Abstract
This paper describes biometric-based cryptographic techniques that use weak secrets to provide strong, multi-factor and mutual authentication, and establish secure channels for subsequent communications. These techniques rely on lightweight cryptographic algorithms for confidential information exchange. Lightweight algorithms are suitable for use in resource constrained environments such as the Internet of Things where implementations require efficient execution, limited access to memory and small code size. Password Authenticated Key Exchange, and Biometric Authenticated Key Exchange protocols based on user knowledge extracted from biometric sensor data, both rely on weak secrets. These secrets are shared between a client and an access controlled server, and used as inputs to Diffie-Hellman key establishment schemes. Diffie-Hellman provides forward secrecy, prevents user credentials from being exposed during identity authentication attempts, and thwarts man-in-the-middle and phishing attacks. This paper describes the operation of these protocols using an adaptive knowledge substitution process that frequently modifies the weak secrets used for protocol operation without requiring disruptive user password changes. The password substitution strings used to implement this process can be far longer and more complex than the weak secrets people can easily memorize. The process described in this paper allows people with diverse abilities to use simple, easily recalled, quickly entered passwords and still benefit from the strength of long, complex strings when operating cryptographic protocols.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
ICT Consultation: The ICT opportunity for a disability-inclusive development framework (2013). http://www.itu.int/accessibility. Accessed 25 Feb 2017
Mayron, L.M., Hausawi, Y., Bahr, G.S.: Secure, usable biometric authentication systems. In: International Conference on Universal Access in Human-Computer Interaction, pp. 195–204. Springer, Heidelberg, July 2013. https://www.researchgate.net/profile/Gisela_Bahr/publication/. Accessed 22 Feb 2017
Center for excellence in universal design: cardholder authentication (2013). http://universaldesign.ie/Technology-ICT/Irish-National-IT-Accessibility-Guidelines/Smart-Cards/Making-Smart-Card-Services-Accessible/Cardholder-Authentication/. Accessed 25 Feb 2017
International Organization for Standardization/ International Electrotechnical Commission: ISO/IEC 11770-4
Hao, F., Shahandashti, S.F.: The SPEKE protocol revisited. In: Chen, L., Mitchell, C. (eds.) Security Standardisation Research: First International Conference, SSR 2014, pp. 26–38, London, UK, 16–17 December 2014. https://eprint.iacr.org/2014/585.pdf. Accessed 23 Feb 2017
Griffin, P.H.: Biometric-based cybersecurity techniques. In: Advances in Human Factors in Cybersecurity, pp. 43–53. Springer, Switzerland (2016)
Griffin, P.H.: Transport layer secured password-authenticated key exchange. Inf. Syst. Secur. Assoc. (ISSA) J. 13(6) (2015)
Griffin, P.H.: Biometric knowledge extraction for multi-factor authentication and key exchange. Procedia Comput. Sci. 61, 66–71 (2015). Complex Adaptive Systems Proceedings, Elsevier B.V.
Griffin, P.H.: Telebiometric authentication objects. Procedia Comput. Sci. 36, 393–400 (2014). Complex Adaptive Systems Proceedings, Elsevier B.V.
International Telecommunications Union (ITU) Broadband Commission for Sustainable Development: Digital Health: A Call for Government Leadership and Cooperation between ICT and Health (2017). Accessed 28 Feb 2017. http://www.broadbandcommission.org/Documents/publications/WorkingGroupHealthReport-2017.pdf
World Health Organization, Atlas of eHealth Country Profiles 2015: The use of eHealth in support of universal health coverage. http://www.who.int/goe/publications/atlas_2015/en/. Accessed 28 Feb 2017
Dinu, D., Le Corre, Y., Khovratovich, D., Perrin, L., Großschädl, J., Biryukov, A.: Triathlon of lightweight block ciphers for the internet of things. IACR Cryptology ePrint Archive, p. 209 (2015)
Griffin, P.: Secure authentication on the internet of things. In: IEEE SoutheastCon, April, 2017
Bogdanov, A. et al.: PRESENT: an ultra-lightweight block cipher. In: Paillier P., Verbauwhede I. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2007. Lecture Notes in Computer Science, vol. 4727. Springer, Heidelberg (2007). https://link.springer.com/chapter/10.1007/978-3-540-74735-2_31. Accessed 22 Jan 2017
Shirai T., Shibutani K., Akishita T., Moriai S., Iwata T.: The 128-bit blockcipher CLEFIA. In: Biryukov A. (ed.) Fast Software Encryption, FSE 2007. Lecture Notes in Computer Science, vol. 4593. Springer, Heidelberg (2007). https://link.springer.com/chapter/10.1007/978-3-540-74619-5_12. Accessed 18 Jan 2017
International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC): ISO/IEC 29192-2 Information technology – Security techniques – Lightweight cryptography – Part 2: Block ciphers (2012)
Biryukov, A., Roy, A., Velichkov, V.: Differential analysis of block ciphers SIMON and SPECK. In: Fast Software Encryption, pp. 546–570. Springer, Heidelberg (2014)
Biryukov, A., Velichkov, V., Le Corre, Y.: Automatic search for the best trails in arx: application to block cipher speck. In: Fast Software Encryption–FSE (2016)
Bhasin, S., Graba, T., Danger, J., Najm, Z.: A look into SIMON from a side-channel perspective. In: 2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 56–59. IEEE (2014)
Vicars, W.: American Sign Language (ASL) (2011). http://www.lifeprint.com. Accessed 14 Jan 2017
Zhang, Y., Monrose, F., Reiter, M.K.: The security of modern password expiration: an algorithmic framework and empirical analysis. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 176–186. ACM (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Griffin, P.H. (2018). Adaptive Weak Secrets for Authenticated Key Exchange. In: Nicholson, D. (eds) Advances in Human Factors in Cybersecurity. AHFE 2017. Advances in Intelligent Systems and Computing, vol 593. Springer, Cham. https://doi.org/10.1007/978-3-319-60585-2_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-60585-2_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-60584-5
Online ISBN: 978-3-319-60585-2
eBook Packages: EngineeringEngineering (R0)