Human Computing for Handling Strong Corruptions in Authenticated Key Exchange

International audienceWe propose the first user authentication and key exchange protocols that can tolerate strong corruptions on the client-side. If a user happens to log in to a server from a terminal that has been fully compromised, then the other past and future user's sessions initiated from honest terminals stay secure. We define the security model for Human Authenticated Key Exchange (HAKE) protocols and first propose two generic protocols based on human-compatible (HC) function family, password-authenticated key exchange (PAKE), commitment, and authenticated encryption. We prove our HAKE protocols secure under reasonable assumptions and discuss efficient instantiations. We thereafter propose a variant where the human gets help from a small device such as RSA SecurID. This permits to implement an HC function family with stronger security and thus allows to weaken required assumptions on the PAKE. This leads to the very efficient HAKE which is still secure in case of strong corruptions. We believe that our work will promote further developments in the area of human-oriented cryptography

Human Computing for Handling Strong Corruptions in Authenticated Key Exchange

Presented on March 10, 2017 at 12:00 p.m. in t he Klaus Advanced Computer Building, Room 1116W.Shan Chen is a Ph.D. student in the School of Computer Science at the Georgia Institute of Technology. His research interests are in the areas of cryptography and applied cryptography.Runtime: 30:32 minutesPh.D. Student Shan Chen presents user authentication and key exchange protocols that can tolerate strong corruptions on the client-side. He will define the security model for Human Authenticated Key Exchange (HAKE) protocols and propose two generic protocols based on human-compatible (HC) functions, password-authenticated key exchange (PAKE), commitment, and authenticated encryption. Chen will prove that HAKE protocols can remain secure under reasonable assumptions and will discuss efficient instantiations. He'll also propose a variant where users get help from a small device such as RSA SecurID. This allows implementation of an HC function with stronger security and weakens required assumptions on the PAKE. Overall, this leads to the very efficient HAKE, which can withstand strong corruptions