Detecting Failed Attacks on Human-Interactive Security Protocols

  • A. W. RoscoeEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10368)


One of the main challenges in pervasive computing is how we can establish secure communication over an untrusted high-bandwidth network without any initial knowledge or a Public Key Infrastructure. An approach studied by a number of researchers is building security though involving humans in a low-bandwidth “empirical” out-of-band channel where the transmitted information is authentic and cannot be faked or modified. A survey of such protocols can be found in [9]. Many protocols discussed there achieve the optimal amount of authentication for a given amount of human work. However it might still be attractive to attack them if a failed attack might be misdiagnosed as a communication failure and therefore remain undetected. In this paper we show how to transform protocols of this type to make such misdiagnosis essentially impossible. We introduce the concept of auditing a failed protocol run and show how to enable this.


The author thanks Long Nguyen, Peter Ryan, Catherine Meadows and Thomas Gibson-Robinson for useful conversations on this work.


  1. 1.
    Time-Lock Encryption (2011).
  2. 2.
    Wikipedia article on ZRTP.
  3. 3.
    Bangdao, C., Roscoe, A.W.: Mobile electronic identity: securing payment on mobile phones. In: Ardagna, C.A., Zhou, J. (eds.) WISTP 2011. LNCS, vol. 6633, pp. 22–37. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-21040-2_2 CrossRefGoogle Scholar
  4. 4.
    Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)MathSciNetCrossRefzbMATHGoogle Scholar
  5. 5.
    Hoepman, J.-H.: Ephemeral pairing on anonymous networks. In: Hutter, D., Ullmann, M. (eds.) SPC 2005. LNCS, vol. 3450, pp. 101–116. Springer, Heidelberg (2005). doi: 10.1007/978-3-540-32004-3_12 CrossRefGoogle Scholar
  6. 6.
    Hoepman, J.-H.: The ephemeral pairing problem. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, pp. 212–226. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-27809-2_22 CrossRefGoogle Scholar
  7. 7.
    Nguyen, L.H., Roscoe, A.W.: Efficient group authentication protocol based on human interaction. In: Proceedings of the Joint Workshop on Foundation of Computer Security and Automated Reasoning Protocol Security Analysis (FCS-ARSPA 2006), pp. 9–31 (2006)Google Scholar
  8. 8.
    Nguyen, L.H., Roscoe, A.W.: Authenticating ad-hoc networks by comparison of short digests. Inf. Comput. 206(2–4), 250–271 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    Nguyen, L.H., Roscoe, A.W.: Authentication protocols based on low-bandwidth unspoofable channels: a comparative survey. J. Comput. Secur. 19(1), 139–201 (2011)CrossRefGoogle Scholar
  10. 10.
    Nguyen, L.H., Roscoe, A.W.: Short-output universal hash functions and their use in fast and secure data authentication. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 326–345. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-34047-5_19 CrossRefGoogle Scholar
  11. 11.
    Rivest, R.L., Shamir, A., Wagner, D.A.: Time-lock puzzles and timed-release crypto (1996).
  12. 12.
    Roscoe, A.W.: Human-centred computer security (2005).
  13. 13.
    Vaudenay, S.: Secure communications over insecure channels based on short authenticated strings. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 309–326. Springer, Heidelberg (2005). doi: 10.1007/11535218_19 CrossRefGoogle Scholar
  14. 14.

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Department of Computer ScienceOxford UniversityOxfordUK

Personalised recommendations