Top

Published in:

2018 | OriginalPaper | Chapter

Adaptive Weak Secrets for Authenticated Key Exchange

Author : Phillip H. Griffin

Published in: Advances in Human Factors in Cybersecurity

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

This paper describes biometric-based cryptographic techniques that use weak secrets to provide strong, multi-factor and mutual authentication, and establish secure channels for subsequent communications. These techniques rely on lightweight cryptographic algorithms for confidential information exchange. Lightweight algorithms are suitable for use in resource constrained environments such as the Internet of Things where implementations require efficient execution, limited access to memory and small code size. Password Authenticated Key Exchange, and Biometric Authenticated Key Exchange protocols based on user knowledge extracted from biometric sensor data, both rely on weak secrets. These secrets are shared between a client and an access controlled server, and used as inputs to Diffie-Hellman key establishment schemes. Diffie-Hellman provides forward secrecy, prevents user credentials from being exposed during identity authentication attempts, and thwarts man-in-the-middle and phishing attacks. This paper describes the operation of these protocols using an adaptive knowledge substitution process that frequently modifies the weak secrets used for protocol operation without requiring disruptive user password changes. The password substitution strings used to implement this process can be far longer and more complex than the weak secrets people can easily memorize. The process described in this paper allows people with diverse abilities to use simple, easily recalled, quickly entered passwords and still benefit from the strength of long, complex strings when operating cryptographic protocols.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Cybersecurity Management Through Logging Analytics

next chapter Internet of Things and Distributed Denial of Service Mitigation

ICT Consultation: The ICT opportunity for a disability-inclusive development framework (2013). http://www.itu.int/accessibility. Accessed 25 Feb 2017

Mayron, L.M., Hausawi, Y., Bahr, G.S.: Secure, usable biometric authentication systems. In: International Conference on Universal Access in Human-Computer Interaction, pp. 195–204. Springer, Heidelberg, July 2013. https://www.researchgate.net/profile/Gisela_Bahr/publication/. Accessed 22 Feb 2017

Center for excellence in universal design: cardholder authentication (2013). http://universaldesign.ie/Technology-ICT/Irish-National-IT-Accessibility-Guidelines/Smart-Cards/Making-Smart-Card-Services-Accessible/Cardholder-Authentication/. Accessed 25 Feb 2017

International Organization for Standardization/ International Electrotechnical Commission: ISO/IEC 11770-4

Hao, F., Shahandashti, S.F.: The SPEKE protocol revisited. In: Chen, L., Mitchell, C. (eds.) Security Standardisation Research: First International Conference, SSR 2014, pp. 26–38, London, UK, 16–17 December 2014. https://eprint.iacr.org/2014/585.pdf. Accessed 23 Feb 2017

Griffin, P.H.: Biometric-based cybersecurity techniques. In: Advances in Human Factors in Cybersecurity, pp. 43–53. Springer, Switzerland (2016)

Griffin, P.H.: Transport layer secured password-authenticated key exchange. Inf. Syst. Secur. Assoc. (ISSA) J. 13(6) (2015)

Griffin, P.H.: Biometric knowledge extraction for multi-factor authentication and key exchange. Procedia Comput. Sci. 61, 66–71 (2015). Complex Adaptive Systems Proceedings, Elsevier B.V.CrossRef

Griffin, P.H.: Telebiometric authentication objects. Procedia Comput. Sci. 36, 393–400 (2014). Complex Adaptive Systems Proceedings, Elsevier B.V.CrossRef

10.

International Telecommunications Union (ITU) Broadband Commission for Sustainable Development: Digital Health: A Call for Government Leadership and Cooperation between ICT and Health (2017). Accessed 28 Feb 2017. http://www.broadbandcommission.org/Documents/publications/WorkingGroupHealthReport-2017.pdf

11.

World Health Organization, Atlas of eHealth Country Profiles 2015: The use of eHealth in support of universal health coverage. http://www.who.int/goe/publications/atlas_2015/en/. Accessed 28 Feb 2017

12.

Dinu, D., Le Corre, Y., Khovratovich, D., Perrin, L., Großschädl, J., Biryukov, A.: Triathlon of lightweight block ciphers for the internet of things. IACR Cryptology ePrint Archive, p. 209 (2015)

13.

Griffin, P.: Secure authentication on the internet of things. In: IEEE SoutheastCon, April, 2017

14.

Bogdanov, A. et al.: PRESENT: an ultra-lightweight block cipher. In: Paillier P., Verbauwhede I. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2007. Lecture Notes in Computer Science, vol. 4727. Springer, Heidelberg (2007). https://link.springer.com/chapter/10.1007/978-3-540-74735-2_31. Accessed 22 Jan 2017

15.

Shirai T., Shibutani K., Akishita T., Moriai S., Iwata T.: The 128-bit blockcipher CLEFIA. In: Biryukov A. (ed.) Fast Software Encryption, FSE 2007. Lecture Notes in Computer Science, vol. 4593. Springer, Heidelberg (2007). https://link.springer.com/chapter/10.1007/978-3-540-74619-5_12. Accessed 18 Jan 2017

16.

International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC): ISO/IEC 29192-2 Information technology – Security techniques – Lightweight cryptography – Part 2: Block ciphers (2012)

17.

Biryukov, A., Roy, A., Velichkov, V.: Differential analysis of block ciphers SIMON and SPECK. In: Fast Software Encryption, pp. 546–570. Springer, Heidelberg (2014)

18.

Biryukov, A., Velichkov, V., Le Corre, Y.: Automatic search for the best trails in arx: application to block cipher speck. In: Fast Software Encryption–FSE (2016)

19.

Bhasin, S., Graba, T., Danger, J., Najm, Z.: A look into SIMON from a side-channel perspective. In: 2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 56–59. IEEE (2014)

20.

Vicars, W.: American Sign Language (ASL) (2011). http://www.lifeprint.com. Accessed 14 Jan 2017

21.

Zhang, Y., Monrose, F., Reiter, M.K.: The security of modern password expiration: an algorithmic framework and empirical analysis. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 176–186. ACM (2010)

Title: Adaptive Weak Secrets for Authenticated Key Exchange
Author: Phillip H. Griffin
Publisher: Springer International Publishing
Book: Advances in Human Factors in Cybersecurity
Print ISBN: 978-3-319-60584-5

Electronic ISBN: 978-3-319-60585-2

Copyright Year: 2018
DOI: https://doi.org/10.1007/978-3-319-60585-2_2

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner