On the Matsumoto and Imai human identification scheme
01 Sep 1995-Vol. 142, Iss: 5, pp 313-317
TL;DR: In this paper several attacks are discussed to investigate the security of Matsumoto and Imai's human identification scheme, and a modified scheme is proposed to avoid these attacks.
Abstract: At Eurocrypt'91, Matsumoto and Imai presented a human identification scheme suitable for the human ability of memorising and processing a short secret. It protects against an intruder peeping as a user enters authentication information on a terminal connected to the authentication server. In this paper several attacks are discussed to investigate the security of their scheme. A modified scheme is proposed to avoid these attacks.
Citations
More filters
14 Aug 2005
TL;DR: This paper analyzes a particular human-to-computer authentication protocol designed by Hopper and Blum (HB), and shows it to be practical for low-cost pervasive devices, and proves the security of the HB+ protocol against active adversaries based on the hardness of the Learning Parity with Noise (LPN) problem.
Abstract: Forgery and counterfeiting are emerging as serious security risks in low-cost pervasive computing devices. These devices lack the computational, storage, power, and communication resources necessary for most cryptographic authentication schemes. Surprisingly, low-cost pervasive devices like Radio Frequency Identification (RFID) tags share similar capabilities with another weak computing device: people.
These similarities motivate the adoption of techniques from human-computer security to the pervasive computing setting. This paper analyzes a particular human-to-computer authentication protocol designed by Hopper and Blum (HB), and shows it to be practical for low-cost pervasive devices. We offer an improved, concrete proof of security for the HB protocol against passive adversaries.
This paper also offers a new, augmented version of the HB protocol, named HB+, that is secure against active adversaries. The HB+ protocol is a novel, symmetric authentication protocol with a simple, low-cost implementation. We prove the security of the HB+ protocol against active adversaries based on the hardness of the Learning Parity with Noise (LPN) problem.
767 citations
Cites background from "On the Matsumoto and Imai human ide..."
...Earlier work by Matsumoto and Imai [29] and Matsumoto [28] propose human authentication protocols that are good for a small number of authentications [ 41 ]....
[...]
09 Dec 2001
TL;DR: This paper provides definitions of what they believe to be reasonable goals for secure human identification and demonstrates that existing solutions do not meet these reasonable definitions and provides solutions which demonstrate the feasibility of the security conditions attached to these definitions, but which are impractical for use by humans.
Abstract: One interesting and important challenge for the cryptologic community is that of providing secure authentication and identification for unassisted humans. There are a range of protocols for secure identification which require various forms of trusted hardware or software, aimed at protecting privacy and financial assets. But how do we verify our identity, securely, when we don't have or don't trust our smart card, palmtop, or laptop?
In this paper, we provide definitions of what we believe to be reasonable goals for secure human identification. We demonstrate that existing solutions do not meet these reasonable definitions. Finally, we provide solutions which demonstrate the feasibility of the security conditions attached to our definitions, but which are impractical for use by humans.
567 citations
Cites background from "On the Matsumoto and Imai human ide..."
...Papers by Matsumoto and Imai [3],Wang et al [ 4 ],and Matsumoto [5] provide schemes which are sufficient for a small number of authentications....
[...]
20 May 2007
TL;DR: This work presents attacks against two cognitive authentication schemes, designed to be secure against eavesdropping attacks while relying only on human cognitive skills, that are not secure against an eavesdropping adversary.
Abstract: We present attacks against two cognitive authentication schemes [9] proposed at the 2006 IEEE Symposium on Security and Privacy. These authentication schemes are designed to be secure against eavesdropping attacks while relying only on human cognitive skills. They achieve authentication via challenge response protocols based on a shared secret set of pictures. Our attacks use a SAT solver to recover a user's secret key in a few seconds, after observing only a small number of successful logins. These attacks demonstrate that the authentication schemes of [9] are not secure against an eavesdropping adversary.
81 citations
Cites background from "On the Matsumoto and Imai human ide..."
...Early protocols [5, 8] allowed only for a small number of secure authentications with the same secret....
[...]
01 Jan 1996
TL;DR: This paper develops human-friendly identification schemes such that a human prover knowing a secret key is asked a visual question by a machine verifier, who then checks if an answer sent from the prover matches the question with respect to the key.
Abstract: Can you securely prove your identity to a host computer by using no dedicated software at your terminal and no dedicated token at your hands? Conventional password checking schemes do not need such a software and hardware but have a disadvantage that an attacker who has correctly observed an input password by peeping or wiretapping can perfectly impersonate the corresponding user. Conventional dynamic (one-time) password schemes or zero-knowledge identification schemes can be securely implemented but require special software or hardware or memorandums. This paper develops human-friendly identification schemes such that a human prover knowing a secret key in her or his brain is asked a visual question by a machine verifier, who then checks if an answer sent from the prover matches the question with respect to the key. The novelty of these schemes lies in their ways of displaying questions. This paper also examines an application of the human identification schemes to human-computer cryptographic communication protocols.
79 citations
08 Mar 2005
TL;DR: This article treats RFID tags as a model for other low-cost pervasive devices, and describes some of their practical constraints, and highlights one particular human-computer authentication protocol, due to Hopper and Blum, that is immediately adaptable to low- cost RFID.
Abstract: Unique and challenging security problems arise due to the scarcity of computational, storage, and power resources in the low-cost pervasive computing environment. Particularly relevant examples of resource-constrained systems are low-cost radio frequency identification (RFID) systems. Surprisingly, the computational abilities of low-cost pervasive devices like RFID tags are similar to another pervasive, weak computing "device": people. Neither low-cost pervasive devices nor people can efficiently perform public-key or even symmetric cryptographic operations. Neither can store long random strings nor devote too much time or energy to security protocols. Both may need to authenticate themselves over a public channel to an untrusted terminal, without any outside help or external devices. Because of these similarities, pervasive security may benefit by adapting techniques from human-computer security, or vice versa. This article treats RFID tags as a model for other low-cost pervasive devices, and describes some of their practical constraints. Several parallels between the pervasive and human-computer security settings are discussed. Finally, this article highlights one particular human-computer authentication protocol, due to Hopper and Blum, that is immediately adaptable to low-cost RFID. Borrowing techniques from Hopper and Blum, or other human-computer protocols could lead to practical pervasive security protocols.
64 citations
Cites background from "On the Matsumoto and Imai human ide..."
...Matsumoto and Imai [34] and Matsumoto [33] also proposed authentication protocols that could authenticate a person a limited number of times [ 49 ]....
[...]