International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Intrusion-Resilient Authentication in the Limited Communication Model

Authors:
David Cash
Yan Zong Ding
Wenke Lee
Richard Lipton
Download:
URL: http://eprint.iacr.org/2005/409
Search ePrint
Search Google
Abstract: We describe a general technique for building authentication systems that resist compromises at the client side. We derive this resistance by storing key information on hardware fast enough for valid use but too slow for an intruder (e.g., a virus) to capture much of the key before being detected and removed. We give formal models for two types of protocols: user authentication and authenticated session-key generation. The first can be used for physical authentication tokens, e.g., used for gaining access to a building. The second can be used for conducting secure remote sessions on laptops that are occasionally infected by viruses. We present and analyze protocols for each of these tasks and describe how they can be implemented. With one example setting of parameters, in the case of user authentication, we are able to guarantee security for 6 months using a device storing 384MB, and in the key generation protocol, a 128GB drive guarantees that an adversary would need 700 days to compromise the key information. The model for intrusion resilience considered in this paper was first introduced by Dagon et al. \cite{DLL05} and motivated by the bounded storage model for cryptography \cite{Mau92}. Recently Dziembowski \cite{Dzi05} independently developed this model, and studied the same problems as the ones addressed in this paper. Our user authentication protocol is essentially the same as that of \cite{Dzi05}, while our authenticated session-key generation protocol builds on that of \cite{Dzi05}.
BibTeX
@misc{eprint-2005-12742,
  title={Intrusion-Resilient Authentication in the Limited Communication Model},
  booktitle={IACR Eprint archive},
  keywords={cryptographic protocols / Intrusion Resilience, Limited Communication Model, User Authentication, Authenticated Session Key Generation, Bounded Storage Model, Randomness Extractors, Non-Malleable Coin Tossing},
  url={http://eprint.iacr.org/2005/409},
  note={ cdc@cc.gatech.edu 13685 received 15 Nov 2005, last revised 15 Nov 2005, withdrawn 21 Jun 2007},
  author={David Cash and Yan Zong Ding and Wenke Lee and Richard Lipton},
  year=2005
}