User-mediated authentication protocols and unforgeability in key collision

The article of record as published may be found at https://doi.org/10.1007/s10207-019-00479-2User interaction constitutes a largely unexplored field in protocol analysis, even in instances where the user takes an active role as a trusted third party, such as in the Internet of Things (IoT) device initialization protocols. Initializing the formal modeling of 3-party authentication protocols where one party is a physical user, this research introduces the 3-party possession user- mediated authentication (3-PUMA) model. The 3-PUMA model addresses active user participation in a protocol which is designed to authenticate possession of a fixed data string—such as in IoT device commissioning. Using the 3-PUMA model, we provide a computational analysis of the ISO/IEC 9798-6:2010 standard’s Mechanism 7a authentication protocol which includes a user interface and interaction as well as a device-to-device channel. Furthermore, we introduce existential unforgeability under key collision attacks (EUF-KCA) and provide a corresponding security experiment. We show that the security of ISO/IEC 9798-6:2010 Mechanism 7a relies upon EUF-KCA MAC security. Since it is unknown whether any standardized MAC algorithm achieves EUF-KCA security, this research demonstrates a potential vulnerability in the standard.This research was in part performed while the author was at NPS and supported in part by an NPS RIP Grant (internal university Grant, no Grant No.).This research was in part performed while the author was at NPS and supported in part by an NPS RIP Grant (internal university Grant, no Grant No.)