Authentication and Key Management Automation in Decentralized Secure Email and Messaging via Low-entropy Secrets

Itzel Vazquez Sandoval; Arash Atashpendar; Gabriele Lenzini

Research.Publish.Connect.

*Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search *Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search *Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search *Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

Authentication and Key Management Automation in Decentralized Secure Email and Messaging via Low-entropy Secrets

Topics: Applied Cryptography; Identification, Authentication and Non-Repudiation; Peer-To-Peer Security; Privacy; Security Protocols

In Proceedings of the 17th International Joint Conference on e-Business and Telecommunications SECRYPT - Volume 1, 167-179, 2020 , Lieusaint - Paris, France

Authors: Itzel Vazquez Sandoval ¹ ; Arash Atashpendar ² and Gabriele Lenzini ¹

Affiliations: ¹ SnT, University of Luxembourg, Luxembourg ; ² SnT, University of Luxembourg, Luxembourg, itrust Consulting, Luxembourg

Keyword(s): Authentication, Key Management, Secure Email and Messaging, Password-Authenticated Key Exchange.

Abstract: We revisit the problem of entity authentication in decentralized end-to-end encrypted email and secure messaging to propose a practical and self-sustaining cryptographic solution based on password-authenticated key exchange (PAKE). This not only allows users to authenticate each other via shared low-entropy secrets, e.g., memorable words, without a public key infrastructure or a trusted third party, but it also paves the way for automation and a series of cryptographic enhancements; improves security by minimizing the impact of human error and potentially improves usability. First, we study a few vulnerabilities in voice-based out-of-band authentication, in particular a combinatorial attack against lazy users, which we analyze in the context of a secure email solution. Next, we propose solving the problem of secure equality test using PAKE to achieve entity authentication and to establish a shared high-entropy secret key. Our solution lends itself to offline settings, compatible with the inherently asynchronous nature of email and modern messaging systems. The suggested approach enables enhancements in key management such as automated key renewal and future key pair authentications, multi-device synchronization, secure secret storage and retrieval, and the possibility of post-quantum security as well as facilitating forward secrecy and deniability in a primarily symmetric-key setting. We also discuss the use of auditable PAKEs for mitigating a class of online guess and abort attacks in authentication protocols. (More)

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 3.136.18.48

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

Vazquez Sandoval, I.; Atashpendar, A. and Lenzini, G. (2020). Authentication and Key Management Automation in Decentralized Secure Email and Messaging via Low-entropy Secrets. In Proceedings of the 17th International Joint Conference on e-Business and Telecommunications - SECRYPT; ISBN 978-989-758-446-6; ISSN 2184-7711, SciTePress, pages 167-179. DOI: 10.5220/0009834001670179

@conference{secrypt20,
author={Itzel {Vazquez Sandoval}. and Arash Atashpendar. and Gabriele Lenzini.},
title={Authentication and Key Management Automation in Decentralized Secure Email and Messaging via Low-entropy Secrets},
booktitle={Proceedings of the 17th International Joint Conference on e-Business and Telecommunications - SECRYPT},
year={2020},
pages={167-179},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0009834001670179},
isbn={978-989-758-446-6},
issn={2184-7711},
}

TY - CONF

JO - Proceedings of the 17th International Joint Conference on e-Business and Telecommunications - SECRYPT
TI - Authentication and Key Management Automation in Decentralized Secure Email and Messaging via Low-entropy Secrets
SN - 978-989-758-446-6
IS - 2184-7711
AU - Vazquez Sandoval, I.
AU - Atashpendar, A.
AU - Lenzini, G.
PY - 2020
SP - 167
EP - 179
DO - 10.5220/0009834001670179
PB - SciTePress