当前位置: X-MOL 学术Int. J. Inf. Secur. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
User-mediated authentication protocols and unforgeability in key collision
International Journal of Information Security ( IF 2.4 ) Pub Date : 2019-11-19 , DOI: 10.1007/s10207-019-00479-2
Britta Hale

User interaction constitutes a largely unexplored field in protocol analysis, even in instances where the user takes an active role as a trusted third party, such as in the Internet of Things (IoT) device initialization protocols. Initializing the formal modeling of 3-party authentication protocols where one party is a physical user, this research introduces the 3-party possession user-mediated authentication (3-PUMA) model. The 3-PUMA model addresses active user participation in a protocol which is designed to authenticate possession of a fixed data string—such as in IoT device commissioning. Using the 3-PUMA model, we provide a computational analysis of the ISO/IEC 9798-6:2010 standard’s Mechanism 7a authentication protocol which includes a user interface and interaction as well as a device-to-device channel. Furthermore, we introduce existential unforgeability under key collision attacks (EUF-KCA) and provide a corresponding security experiment. We show that the security of ISO/IEC 9798-6:2010 Mechanism 7a relies upon EUF-KCA MAC security. Since it is unknown whether any standardized MAC algorithm achieves EUF-KCA security, this research demonstrates a potential vulnerability in the standard.



中文翻译:

用户介导的身份验证协议和密钥冲突中的不可伪造性

即使在用户扮演受信任的第三方的主动角色的情况下(例如在物联网(IoT)设备初始化协议中),用户交互也构成协议分析中未开发的领域。初始化其中一方是物理用户的3方身份验证协议的正式模型,本研究介绍了3方拥有用户介导的身份验证(3-PUMA)模型。3-PUMA模型解决了用户积极参与协议的问题,该协议旨在验证对固定数据字符串的拥有权,例如在IoT设备调试中。使用3-PUMA模型,我们对ISO / IEC 9798-6:2010标准的7a机制认证协议进行了计算分析,该协议包括用户界面和交互以及设备到设备通道。此外,我们介绍了在密钥冲突攻击(EUF-KCA)下存在的不可伪造性,并提供了相应的安全性实验。我们表明,ISO / IEC 9798-6:2010机制7a的安全性依赖于EUF-KCA MAC安全性。由于尚不清楚任何标准化的MAC算法是否能达到EUF-KCA安全性,因此本研究证明了该标准中的潜在漏洞。

更新日期:2019-11-19
down
wechat
bug