Authentication protocols based on low-bandwidth unspoofable channels: A comparative survey

Journal of Computer Security

Volumn 19, Issue 1, 2011, Pages 139-201

  Nguyen, L H ^a   Roscoe, A W ^a  

^a UNIVERSITY OF OXFORD   (United Kingdom)

Author keywords

Authentic empirical channel; commitment schemes and digest functions

Indexed keywords

AUTHENTICATION PROTOCOLS; AUTHENTICATION SCHEME; BUILDING SECURITY; COMMITMENT SCHEME; EMPIRICAL CHANNELS; GROUP PROTOCOLS; HIGH-BANDWIDTH NETWORKS; LOW-BANDWIDTH; NON-INTERACTIVE; PERVASIVE COMPUTING; PROTOCOL DESIGN; PUBLIC KEY INFRASTRUCTURE; SECURE COMMUNICATIONS;

BANDWIDTH; PUBLIC KEY CRYPTOGRAPHY; SECURITY OF DATA; SURVEYS; TELECOMMUNICATION SYSTEMS; UBIQUITOUS COMPUTING;

AUTHENTICATION;

EID: 79951833159     PISSN: 0926227X     EISSN: None     Source Type: Journal    
DOI: 10.3233/JCS-2010-0403     Document Type: Article

References (57)

1. D. Balfanz, D. Smetters, P. Stewart and H. Wong, Talking to strangers: Authentication in ad-hoc wireless networks, in: Proceedings of the 9th Annual Symposium on Network and Distributed System Security (NDSS), San Diego, CA, USA, 2002.
2. M. Bellare and P. Rogaway, Entity authentication and key distribution, in: Advances in Cryptology - Crypto 1993, Lecture Notes in Computer Science, Vol. 773, D.R. Stinson, ed., Springer-Verlag, Berlin/Heidelberg, 1993, pp. 232-249.
3. J. Bierbrauer, T. Johansson, G.A. Kabatianskii and B.J.M. Smeets, On families of hash functions via geometric codes and concatenation, in: Advances in Cryptology - Crypto 1993, Lecture Notes in Computer Science, Vol. 773, D.R. Stinson, ed., Springer-Verlag, Berlin/Heidelberg, 1993, pp. 331- 342.
4. M. Čagalj, S. Čapkun and J. Hubaux, Key agreement in peer-to-peer wireless networks, in: Proceedings of the IEEE Special Issue on Security and Cryptography, Vol. 94, A. Mazzeo, ed., IEEE, Washington, DC, USA, 2006, pp. 467-478. (Pubitemid 43145998)
5. J.L. Carter and M.N.Wegman, Universal classes of hash functions, Journal of Computer and System Sciences 18(2) (1979), 143-154.
6. D. Chaum, Secret-ballot receipts: true voter-verifiable elections, Security and Privacy Magazine, IEEE 2(1) (2004), 38-47.
7. S.J. Creese, M.H. Goldsmith, A.W. Roscoe and I. Zakiuddin, The attacker in ubiquitous computing environments: Formalising the threat model, in: Proceedings of the 1st Workshop on Formal Aspects in Security and Trust, IIT-CNR Technical report, 2003.
8. S.J. Creese, M.H. Goldsmith, A.W. Roscoe and I. Zakiuddin, Security properties and mechanisms in human-centric computing, in: Proceedings of Workshop on Security and Privacy in Pervasive Computing, 2004.
9. S.J. Creese, M.H. Goldsmith, R. Harrison, A.W. Roscoe, P. Whittaker and I. Zakiuddin, Exploiting empirical engagement in authentication protocol design, in: Proceedings of the 2nd International Conference on Security in Pervasive Computing (SPC 2005), Lecture Notes in Computer Science, Vol. 3450, D. Hutter and M. Ullmann, eds, Springer-Verlag, Berlin/Heidelberg, 2005, pp. 119-133. (Pubitemid 41274198)
10. S.J. Creese, M.H. Goldsmith, A.W. Roscoe and M. Xiao, Bootstrapping multi-party ad-hoc security, in: Proceedings of the 2006 ACM Symposium on Applied Computing, Dijon, France, H.M. Haddad, ed., 2006, pp. 369-375. (Pubitemid 44758807)
11. C. Gehrmann, C. Mitchell and K. Nyberg, Manual authentication for wireless devices, RSA Cryptobytes 7(1) (2004), 29-37.
12. C. Gehrmann and K. Nyberg, Security in personal area networks, in: Security for Mobility, C.J. Mitchell, ed., IEEE, London, 2004, pp. 191-230.
13. M.T. Goodrich, M. Sirivianos, J. Solis, G. Tsudik and E. Uzun, Loud and clear: Human-verifiable authentication based on audio, in: Proceedings of the 26th IEEE International Conference on Distributed Computing Systems (ICDCS 2006), Lisboa, Portugal, 2006, pp. 10-33.
14. J.-H. Hoepman, Ephemeral pairing on anonymous networks, in: Proceedings of the 2nd International Conference on Security in Pervasive Computing (SPC 2005), Lecture Notes in Computer Science, Vol. 3450, D. Hutter and M. Ullmann, eds, Springer-Verlag, Berlin/Heidelberg, 2005, pp. 101- 116. (Pubitemid 41274196)
15. J.-H. Hoepman, Ephemeral pairing problem, in: Proceeding of the 8th International Conference on Financial Cryptography, Lecture Notes in Computer Science, Vol. 3110, A. Juels, ed., Springer- Verlag, Berlin/Heidelberg, 2004, pp. 212-226.
16. http://www.prismmodelchecker.org/.
17. ISO/IEC 9798-6, C. Mitchell, ed., Information technology - Security techniques - Entity authentication - Part 6: Mechanisms using manual data transfer, 2003.
18. ISO/IEC 9798-6 (revision), L.H. Nguyen, ed., Information technology - Security techniques - Entity authentication - Part 6: Mechanisms using manual data transfer, 2010.
19. G.A. Kabatianskii, B. Smeets and T. Johansson, On the cardinality of systematic authentication codes via error-correcting codes, IEEE Transactions on Information Theory 42(2) (1996), 566-578. (Pubitemid 126770509)
20. H. Krawczyk, LFSR-based hashing and authentication, in: Advances in Cryptology - Crypto 1994, Lecture Notes in Computer Science, Vol. 839, Y. Desmedt, ed., Springer-Verlag, Berlin/Heidelberg, 1994, pp. 129-139.
21. H. Krawczyk, New hash functions for message authentication, in: Advances in Cryptology - Eurocrypt 1995, Lecture Notes in Computer Science, Vol. 921, L.C. Guillou and J.-J. Quisquater, eds, Springer-Verlag, Berlin/Heidelberg, 1995, pp. 301-310.
22. S. Laur, N. Asokan and K. Nyberg, Efficient mutual data authentication using manually authenticated strings: Extended version, Report 2005/424, Cryptology ePrint Archive, 2006.
23. S. Laur and K. Nyberg, Efficient mutual data authentication using manually authenticated strings, in: Proceedings of the 5th International Conference on Cryptology and Network Security (CANS 2006), Lecture Notes in Computer Science, Vol. 4301, D. Pointcheval, ed., Springer-Verlag, Berlin/Heidelberg, 2006, pp. 90-107.
24. A.Y. Lindell, Comparison-based key exchange and the security of the numeric comparison mode in Bluetooth v2.1, in: Proceedings of the Cryptographers' Track at the RSA Conference 2009 on Topics in Cryptology, Lecture Notes in Computer Science, Vol. 5473, M. Fischlin, ed., Springer- Verlag, Berlin/Heidelberg, 2009, pp. 66-83.
25. A. Madhavapeddy, D. Scott, R. Sharp and E. Upton, Using camera phones to enhance human- computer interaction, in: Proceedings of the 6th International Conference on Ubiquitous Computing (UbiComp 2004), Tokyo, Japan, 2004, pp. 1-2.
26. Y. Mansour, N. Nisan and P. Tiwari, The computational complexity of universal hashing, in: Proceedings of the 22nd Annual ACM Symposium on Theory of Computing, 1990, Baltimore, MD, USA, pp. 235-243.
27. A. Mashatan and D.R. Stinson, Non-interactive two-channel message authentication based on hybrid-collision resistant hash functions, IET Information Security 1(3) (2007), 111-118. (Pubitemid 47460143)
28. R. Mayrhofer andM.Welch, A human-verifiable authentication protocol using visible laser light, in: Proceedings of the 2nd International Conference on Availability, Reliability and Security (ARES), Vienna, Austria, 2007, pp. 1143-1148.
29. J.M. McCune, A. Perrig and M.K. Reiter, Seeing is believing: Using camera phones for humanverifiable authentication, International Journal of Security and Networks 4(1,2) (2009), 43-56.
30. A.J. Menezes, P.C. van Oorschot and S.A. Vanstone, Handbook of Applied Cryptography, CRC Press, Boca Raton, FL, 1996.
31. T. Moran and M. Naor, Polling with physical envelopes: A rigorous analysis of a human-centric protocol, in: Advances in Cryptology - Eurocrypt 2006, Lecture Notes in Computer Science, Vol. 4004, S. Vaudenay, ed., Springer-Verlag, Berlin/Heidelberg, 2006, pp. 88-108. (Pubitemid 44072235)
32. L.H. Nguyen, Authentication protocols in pervasive computing, PhD thesis, University of Oxford, 2010.
33. L.H. Nguyen and A.W. Roscoe, Authenticating ad-hoc networks by comparison of short digests, Information and Computation 206(2-4) (2008), 250-271.
34. L.H. Nguyen and A.W. Roscoe, New combinatorial bounds for universal families of hash functions, Report 2009/153, Cryptology ePrint Archive, 2009.
35. L.H. Nguyen and A.W. Roscoe, Efficient group authentication protocol based on human interaction, in: Proceedings of the Joint Workshop on Foundation of Computer Security and Automated Reasoning Protocol Security Analysis (FCS-ARSPA 2006), 2006, pp. 9-31.
36. L.H. Nguyen and A.W. Roscoe, Separating two roles of hashing in one-way message authentication, in: Proceedings of the Joint Workshop on Foundations of Computer Security, Automated Reasoning for Security Protocol Analysis and Issues in the Theory of Security (FCS-ARSPA-WITS 2008), 2008, pp. 195-210.
37. S. Pasini and S. Vaudenay, SAS-based authenticated key agreement, in: Proceedings of the 9th International Conference on Theory and Practice of Public-Key Cryptography (PKC 2006), Lecture Notes in Computer Science, Vol. 3958, M. Yung, Y. Dodis, A. Kiayias and T. Malkin, eds, Springer- Verlag, Berlin/Heidelberg, 2006, pp. 395-409. (Pubitemid 44029595)
38. S. Pasini and S. Vaudenay, An optimal non-interactive message authentication protocol, in: Proceedings of the Cryptographers' Track at the RSA Conference 2006 on Topics in Cryptology, Lecture Notes in Computer Science, Vol. 3860, D. Pointcheval, ed., Springer-Verlag, Berlin/Heidelberg, 2006, pp. 280-294. (Pubitemid 43971715)
39. R. Pass, On deniability in the common reference string and random oracle model, in: Advances in Cryptology - Crypto 2003, Lecture Notes in Computer Science, Vol. 2729, D. Boneh, ed., Springer- Verlag, Berlin/Heidelberg, 2003, pp. 316-337. (Pubitemid 137636950)
40. A.W. Roscoe, Human-centred computer security, 2005, available at: http://web.comlab.ox.ac.uk/ oucl/work/bill.roscoe/publications/113.pdf.
41. A.W. Roscoe, B. Chen and L.H. Nguyen, Improvements in communications security, WO Patent Application 2008078101.
42. A.W. Roscoe and L.H. Nguyen, Security in computing networks, WO Patent Application 2007052045.
43. A.W. Roscoe and L.H. Nguyen, Improvements related to the authentication of messages,WO Patent Application 2009153585.
44. N. Saxena, J.-E. Ekberg, K. Kostiainen and N. Asokan, Secure device pairing based on a visual channel, in: Proceedings of the 2006 IEEE Symposium on Security and Privacy, Oakland, CA, USA, 2006, pp. 306-313.
45. Simple Pairing Whitepaper, Bluetooth Special Interest Group, 2006, available at: www. bluetooth.com/NR/rdonlyres/0A0B3F36-D15F-4470-85A6- F2CCFA26F70F/0/SimplePairing-WP-V10r00.pdf.
46. N. Smart, Cryptography: An Introduction, McGraw-Hill, London, 2002.
47. F. Stajano and R. Anderson, The resurrecting duckling: Security issues for ad-hoc wireless networks, in: Proceedings of the 7th InternationalWorkshop on Security Protocols, Lecture Notes in Computer Science, Vol. 1796, B. Christianson, B. Crispo, J.A. Malcolm and M. Roe, eds, Springer-Verlag, Berlin/Heidelberg, 1999, pp. 172-194.
48. F. Stajano and R. Anderson, The cocaine auction protocol: on the power of anonymous broadcast, in: Proceedings of the 3rd International Workshop on Information Hiding, Lecture Notes in Computer Science, Vol. 1768, A. Pfitzmann, ed., Springer-Verlag, Berlin/Heidelberg, 2000, pp. 434-447.
49. D.R. Stinson, Universal hashing and authentication codes, in: Advances in Cryptology - Crypto 1991, Lecture Notes in Computer Science, Vol. 576, J. Feigenbaum, ed., Springer-Verlag, Berlin/Heidelberg, 1992, pp. 74-85.
50. J. Suomalainen, J. Valkonen and N. Asokan, Security associations in personal networks: A comparative analysis, in: Proceedings of the 4th European Workshop on Security and Privacy in Ad-hoc and Sensor Networks 2007, Lecture Notes in Computer Science, Vol. 4572, F. Stajano, C. Meadows, S. Capkun and T. Moore, eds, Springer-Verlag, Berlin/Heidelberg, 2007, pp. 43-57.
51. E. Uzun, K. Karvonen and N. Asonka, Usability analysis of secure pairing methods, in: Proceedings of the 11th International Conference on Financial Cryptography and Data Security (FC 2007) and the 1st International Workshop on Usable Security (USEC 2007), Lecture Notes in Computer Science, Vol. 4886, S. Dietrich and R. Dhamija, eds, Springer-Verlag, Berlin/Heidelberg, 2008, pp. 307-324.
52. J. Valkonen, N. Asokan and K. Nyberg, Ad-hoc security associations for groups, in: Proceedings of the 3rd European Workshop on Security and Privacy in Ad-hoc and Sensor Networks, Lecture Notes in Computer Science, Vol. 4357, L. Butty, V.D. Gligor and D.Westhoff, eds, Springer-Verlag, Berlin/Heidelberg, 2006, pp. 150-164.
53. S. Vaudenay, Secure communications over insecure channels based on short authenticated strings, in: Advances in Cryptology - Crypto 2005, Lecture Notes in Computer Science, Vol. 3621, V. Shoup, ed., Springer-Verlag, Berlin/Heidelberg, 2005, pp. 309-326. (Pubitemid 43902121)
54. A.F. Webster and S.E. Tavares, On the design of S-Boxes, in: Advances in Cryptology - Crypto 1985, Lecture Notes in Computer Science, Vol. 218, H.C. Williams, ed., Springer-Verlag, Berlin/Heidelberg, 1986, pp. 523-534.
55. M.N. Wegman and J.L. Carter, New hash functions and their use in authentication and set equality, Journal of Computer and System Sciences 22(3) (1981), 265-279. (Pubitemid 12444638)
56. F.-L. Wong and F. Stajano, Multi-channel protocols, in: Proceedings of the 13th International Workshop on Security Protocols, Lecture Notes in Computer Science, Vol. 4631, B. Christianson, B. Crispo, J.A. Malcolm and M. Roe, eds, Springer-Verlag, Berlin/Heidelberg, 2005, pp. 128-132.
57. F.-L. Wong and F. Stajano, Multi-channel security protocols, IEEE Pervasive Computing 6(4) (2007), 31-39.