Paper 2019/1239

Computationally Modeling User-Mediated Authentication Protocols

Britta Hale

Abstract

User interaction constitutes a largely unexplored field in protocol analysis, even in instances where the user takes an active role as a trusted third party, such as in the Internet of Things (IoT) device initialization protocols. Initializing the study of computational analysis of 3-party authentication protocols where one party is a physical user, this research introduces the 3-party possession user mediated authentication (3-PUMA) model. The 3-PUMA model addresses active user participation in a protocol which is designed to authenticate possession of a fixed data string – such as in IoT device commissioning. To demonstrate the 3-PUMA model in practice, we provide a computational analysis of the ISO/IEC 9798- 6:2010 standard’s Mechanism 7a authentication protocol which includes a user interface and interaction as well as a device-to-device channel. We show that the security of ISO/IEC 9798-6:2010 Mechanism 7a relies upon a non-standard MAC security notion, which we term existential unforgeability under key collision attacks (EUF-KCA). It is unknown if any standardized MAC algorithm achieves EUF-KCA security, indicating a potential vulnerability in the standard.

Note: An extended abstract appears in the proceedings of ProvSec 2018. This is the full version.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. MAJOR revision.ProvSec2018
Keywords
authentication protocolskey distributionuser interfaceMAC securitykey-collision attacks
Contact author(s)
britta hale @ nps edu
History
2019-10-23: received
Short URL
https://ia.cr/2019/1239
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/1239,
      author = {Britta Hale},
      title = {Computationally Modeling User-Mediated Authentication Protocols},
      howpublished = {Cryptology ePrint Archive, Paper 2019/1239},
      year = {2019},
      note = {\url{https://eprint.iacr.org/2019/1239}},
      url = {https://eprint.iacr.org/2019/1239}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.