### Intercepting Tokens: The Empire Strikes Back in the Clone Wars

Özgür Dagdelen and Marc Fischlin

##### Abstract

We discuss interception attacks on cryptographic protocols which rely on trustworthy hardware like one-time memory tokens (Goldwasser et al., Crypto 2008). In such attacks the adversary can mount man-in-the-middle attacks and access, or even substitute, transmitted tokens. We show that many of the existing token-based protocols are vulnerable against this kind of attack, which typically lies outside of the previously considered security models. We also give a positive result for protocols remaining secure against such attacks. We present a very efficient protocol for password-based authenticated key exchange based on the weak model of one-time memory tokens. Our protocol only requires four moves, very basic operations, and the sender to send l tokens in the first step for passwords of length l. At the same time we achieve information-theoretic security in Canetti's universal composition framework (FOCS 2001) against adaptive adversaries (assuming reliable erasure), even if the tokens are not guaranteed to be transferred securely, i.e., even if the adversary can read or substitute transmitted tokens.

Note: Sept. 2013: new results and different focus

Available format(s)
Publication info
Preprint. MINOR revision.In Submission
Keywords
security modelpassword based key exchangeinformation-theoreticone-time memory tokens
Contact author(s)
oezguer dagdelen @ cased de
History
2013-09-17: last of 2 revisions
See all versions
Short URL
https://ia.cr/2012/537

CC BY

BibTeX

@misc{cryptoeprint:2012/537,
author = {Özgür Dagdelen and Marc Fischlin},
title = {Intercepting Tokens: The Empire Strikes Back in the Clone Wars},
howpublished = {Cryptology ePrint Archive, Paper 2012/537},
year = {2012},
note = {\url{https://eprint.iacr.org/2012/537}},
url = {https://eprint.iacr.org/2012/537}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.