On the linearization of human identification protocols: Attacks based on linear algebra, coding theory, and lattices

Hassan Jameel Asghar, Ron Steinfeld, Shujun Li, Mohamed Ali Kaafar, Josef Pieprzyk

Research output: Contribution to journalArticlepeer-review

7 Citations (Scopus)

Abstract

Human identification protocols are challenge-response protocols that rely on human computational ability to reply to random challenges from the server based on a public function of a shared secret and the challenge to authenticate the human user. One security criterion for a human identification protocol is the number of challenge-response pairs the adversary needs to observe before it can deduce the secret. In order to increase this number, protocol designers have tried to construct protocols that cannot be represented as a system of linear equations or congruences. In this paper, we take a closer look at different ways from algebra, lattices, and coding theory to obtain the secret from a system of linear congruences. We then show two examples of human identification protocols from literature that can be transformed into a system of linear congruences. The resulting attack limits the number of authentication sessions these protocols can be used before secret renewal. Prior to this paper, these protocols had no known upper bound on the number of allowable sessions per secret.

Original languageEnglish
Article number7083737
Pages (from-to)1643-1655
Number of pages13
JournalIEEE Transactions on Information Forensics and Security
Volume10
Issue number8
DOIs
Publication statusPublished - 1 Aug 2015
Externally publishedYes

Fingerprint Dive into the research topics of 'On the linearization of human identification protocols: Attacks based on linear algebra, coding theory, and lattices'. Together they form a unique fingerprint.

Cite this