Paper 2012/428

Rational authentication protocols and their use in financial transactions

Long Hoang Nguyen

Abstract

We use ideas from game theory to improve two families of authentication protocols, namely password-based and manual authentication schemes. The protocols will be transformed so that even if an intruder attacks different protocol runs between honest nodes, its expected payoff will still be lower than when it does not attack. A rational intruder, who always tries to maximise its payoff, therefore has no incentive to attack any protocol run among trustworthy parties. To illustrate the use of our method, we present a case study relating to the password-based authentication stage of on-line banking, where passwords are chosen either randomly or biasedly by, e.g., humans. For the latter we use the publicly available 32 million passwords of the social gaming network website RockYou as the source of human-selected passwords.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
Contact author(s)
Long Nguyen @ cs ox ac uk
History
2012-08-05: received
Short URL
https://ia.cr/2012/428
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2012/428,
      author = {Long Hoang Nguyen},
      title = {Rational authentication protocols and their use in financial transactions},
      howpublished = {Cryptology ePrint Archive, Paper 2012/428},
      year = {2012},
      note = {\url{https://eprint.iacr.org/2012/428}},
      url = {https://eprint.iacr.org/2012/428}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.