1. No category

Adv

Mistyping in Two-Factor PasswordAssisted Key Exchange
Vlad Kolesnikov
Charles Rackoff
(Bell Labs)
(U. Toronto)
All Rights Reserved © Alcatel-Lucent 2006, 2007
This talk
People often mistype (obvious)
It is easy to overlook
Formal approach is subtle
All Rights Reserved © Alcatel-Lucent 2006, 2007
Warm-up
Alice goes to an ATM. Adv looks over her shoulder
(and controls the network).
Alice’s PIN = 1234
A: 0000
B: Wrong
A: 0000
B: Wrong
A: 0000
B: Wrong
Adv learned PIN 
Q: Anything else?
0000
Can design a secure protocol, where Adv checks 3 passwords of his choice
Natural variants of [HK99] (and its fix [KR06]) have this feature
This feature is not an insecurity, but should be understood.
All Rights Reserved © Alcatel-Lucent 2006, 2007
Mistyping should not be outside of the model
Definition of Robust Fuzzy Extractors (RFE) [B+05,D+06] should have stronger
guarantees when fingerprint is meta-mistyped (misread beyond the errorcorrection distance).
 Their RFE construction satisfies stronger requirements.
 Their generic KE from RFE is insecure when funky RFE are used.
Denial of Access resistance of [KR06] on two-factor KE is vulnerable when
parties mistype.
All Rights Reserved © Alcatel-Lucent 2006, 2007
How to model mistyping
 Adv can mess with the fingerprint reader
 Adv can perform social engineering attacks
Adv should be able to effect any mistyping on users.
All Rights Reserved © Alcatel-Lucent 2006, 2007
What is so hard about the definition?
Current KE definitions do not model mistyping by honest players
Secure protocols are “free to be bad” in many creative ways

Leaking when C mistypes (randomly or to something related)
Long keys = opportunities to be bad
Protocol can send encrypted messages to other instances of itself. Protocol’s
actions can depend on global state.

Leak if a specific sequence of mistyping occurred (e.g. p+1,p+1,p,0,p-2).
Difficulty – cannot give too much power to Adv of the definition because of
use of short keys and precise allowed quantitative advantage.
All Rights Reserved © Alcatel-Lucent 2006, 2007
Summary
Mistyping causes subtle issues – give examples.
Give the first mistyping-secure definitions
Justify them (prove that any badness of a secure protocol can be exploited
without mistyping)
Give protocols
All Rights Reserved © Alcatel-Lucent 2006, 2007

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz