Demo: Human-Computable One-Time Passwords

2022 IEEE/ACM 7th Symposium on Edge Computing (SEC) Pub Date : 2022-12-01 DOI:10.1109/SEC54971.2022.00034

Slawomir Matelski

{"title":"Demo: Human-Computable One-Time Passwords","authors":"Slawomir Matelski","doi":"10.1109/SEC54971.2022.00034","DOIUrl":null,"url":null,"abstract":"This demo shows an enhanced alternative to the Multi-Factor Authentication (MFA) methods. The improvement lies in the elimination of any supplementary gadgets/devices or theft-sensitive biometric data, by substituting it with direct human-computer authentication. This approach remains secure also in untrusted systems and environments. Despite the use of different identification factors by MFA methods, the basic condition for reliable authentication is the use of the intelligence of the human brain, in the form of a static password. For security reasons, it is recommended to use different passwords for each online account. As a result, users often adopt insecure password practices (e.g., reuse or weak password) or they have to frequently reset their passwords. We solved this problem in such a way that the user reconstructs each of his passwords, calculating the response to the public challenge according to his secret by performing simple mathematical operations, i.e. adding modulo 10. For each internet account, such a challenge must be stored on the server with the correct response as a hashed password, but only the user needs to know the secret, only one secret as a universal private key for all these accounts. This secret key is used by our innovative challenge-response protocol for human-generated One-Time Passwords (OTP) based on a hard lattice problem with noise introduced by our new method which we call Learning with Options (LWO). This secret has the form of an outline like a kind of handwritten autograph (Fig. 1), designed in invisible ink. The password generation process requires following such an invisible contour, similar to a manual autograph, and it can also be done offline on paper documents with an acceptable level of security and usability meeting the requirements for post-quantum symmetric cyphers and commercial implementation also in the field of IoT. Many attempts to achieve this goal have been made for over 30 years since Matsumoto's first publication in 1991, but only two protocols have been commercially implemented: strong but very slow HB, presented by Hopper and Blum in 2000 [2], and easy and fast but very weak grIDsure (GS) presented by Brostoff et al. in 2010 [3]. Our iChip scheme has security properties better than HB and usability close to GS, while eliminating their drawbacks.","PeriodicalId":364062,"journal":{"name":"2022 IEEE/ACM 7th Symposium on Edge Computing (SEC)","volume":"47 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE/ACM 7th Symposium on Edge Computing (SEC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SEC54971.2022.00034","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

This demo shows an enhanced alternative to the Multi-Factor Authentication (MFA) methods. The improvement lies in the elimination of any supplementary gadgets/devices or theft-sensitive biometric data, by substituting it with direct human-computer authentication. This approach remains secure also in untrusted systems and environments. Despite the use of different identification factors by MFA methods, the basic condition for reliable authentication is the use of the intelligence of the human brain, in the form of a static password. For security reasons, it is recommended to use different passwords for each online account. As a result, users often adopt insecure password practices (e.g., reuse or weak password) or they have to frequently reset their passwords. We solved this problem in such a way that the user reconstructs each of his passwords, calculating the response to the public challenge according to his secret by performing simple mathematical operations, i.e. adding modulo 10. For each internet account, such a challenge must be stored on the server with the correct response as a hashed password, but only the user needs to know the secret, only one secret as a universal private key for all these accounts. This secret key is used by our innovative challenge-response protocol for human-generated One-Time Passwords (OTP) based on a hard lattice problem with noise introduced by our new method which we call Learning with Options (LWO). This secret has the form of an outline like a kind of handwritten autograph (Fig. 1), designed in invisible ink. The password generation process requires following such an invisible contour, similar to a manual autograph, and it can also be done offline on paper documents with an acceptable level of security and usability meeting the requirements for post-quantum symmetric cyphers and commercial implementation also in the field of IoT. Many attempts to achieve this goal have been made for over 30 years since Matsumoto's first publication in 1991, but only two protocols have been commercially implemented: strong but very slow HB, presented by Hopper and Blum in 2000 [2], and easy and fast but very weak grIDsure (GS) presented by Brostoff et al. in 2010 [3]. Our iChip scheme has security properties better than HB and usability close to GS, while eliminating their drawbacks.

查看原文本刊更多论文

演示:人类可计算的一次性密码

这个演示展示了多因素身份验证(MFA)方法的增强替代方案。改进之处在于，通过直接的人机认证，消除了任何附加的小工具/设备或对盗窃敏感的生物识别数据。这种方法在不受信任的系统和环境中也是安全的。尽管MFA方法使用了不同的识别因素，但可靠认证的基本条件是使用人脑的智能，以静态密码的形式。出于安全考虑，建议每个在线帐户使用不同的密码。因此，用户经常使用不安全的密码(例如，重用或弱密码)，或者他们必须经常重置密码。我们解决这个问题的方式是，用户重建他的每个密码，根据他的秘密进行简单的数学运算，即加模10，来计算对公开挑战的响应。对于每个互联网帐户，这样的挑战必须存储在服务器上，并以正确的响应作为散列密码，但只有用户需要知道秘密，只有一个秘密作为所有这些帐户的通用私钥。这个密钥被我们创新的挑战-响应协议用于人类生成的一次性密码(OTP)，该协议基于我们的新方法引入的带噪声的硬晶格问题，我们称之为带选项学习(LWO)。这个秘密有一个轮廓的形式，就像一种手写的签名(图1)，用隐形墨水设计。密码生成过程需要遵循这样一个无形的轮廓，类似于手动签名，也可以在纸质文档上离线完成，具有可接受的安全性和可用性，满足后量子对称密码和物联网领域商业实施的要求。自1991年Matsumoto首次发表以来，30多年来已经有许多人尝试实现这一目标，但只有两种协议得到了商业实现:Hopper和Blum于2000年提出的强但非常慢的HB[2]，以及Brostoff等人于2010年提出的简单快速但非常弱的grIDsure (GS)[3]。我们的iChip方案具有比HB更好的安全性和接近GS的可用性，同时消除了它们的缺点。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 IEEE/ACM 7th Symposium on Edge Computing (SEC)

自引率

0.00%

发文量