture 22 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 22 Fall 2002.
1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.

1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.
Key Exchange Using Passwords and Long Keys Vladimir Kolesnikov Charles Rackoff Comp. Sci. University of Toronto.

Key Exchange Using Passwords and Long Keys Vladimir Kolesnikov Charles Rackoff Comp. Sci. University of Toronto.
Amortizing Garbled Circuits Yan Huang, Jonathan Katz, Alex Malozemoff (UMD) Vlad Kolesnikov (Bell Labs) Ranjit Kumaresan (Technion) Cut-and-Choose Yao-Based.

Amortizing Garbled Circuits Yan Huang, Jonathan Katz, Alex Malozemoff (UMD) Vlad Kolesnikov (Bell Labs) Ranjit Kumaresan (Technion) Cut-and-Choose Yao-Based.
NON-MALLEABLE EXTRACTORS AND SYMMETRIC KEY CRYPTOGRAPHY FROM WEAK SECRETS Yevgeniy Dodis and Daniel Wichs (NYU) STOC 2009.

NON-MALLEABLE EXTRACTORS AND SYMMETRIC KEY CRYPTOGRAPHY FROM WEAK SECRETS Yevgeniy Dodis and Daniel Wichs (NYU) STOC 2009.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Modeling Insider Attacks on Group Key Exchange Protocols Jonathan Katz Ji Sun Shin University of Maryland.

Modeling Insider Attacks on Group Key Exchange Protocols Jonathan Katz Ji Sun Shin University of Maryland.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
 Secure Authentication Using Biometric Data Karen Cui.

 Secure Authentication Using Biometric Data Karen Cui.
Intro To Secure Comm. Exercise 2. Problem  You wish for your users to access a remote server via user and password.  All of the users have modems and.

Intro To Secure Comm. Exercise 2. Problem  You wish for your users to access a remote server via user and password.  All of the users have modems and.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
Authentication. Terminology  Authentication التثبت من الهوية  Access Control (authorization) التحكم في الوصول  Note the difference between the two.

Authentication. Terminology  Authentication التثبت من الهوية  Access Control (authorization) التحكم في الوصول  Note the difference between the two.
CMSC 414 Computer and Network Security Lecture 5 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 5 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.

Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.

Similar presentations

Ads by Google