|
In order to establish a secure communication channel, each communicating party needs some method to authenticate the other, lest it unwittingly establish a channel with the adversary instead. Current techniques for authentication often rely on passwords and/or the public-key infrastructure (PKI). Both of these methods have considerable drawbacks since passwords are frequently breached, and PKI relies on central authorities which have proven to be less than reliable. Thus there is a need to use other sources of information for the communicating parties to authenticate each other. Such information should be at least partially unavailable to the adversary since the adversary can pretend to be one of the parties. Many natural sources of such information such as visual passwords or physical tokens are noisy, and don't give the same result each time they are accessed.
This project investigates new techniques for using realistic noisy sources in authentication, without necessarily reconciling the values. It combines ideas from a variety of related lines of research, including information reconciliation, secure computation, password-based key agreement, program obfuscation, and locality-sensitive hashing. If successful, it will lead to better authentication solutions than are currently deployed. The investigators have contributed to standardization work in professional organizations like IEEE and ITEF, and have collaborated with industry.
|
TWC: Small: Noisy Secrets as Alternatives to Passwords and PKI