Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
131 tokens/sec
GPT-4o
10 tokens/sec
Gemini 2.5 Pro Pro
47 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Asynchronous Authentication (2312.13967v2)

Published 21 Dec 2023 in cs.CR and cs.DC

Abstract: A myriad of authentication mechanisms embody a continuous evolution from verbal passwords in ancient times to contemporary multi-factor authentication. Nevertheless, digital asset heists and numerous identity theft cases illustrate the urgent need to revisit the fundamentals of user authentication. We abstract away credential details and formalize the general, common case of asynchronous authentication, with unbounded message propagation time. Our model, which might be of independent interest, allows for eventual message delivery, while bounding execution time to maintain cryptographic guarantees. Given credentials' fault probabilities (e.g., loss or leak), we seek mechanisms with the highest success probability. We show that every mechanism is dominated by some Boolean mechanism -- defined by a monotonic Boolean function on presented credentials. We present an algorithm for finding approximately optimal mechanisms. Previous work analyzed Boolean mechanisms specifically, but used brute force, which quickly becomes prohibitively complex. We leverage the problem structure to reduce complexity by orders of magnitude. The algorithm is readily applicable to practical settings. For example, we revisit the common approach in cryptocurrency wallets that use a handful of high-quality credentials. We show that adding low-quality credentials improves security by orders of magnitude.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (43)
  1. J. EATON, “The political significance of the imperial watchword in the early empire,” Greece and Rome, vol. 58, no. 1, 2011.
  2. L. Bošnjak and B. Brumen, “Rejecting the death of passwords: Advice for the future,” Computer Science and Information Systems, vol. 16, 01 2019.
  3. K. Abhishek, S. Roshan, P. Kumar, and R. Ranjan, “A comprehensive study on multifactor authentication schemes,” in Advances in Computing and Information Technology, N. Meghanathan, D. Nagamalai, and N. Chaki, Eds.   Berlin, Heidelberg: Springer Berlin Heidelberg, 2013.
  4. “Using timelocks to protect digital assets,” https://github.com/BlockchainCommons/SmartCustody/blob/master/Docs/Timelocks.md, 2021, accessed, December 2023.
  5. “Argent smart wallet specification,” https://github.com/argentlabs/argent-contracts/blob/develop/specifications/specifications.pdf, 2021, accessed, December 2023.
  6. C. Li, L. Wang, S. Ji, X. Zhang, Z. Xi, S. Guo, and T. Wang, “Seeing is living? rethinking the security of facial liveness verification in the deepfake era,” in 31st USENIX Security Symposium (USENIX Security 22).   Boston, MA: USENIX Association, Aug. 2022. [Online]. Available: https://www.usenix.org/conference/usenixsecurity22/presentation/li-changjiang
  7. Federal Trade Commission, “Consumer sentinel network data book 2021,” February 2022.
  8. C. Team, “60% of bitcoin is held long term as digital gold. what about the rest?” https://blog.chainalysis.com/reports/bitcoin-market-data-exchanges-trading/, June 2020.
  9. P. Jha, “The aftermath of Axie Infinity’s $650m Ronin Bridge hack,” Cointelegraph, April 2022, https://cointelegraph.com/news/the-aftermath-of-axie-infinity-s-650m-ronin-bridge-hack.
  10. J. Bonneau, C. Herley, P. C. v. Oorschot, and F. Stajano, “The quest to replace passwords: A framework for comparative evaluation of web authentication schemes,” in 2012 IEEE Symposium on Security and Privacy, 2012.
  11. V. Zimmermann, N. Gerber, P. Mayer, M. Kleboth, A. von Preuschen, and K. Schmidt, “Keep on rating – on the systematic rating and comparison of authentication schemes,” Information and computer security., vol. 27, no. 5, 2019-11-11.
  12. A. Vaish, A. Sharma, and A. Sharma, “Review reports on user authentication methods in cyber security,” WSEAS TRANSACTIONS ON COMMUNICATIONS, vol. 19, 10 2020.
  13. I. Eyal, “On cryptocurrency wallet design,” in 3rd International Conference on Blockchain Economics, Security and Protocols (Tokenomics 2021).   Schloss Dagstuhl-Leibniz-Zentrum für Informatik, 2022.
  14. D. Maram, M. Kelkar, and I. Eyal, “Interactive authentication,” Cryptology ePrint Archive, Paper 2022/1682, 2022, https://eprint.iacr.org/2022/1682. [Online]. Available: https://eprint.iacr.org/2022/1682
  15. G. Mcshane, “What is a multisig wallet?” https://www.coindesk.com/learn/what-is-a-multisig-wallet/, 2022, accessed, December 2023.
  16. S. Nevil, “Bitcoin safe storage - cold wallet,” https://www.investopedia.com/news/bitcoin-safe-storage-cold-wallet/, 2023, accessed, December 2023.
  17. S. P. Otta, S. Panda, M. Gupta, and C. Hota, “A systematic survey of multi-factor authentication for cloud infrastructure,” Future Internet, vol. 15, no. 4, 2023. [Online]. Available: https://www.mdpi.com/1999-5903/15/4/146
  18. Z. A. Zukarnain, A. Muneer, and M. K. Ab Aziz, “Authentication securing methods for mobile identity: Issues, solutions and challenges,” Symmetry, vol. 14, no. 4, 2022. [Online]. Available: https://www.mdpi.com/2073-8994/14/4/821
  19. R. Morris and K. Thompson, “Password security: A case history,” Communications of the ACM, vol. 22, 05 2002.
  20. L. Lamport, “Password authentication with insecure communication,” Commun. ACM, vol. 24, no. 11, nov 1981. [Online]. Available: https://doi.org/10.1145/358790.358797
  21. Y. Zhu, T. Tan, and Y. Wang, “Biometric personal identification based on iris patterns,” in Proceedings 15th International Conference on Pattern Recognition. ICPR-2000, vol. 2, 2000.
  22. N. F. H. Salah Machani (RSA Security), “Fido alliance white paper: Choosing fido authenticators for enterprise use cases,” FIDO Alliance, Tech. Rep., 2022.
  23. J. G. Steiner, B. C. Neuman, and J. I. Schiller, “Kerberos: An authentication service for open network systems,” in USENIX Winter, 1988.
  24. “Coinbase wallet,” https://www.coinbase.com/wallet, accessed, December 2023.
  25. “Ledger hardware wallet,” https://www.ledger.com/, accessed, December 2023.
  26. “Trezor hardware wallet,” https://trezor.io/, accessed, December 2023.
  27. I. Velásquez, A. Caro, and A. Rodríguez, “Authentication schemes and methods: A systematic literature review,” Information and Software Technology, vol. 94, 2018. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0950584916301501
  28. M. Burrows, M. Abadi, and R. Needham, “A logic of authentication,” ACM Trans. Comput. Syst., vol. 8, no. 1, feb 1990. [Online]. Available: https://doi.org/10.1145/77648.77649
  29. N. Li, B. N. Grosof, and J. Feigenbaum, “Delegation logic: A logic-based approach to distributed authorization,” ACM Trans. Inf. Syst. Secur., vol. 6, no. 1, feb 2003. [Online]. Available: https://doi.org/10.1145/605434.605438
  30. “Cryptocurrency market size, share and growth report, 2030,” https://www.grandviewresearch.com/industry-analysis/cryptocurrency-market-report#, 2023, accessed, December 2023.
  31. “Non-fungible tokens (nft): Global market,” https://www.bccresearch.com/market-research/information-technology/nft-market.html, accessed: June 2023.
  32. J. Bonneau, A. Miller, J. Clark, A. Narayanan, J. A. Kroll, and E. W. Felten, “Sok: Research perspectives and challenges for bitcoin and cryptocurrencies,” in 2015 IEEE Symposium on Security and Privacy, 2015.
  33. S. Barber, X. Boyen, E. Shi, and E. Uzun, “Bitter to better — how to make bitcoin a better currency,” in Financial Cryptography and Data Security, A. D. Keromytis, Ed.   Berlin, Heidelberg: Springer Berlin Heidelberg, 2012.
  34. S. Hammann, S. Radomirović, R. Sasse, and D. Basin, “User account access graphs,” in Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ’19.   New York, NY, USA: Association for Computing Machinery, 2019. [Online]. Available: https://doi.org/10.1145/3319535.3354193
  35. C. Dwork and A. Roth, “The algorithmic foundations of differential privacy,” Found. Trends Theor. Comput. Sci., vol. 9, no. 3–4, p. 211–407, aug 2014. [Online]. Available: https://doi.org/10.1561/0400000042
  36. F. B. Schneider, “Implementing fault-tolerant services using the state machine approach: A tutorial,” ACM Comput. Surv., vol. 22, no. 4, dec 1990. [Online]. Available: https://doi.org/10.1145/98163.98167
  37. R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,” Commun. ACM, vol. 21, no. 2, p. 120–126, feb 1978. [Online]. Available: https://doi.org/10.1145/359340.359342
  38. Y. Pu, A. Farahbakhsh, L. Alvisi, and I. Eyal, “Gorilla: Safe permissionless byzantine consensus,” in 37th International Symposium on Distributed Computing, 2023.
  39. Y. Pu, L. Alvisi, and I. Eyal, “Safe permissionless consensus,” in 36th International Symposium on Distributed Computing, 2022.
  40. J. Wang and H. Wang, “Monoxide: Scale out blockchains with asynchronous consensus zones,” in 16th USENIX Symposium on Networked Systems Design and Implementation (NSDI 19).   Boston, MA: USENIX Association, Feb. 2019. [Online]. Available: https://www.usenix.org/conference/nsdi19/presentation/wang-jiaping
  41. J. Y. Halpern and Y. Moses, “Knowledge and common knowledge in a distributed environment,” J. ACM, vol. 37, no. 3, jul 1990. [Online]. Available: https://doi.org/10.1145/79147.79161
  42. E. Boros, V. Gurvich, P. L. Hammer, T. Ibaraki, and A. Kogan, “Decomposability of partially defined boolean functions,” Discrete Applied Mathematics, vol. 62, no. 1-3, 1995.
  43. L. V. Hirtum, P. D. Causmaecker, J. Goemaere, T. Kenter, H. Riebler, M. Lass, and C. Plessl, “A computation of d(9) using fpga supercomputing,” 2023.
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now