Cryptanalysis of a privacy-preserving behavior-oriented authentication scheme

التفاصيل البيبلوغرافية
العنوان:	Cryptanalysis of a privacy-preserving behavior-oriented authentication scheme
المؤلفون:	Eskeland, Sigurd, Baig, Ahmed Fraz
المصدر:	In Proceedings of the 19th International Conference on Security and Cryptography - SECRYPT 2022, ISBN 978-989- 758-590-6; ISSN 2184-7711, pages 299-304
سنة النشر:	2022
المجموعة:	Computer Science
مصطلحات موضوعية:	Computer Science - Cryptography and Security
الوصف:	Continuous authentication has been proposed as a complementary security mechanism to password-based authentication for computer devices that are handled directly by humans, such as smart phones. Continuous authentication has some privacy issues as certain user features and actions are revealed to the authentication server, which is not assumed to be trusted. Wei et al. proposed in 2021 a privacy-preserving protocol for behavioral authentication that utilizes homomorphic encryption. The encryption prevents the server from obtaining sampled user features. In this paper, we show that the Wei et al. scheme is insecure regarding both an honest-but-curious server and an active eavesdropper. We present two attacks: The first attack enables the authentication server to obtain the secret user key, plaintext behavior template and plaintext authentication behavior data from encrypted data. The second attack enables an active eavesdropper to restore the plaintext authentication behavior data from the transmitted encrypted data. Comment: Eskeland, S. and Baig, A. (2022). Cryptanalysis of a Privacy-preserving Behavior-oriented Authentication Scheme. In Proceedings of the 19th International Conference on Security and Cryptography - SECRYPT, ISBN 978-989- 758-590-6; ISSN 2184-7711, pages 299-304
نوع الوثيقة:	Working Paper
DOI:	10.5220/001114030000328
URL الوصول:	http://arxiv.org/abs/2209.06556
رقم الأكسشن:	edsarx.2209.06556
قاعدة البيانات:	arXiv

الوصف
DOI:	10.5220/001114030000328