A scalable transitive human-verifiable authentication protocol for mobile devices

IEEE Transactions on Information Forensics and Security

Volumn 8, Issue 8, 2013, Pages 1318-1330

  Chen, Chien Ming ^a,b   Wang, King Hang ^c   Wu, Tsu Yang ^a,b   Pan, Jeng Shyang ^a,b   Sun, Hung Min ^d  

^a HARBIN INSTITUTE OF TECHNOLOGY   (China)

^b Shenzhen Key Laboratory of Internet Information Collaboration   (China)

^c Hong Kong Institute of Technology   (Hong Kong)

^d NATIONAL TSING HUA UNIVERSITY   (Taiwan)

Author keywords

Human verifiable authentication protocol; mobile security

Indexed keywords

AUTHENTICATION PROTOCOLS; CONFERENCE KEY; FORMAL PROOFS; HAND HELD DEVICE; MAN-IN-THE-MIDDLE (MITM) ATTACK; MOBILE SECURITY; SESSION KEY;

MOBILE DEVICES;

HAND HELD COMPUTERS;

EID: 84880649806     PISSN: 15566013     EISSN: None     Source Type: Journal    
DOI: 10.1109/TIFS.2013.2270106     Document Type: Article

References (31)

1. S. M. Bellovin and M. Merritt, "Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise," in Proc. 1st ACM Conf. Comput. and Communications Security, 1993, pp. 244-250.
2. D. P. Jablon, "Strong password-only authenticated key exchange," ACM SIGCOMM Comput. Commun. Rev., vol. 26, no. 5, pp. 5-26, 1996.
3. T.Wu, "The secure remote password protocol," in Proc. Symp. Internet Soc. Network and Distributed Syst. Security, 1998, vol. 1, pp. 97-111.
4. V. Boyko, P. MacKenzie, and S. Patel, "Provably secure passwordauthenticated key exchange using Diffie-Heilman," in Proc. Advances in Cryptology-Eurocrypt, 2000, pp. 156-171.
5. M. Bellare and P. Rogaway, "Entity authentication and key distribution," in Proc. Advances in Cryptology-CRYPTO, 1993, vol. 773, pp. 232-249.
6. S. Blake-Wilson and A. Menezes, "Entity authentication and authenticated key transport protocols employing asymmetric techniques," in Proc. Security Protocols Workshop, 1997, vol. 97.
7. A. Perrig and D. Song, "Hash visualization: A new technique to improve real-world security," in Proc. Int. Workshop on Cryptographic Techniques and E-Commerce, 1999, pp. 131-138.
8. C. Gehrmann, C. Mitchell, and K. Nyberg, "Manual authentication for wireless devices," RSA Cryptobytes, vol. 7, no. 1, pp. 29-37, 2004.
9. D. Balfanz, D. Smetters, P. Stewart, and H. Wong, "Talking to strangers: Authentication in ad-hoc wireless networks," in Proc. 9th Symp. on Network and Distributed Syst. Security, San Diego, CA, USA, 2002.
10. J. M. McCune, A. Perrig, andM. K. Reiter, "Seeing-is-believing: using camera phones for human-verifiable authentication," in Proc. IEEE Symp. on Security and Privacy, 2005, pp. 110-124.
11. M. Goodrich, M. Sirivianos, J. Solis, G. Tsudik, and E. Uzun, "Loud and clear: Human-verifiable authentication based on audio," in Proc. ICDCS, Lisboa, Portugal, 2006.
12. C.-H. O. Chen, "Gangs: Gather, authenticate' n group securely," in Proc. 4th ACM Int. Conf. Mobile Computing and Networking, ACM, New York, NY, USA, 2008, pp. 92-103.
13. M. Rohs and B. Gfeller, "Using camera-equipped mobile phones for interacting with real-world objects," in Proc. Advances in Pervasive Computing, 2004, pp. 265-271.
14. A. Joux, "A one round protocol for tripartite Diffie-Hellman," J. Cryptology, vol. 17, no. 4, pp. 263-276, 2004.
15. S. Bluetooth, The official Bluetooth wireless info site, 2001.
16. M. Jakobsson and S. Wetzel, "Security weaknesses in Bluetooth," Topics in Cryptology-XCT-RSA, pp. 176-191, 2001.
17. S. Vaudenay, "Secure communications over insecure channels based on short authenticated strings," in Proc. Advances in Cryptology, 2005, vol. 5, pp. 309-326.
18. S. Laur, N. Asokan, and K. Nyberg, "Efficient mutual data authentication using manually authenticated strings," in Proc. 5th Int. Conf. Cryptology and Network Security, 2006, pp. 90-107.
19. S. Capkun, J. Hubaux, and L. Buttyan, "Mobility helps security in ad hoc networks," in Proc. 4th ACMSymp.Mobile ad hoc Networking and Computing, 2003, pp. 46-56.
20. R. Barua, R. Dutta, and P. Sarkar, "Extending Joux's protocol to multi party key agreement," Prog. Cryptology-INDOCRYPT, pp. 205-217, 2003.
21. F. Z. R. Safavi-Naini and W. Susilo, "An efficient signature scheme from bilinear pairings and its applications," in Public Key Cryptography-PKC 2004. New York, NY, USA: Springer, 2004, pp. 277-290.
22. T. Wu, T. Tsai, and Y. M. Tseng, "A revocable id-based signcryption scheme," J. Inf. Hiding Multimedia Signal Process., vol. 3, pp. 240-251, 2012.
23. M. Bellare and P. Rogaway, "Provably secure session key distribution: the three party case," in Proc. 27th ACM Symp. Theory of Computing, 1995, pp. 57-66.
24. J. Krhovjak, V. Matyas, and J. Zizkovsky, "Generating random and pseudorandom sequences in mobile devices," Security and Privacy in Mobile Inf. Commun. Syst., pp. 122-133, 2009.
25. Y. Wang, W.-K. Yu, S. Wu, G. Malysa, G. E. Suh, and E. C. Kan, "Flash memory for ubiquitous hardware security functions: True random number generation and device fingerprints," in Proc. IEEE Symp. Security and Privacy, 2012, pp. 33-47.
26. M. G. Kuhn, "Optical time-domain eavesdropping risks of crt displays," in Proc. IEEE Symp. Security and Privacy, 2002, pp. 3-18.
27. M. G. Kuhn, "Compromising emanations of LCD TV sets," in Proc. IEEE Int. Symp. Electromagnetic Compatibility, 2011, pp. 931-936.
28. E. Uzun, K. Karvonen, and N. Asokan, "Usability analysis of secure pairing methods," Financial Cryptography and Data Security, pp. 307-324, 2007.
29. Kuo C. Reduction of End User Errors in the Design of Scalable, Secure Communication 2008 Ph.D. thesis, Carnegie Mellon Univ., Pittsburgh, PA, USA
30. ISO/IEC 18004:2000. Information Technology-Automatic Identification and Data Capture Techniques-bar Code Symbology-QR Code 2000.
31. ZBar bar Code Reader, Jul. 2011 [Online]. Available: http://zbar. sourceforge.net/