More Like this

1. Two-factor Password-authenticated Key Exchange with End-to-end Security

   https://doi.org/10.1145/3446807  

   Jarecki, Stanislaw ; Jubur, Mohammed ; Krawczyk, Hugo ; Saxena, Nitesh ; Shirvanian, Maliheh ( August 2021 , ACM Transactions on Privacy and Security)

   null (Ed.)

   We present a secure two-factor authentication (TFA) scheme based on the user’s possession of a password and a crypto-capable device. Security is “end-to-end” in the sense that the attacker can attack all parts of the system, including all communication links and any subset of parties (servers, devices, client terminals), can learn users’ passwords, and perform active and passive attacks, online and offline. In all cases the scheme provides the highest attainable security bounds given the set of compromised components. Our solution builds a TFA scheme using any Device-enhanced Password-authenticated Key Exchange (PAKE), defined by Jarecki et al., and any Short Authenticated String (SAS) Message Authentication, defined by Vaudenay. We show an efficient instantiation of this modular construction, which utilizes any password-based client-server authentication method, with or without reliance on public-key infrastructure. The security of the proposed scheme is proven in a formal model that we formulate as an extension of the traditional PAKE model. We also report on a prototype implementation of our schemes, including TLS-based and PKI-free variants, as well as several instantiations of the SAS mechanism, all demonstrating the practicality of our approach. Finally, we present a usability study evaluating the viability of our protocol contrasted with the traditional PIN-based TFA approach in terms of efficiency, potential for errors, user experience, and security perception of the underlying manual process. 1 

   more » « less
2. AEROKEY: Using Ambient Electromagnetic Radiation for Secure and Usable Wireless Device Authentication

   https://doi.org/10.1145/3517254  

   Lee, Kyuin ; Yang, Yucheng ; Prabhune, Omkar ; Chithra, Aishwarya Lekshmi ; West, Jack ; Fawaz, Kassem ; Klingensmith, Neil ; Banerjee, Suman ; Kim, Younghyun ( March 2022 , Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies)

   Wireless connectivity is becoming common in increasingly diverse personal devices, enabling various interoperation- and Internet-based applications and services. More and more interconnected devices are simultaneously operated by a single user with short-lived connections, making usable device authentication methods imperative to ensure both high security and seamless user experience. Unfortunately, current authentication methods that heavily require human involvement, in addition to form factor and mobility constraints, make this balance hard to achieve, often forcing users to choose between security and convenience. In this work, we present a novel over-the-air device authentication scheme named AEROKEY that achieves both high security and high usability. With virtually no hardware overhead, AEROKEY leverages ubiquitously observable ambient electromagnetic radiation to autonomously generate spatiotemporally unique secret that can be derived only by devices that are closely located to each other. Devices can make use of this unique secret to form the basis of a symmetric key, making the authentication procedure more practical, secure and usable with no active human involvement. We propose and implement essential techniques to overcome challenges in realizing AEROKEY on low-cost microcontroller units, such as poor time synchronization, lack of precision analog front-end, and inconsistent sampling rates. Our real-world experiments demonstrate reliable authentication as well as its robustness against various realistic adversaries with low equal-error rates of 3.4% or less and usable authentication time of as low as 24 s. 

   more » « less
3. Artificial Noise and Physical Layer Authentication: MISO Regime

   Perazzone, J. B ; Yu, P. L. ; Sadler, B. M ; Blum, R. S. ( January 2019 , IEEE Conference on Communications and Network Security)

   We apply artificial noise to the fingerprint embedding authentication framework to improve information-theoretic authentication for the MISO channel. Instead of optimizing for secrecy capacity, we examine the trade-off between message rate, authentication, and key security. In this case, key security aims to limit an adversary’s ability to obtain the key using a maximum likelihood decoder. 

   more » « less
4. Adaptive and Dynamic Device Authentication Based on Lorenz Chaotic Systems

   Bu, Lake ; Cheng, Hai ; Kinsy, Michel A. ( August 2018 , 61st International Midwest Symposium on Circuits and Systems (MWSCAS))

   Chaotic systems such as Lorenz functions have been proposed as cryptographic primitives due to their short-range divergence attributes. They are commonly used in pseudo random number generators, key agreement protocols, and certain classes of encryption procedures. These functions are typically used for their chaotic behavior. However, two of their key properties are often overlooked: (1) their long-range convergence behavior is seldom used, and (2) the static nature of their system parameters is disregarded. The static nature of the system parameters, i.e., core secret, renders these functions vulnerable to a number of attacks when they are deployed in security applications. In this work, we examine these usage gaps and discover compelling security applications for these chaotic systems, in particular, Lorenz chaotic systems. In this paper, we propose an adaptive and dynamic authentication scheme based on discrete Lorenz chaotic systems. The scheme leverages Lorenz function's convergence to achieve a fast and lightweight authentication protocol. We also devise a dynamic parameter configuration technique to enhance the security of the protocol. 

   more » « less
5. Integrated Node Authentication and Key Distribution Method for Body Area Network

   https://doi.org/10.1109/ICCNC.2019.8685559  

   Li, Zhouzhou ; Fang, Hua ; Wang, Honggang ( February 2019 , 2019 International Conference on Computing, Networking and Communications (ICNC))

   null (Ed.)

   Node Authentication and Key Distribution are two tightly correlated security tasks for a secure Body Area Networks (BAN) system. Handling them separately may cause many practical issues. Based on the recent advances on node authentication and (shared) key distribution (including key generation), we propose a new integrated method to securely and efficiently conduct the two tasks. We build a system model with the consideration of passive and active attacks and solve some security risks. One of performance metric, key generation rate is significantly improved in our method. We implement and verify the proposed methods on two test beds. The experimental result demonstrates the effectiveness and efficiency of our proposal. 

   more » « less