Paper 2005/424

Efficient Mutual Data Authentication Using Manually Authenticated Strings

Sven Laur and N. Asokan and Kaisa Nyberg

Abstract

Solutions for an easy and secure setup of a wireless connection between two devices are urgently needed for WLAN, Wireless USB, Bluetooth and similar standards for short range wireless communication. In this paper we analyse the SAS protocol by Vaudenay and propose a new three round protocol MA-3 for mutual data authentication based on a cryptographic commitment scheme and short manually authenticated out-of-band messages. We show that non-malleability of the commitment scheme is essential for the security of the SAS and the MA-3 schemes and that extractability or equivocability do not imply non-malleability. We also give new proofs of security for the SAS and MA-3 protocols and suggestions how to instantiate the MA-3 protocol in practise.

Note: The current Eprint version of the aricle is outdated and kept here for historical reasons. The new update "Efficient mutual data authentication using manually authenticated strings: Extended version" is available from http://www.tcs.hut.fi/Publications/slaur/MANA-IV.pdf until Eprint starts to support multiple versions of the same report. We suggest to cite older version for historical references and CANS paper otherwise.