Skip to main content

2014 | Buch

Authentication in Insecure Environments

Using Visual Cryptography and Non-Transferable Credentials in Practise

insite
SUCHEN

Über dieses Buch

Sebastian Pape discusses two different scenarios for authentication. On the one hand, users cannot trust their devices and nevertheless want to be able to do secure authentication. On the other hand, users may not want to be tracked while their service provider does not want them to share their credentials. Many users may not be able to determine whether their device is trustworthy, i.e. it might contain malware. One solution is to use visual cryptography for authentication. The author generalizes this concept to human decipherable encryption schemes and establishes a relationship to CAPTCHAS. He proposes a new security model and presents the first visual encryption scheme which makes use of noise to complicate the adversary's task. To prevent service providers from keeping their users under surveillance, anonymous credentials may be used. However, sometimes it is desirable to prevent the users from sharing their credentials. The author compares existing approaches based on non-transferable anonymous credentials and proposes an approach which combines biometrics and smartcards.

Inhaltsverzeichnis

Frontmatter
1. Introduction
Abstract
During the last decades there has been an enormous growth of computing, communication, and storage capacities [HL11]. The reasons for this growth are manifold. Commerce uses the internet as a basis for sales and customer relationship management, the industry computerises their processes, and communication and discussion in the society is changed by social websites, permanent accessibility via mobile devices and omnipresent internet access. In this environment users face the problem that they lose track of what is going on in their devices and which parties they can trust. Given this fact, we need to clarify what we mean by the term insecure. While there are lots of scenarios imaginable regarding an insecure environment, we focus on two cases in this work. In the first scenario, we assume the user’s device is not trustworthy, but he nevertheless wants to be able to use it for secure authentications. In the second scenario, a user has a trustworthy device, but does not want to be tracked by the party verifying the authentication. Additionally, the user should not be able to lend his credentials to someone else. In the next paragraphs we discuss both scenarios in more detail.
Sebastian Pape

Preliminaries

Frontmatter
2. Mathematical and Cryptographic Foundation
Abstract
This section introduces cryptographic primitives and their foundation. The presentation follows common notations and definitions. To keep these preliminaries short and readable, we omit some special cases and slightly simplify certain definitions when the omitted exceptions are of no interest here. We assume the reader is familiar with general probability theory and basic group theory, even though we give a short introduction into the latter in Sect. 2.1.2.
Sebastian Pape

Human Decipherable Encryption Schemes

Frontmatter
3. Introduction, Scenario, and Related Work
Abstract
In today’s life, the internet plays an important role. Many services shift to the internet (online banking, online shopping, media streaming and download services), business processes heavily rely on the internet (submitting claims, help desks) and it is widely used for personal communication (social networking, email). The widespread use make services an attractive aim for attackers. Thus, it is no surprise that many of this services require the user’s authentication. However, often no secure channel is established to the user himself and the secure channel already ends on the user’s device. If a website requires the user to log in via password, at best the site is using a connection secured with SSL. However, on the one hand, average users do not properly check SSL certificates and if certificate verification fails they ignore the warning box due to so many websites with invalid certificates.
Sebastian Pape
4. Human Decipherable Encryption Scheme
Abstract
At first, we define four sets suitable for the domains and codomains of the encoding and encryption functions defined in the next subsections. As mentioned in Sect. 2.2, messages are encrypted with a key to ciphertexts as shown in Fig. 4.1a. Without anticipating the following subsections, we point out that messages are first encoded and then encrypted with a key distinguishing between codings and encryptions (see Fig. 4.1). Therefore the following definitions introduce messages, codings, ciphertexts and keys consisting of characters from a particular alphabet which fit into the notion one may intuitively expect.
Sebastian Pape
5. Human Decipherable Encryption Schemes Based on Dice Codings
Abstract
This chapter introduces the original dice coding scheme invented by DOBERITZ [Dob08]. We show that the proposed encryption scheme based on dice codings allows adversaries to gain much more information than wanted. As a first attempt to overcome this structural weakness we propose an enhanced version which adds noise to the ciphertexts to better hide the plaintext.
Sebastian Pape
6. Conclusion and Future Work
Abstract
Based on previous research of visual cryptography, we gave another description of visual encryption schemes by distinguishing between encoding and encryption, which allowed us to study the properties of the used encoding and encryption schemes independently. Additionally, we defined the notion of human decipherable encryption schemes (HDES), a generalisation of visual encryption schemes and their relation to Completely Automated Public Turing Tests to Tell Computers and Humans Apart (CAPTCHAs). The observation was that existing game-based security models for indistinguishability are too strong and do not suit the requirements for human decipherable encryption schemes, we defined the notion of sample-or-random ciphertext only (SOR-CO) security as a consequence. We also showed that the sample-or-random ciphertext-only (SOR-CO) security model gives a weaker notion of security than the real-or-random chosen plaintext (ROR-CPA) security model.
Sebastian Pape

Non-Transferable Anonymous Credentials

Frontmatter
7. Introduction, Scenario, and Related Work
Abstract
Most cryptographic primitives for authentication schemes in the digital world are based on the knowledge of a private key or secret, for example digital signatures or zero-knowledge proofs. In many cases there is an (at least) implicit binding of the secret to a person. If you receive a signed mail, you assume it is signed by the regular owner of the private key; if you authenticate yourself with a zero-knowledge proof, you are expected not to give the secret to another person. On the other hand, one may not put too many trust into this assumption since this secrets are eventually digital data which can be copied without evidence. Two obvious situations come to one’s mind: On the one hand, cryptographic secrets are not very memorisable for human beings in general, so they are usually stored somewhere, where they could be stolen. On the other hand, the user may want to share his secret with somebody while the authorising organisation does not want him to do so.
Sebastian Pape
8. Privacy and Data Security
Abstract
PFITZMANN and KÖHNTOPP give a proposal for a terminology based on early papers in this area [PK01]. Building on that, they improved the terminology [PH10] in the following years. The terms in this work are based on their work in combination with a discussion of BRANDS [Bra07] and CAMERON [Cam13] via their blogs in 2007. For this work, a vague notion of these terms is sufficient. For a more detailed discussion, we refer the reader to the literature cited above. For a taxonomy of privacy in legal terms we recommend the work of SOLOVE [Sol06].
Sebastian Pape
9. Analysis of Non-Transferable Anonymous Credentials
Abstract
As mentioned above, it is sometimes desirable to prevent users from sharing their credentials. In general, there are two well-known approaches. One approach tries to make the credential more protection deserving for the prover by embedding additional valuable secrets into the system. The aim is to make it unpleasant for the prover to share the credential by connecting it with other systems. The other approach is of more technical nature and tries to prevent the prover from sharing credentials by embedding biometric access control. Of course, it should be guaranteed that this access control does not break the user’s anonymity.
Sebastian Pape
10. Conclusion and Future Work
Abstract
We compared two general approaches aiming to ensure non-transferability for anonymous credentials: biometric enforced non-transferability and non-transferability based on embedded valuable secrets. Not surprisingly, the weakest points are the biometric sensors and finding meaningful (valuable) secrets for the user. Both approaches are not able to ensure perfect non-transferability, but may be sufficient depending on the values to protect.
Sebastian Pape

Outlook and Appendix

Frontmatter
11. Summary, Conclusion and Outlook
Abstract
After a short introduction on notation and fundamentals, we presented some motivation and proposed scenarios for visual encryption schemes. Based on previous research of visual cryptography, we gave alternative description of visual encryption schemes by distinguishing between encoding and encryption. This allowed us to study the properties of the used encoding and encryption scheme independently. Furthermore, we defined the notion of human decipherable encryption schemes (HDES), which are a generalisation of visual encryption schemes.
Sebastian Pape
Backmatter
Metadaten
Titel
Authentication in Insecure Environments
verfasst von
Sebastian Pape
Copyright-Jahr
2014
Electronic ISBN
978-3-658-07116-5
Print ISBN
978-3-658-07115-8
DOI
https://doi.org/10.1007/978-3-658-07116-5