Cryptanalysis of a privacy-preserving behavior-oriented authentication scheme

09/14/2022
by   Sigurd Eskeland, et al.
0

Continuous authentication has been proposed as a complementary security mechanism to password-based authentication for computer devices that are handled directly by humans, such as smart phones. Continuous authentication has some privacy issues as certain user features and actions are revealed to the authentication server, which is not assumed to be trusted. Wei et al. proposed in 2021 a privacy-preserving protocol for behavioral authentication that utilizes homomorphic encryption. The encryption prevents the server from obtaining sampled user features. In this paper, we show that the Wei et al. scheme is insecure regarding both an honest-but-curious server and an active eavesdropper. We present two attacks: The first attack enables the authentication server to obtain the secret user key, plaintext behavior template and plaintext authentication behavior data from encrypted data. The second attack enables an active eavesdropper to restore the plaintext authentication behavior data from the transmitted encrypted data.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
09/14/2022

A Generic Privacy-Preserving Protocol For Keystroke Dynamics-Based Continuous Authentication

Continuous authentication utilizes automatic recognition of certain user...
research
11/14/2017

PassBio: Privacy-Preserving User-Centric Biometric Authentication

The proliferation of online biometric authentication has necessitated se...
research
08/15/2021

An authentication model based on cryptography

In this paper we proposed an authentication technique based on the user ...
research
10/07/2022

mPSAuth: Privacy-Preserving and Scalable Authentication for Mobile Web Applications

As nowadays most web application requests originate from mobile devices,...
research
05/30/2023

Accountable authentication with privacy protection: The Larch system for universal login

Credential compromise is hard to detect and hard to mitigate. To address...
research
11/24/2021

Privacy-Preserving Biometric Matching Using Homomorphic Encryption

Biometric matching involves storing and processing sensitive user inform...
research
11/23/2022

Privacy-Preserving Application-to-Application Authentication Using Dynamic Runtime Behaviors

Application authentication is typically performed using some form of sec...

Please sign up or login with your details

Forgot password? Click here to reset