Bayesian Authentication: Quantifying Security of the Hancke-Kuhn Protocol
Abstract
As mobile devices pervade physical space, the familiar authentication patterns are becoming insufficient. For example, besides entity authentication, many applications require location authentication. Many interesting protocols have been proposed and implemented to provide such strengthened forms of authentication, but there are very few proofs that such protocols satisfy the required security properties. In some cases, the proofs can be provided in the symbolic model. More often, various physical factors invalidate the perfect cryptography assumption, and the symbolic model does not apply. In such cases, the protocol cannot be secure in an absolute logical sense, but only with a high probability. But while probabilistic reasoning is thus necessary, the analysis in the full computational model may not be warranted, since the protocol security does not depend on any computational assumptions, or on an attacker's computational power, but only on some guessing chances. We refine the Dolev-Yao algebraic method for protocol analysis by a probabilistic model of guessing, needed to analyze protocols that mix weak cryptography with physical properties of nonstandard communication channels. Applying this model, we provide a precise security proof for a proximity authentication protocol, due to Hancke and Kuhn, that uses probabilistic reasoning to achieve its goals.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jan 01, 2010
- Accession Number
- ADA530769
Entities
People
- Catherine Meadows
- Dusko Pavlovic
Organizations
- United States Naval Research Laboratory