Authentication and Key Management Automation in Decentralized Secure Email and Messaging via Low-entropy Secrets

Sandoval, Itzel Vazquez; Atashpendar, Arash; Lenzini, Gabriele

doi:10.5220/0009834001670179

Cited by 2 publications

(3 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…pk authentication using SPAKE2 with refresh-then-MAC key confirmation for entity binding. (Originally presented as such in our previous work [48])…”

Section: An Instantiation Based On Spake2mentioning

confidence: 99%

“…Extended version. The main contributions of this work, which is an extended version of our previous paper [48], are as follows:…”

Section: Contributions and Structurementioning

confidence: 99%

“…Comparison of PAKE protocols. (Originally presented in[48] ) More DH; RLWE: Ring Learning With Errors solutions that do not operate in a purely decentralized and peer-to-peer setting in which one may wish to reduce the load on relay or buffer servers, e.g., Signal or OTR4, but the number of rounds would in general be arguably less of a concern. Note that KC can be added to schemes that do not have it by default at the cost of an extra round.…”

mentioning

confidence: 99%

See 2 more Smart Citations

PakeMail: authentication and key management in decentralized secure email and messaging via PAKE

Sandoval¹,

Atashpendar²,

Lenzini³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

We propose the use of password-authenticated key exchange (PAKE) for achieving and enhancing entity authentication (EA) and key management (KM) in the context of decentralized end-to-end encrypted email and secure messaging, i.e., where neither a public key infrastructure nor trusted third parties are used. This approach not only simplifies the EA process by requiring users to share only a low-entropy secret, e.g., a memorable word, but it also allows us to establish a high-entropy secret key; this key enables a series of cryptographic enhancements and security properties, which are hard to achieve using out-of-band (OOB) authentication. We first study a few vulnerabilities in voice-based OOB authentication, in particular a combinatorial attack against lazy users, which we analyze in the context of a secure email solution. We then propose tackling public key authentication by solving the problem of secure equality test using PAKE, and discuss various protocols and their properties. This method enables the automation of important KM tasks such as key renewal and future key pair authentications, reduces the impact of human errors, and lends itself to the asynchronous nature of email and modern messaging. It also provides cryptographic enhancements including multi-device synchronization and secure secret storage/retrieval, and paves the path for forward secrecy, deniability and post-quantum security. We also discuss the use of auditable PAKEs for mitigating a class of online guess and abort attacks in authentication protocols. To demonstrate the feasibility of our proposal, we present PakeMail, an implementation of the core idea, and discuss some of its cryptographic details, implemented features and efficiency aspects. We conclude with some design and security considerations, followed by future lines of work.

show abstract

“…pk authentication using SPAKE2 with refresh-then-MAC key confirmation for entity binding. (Originally presented as such in our previous work [48])…”

Section: An Instantiation Based On Spake2mentioning

confidence: 99%

“…Extended version. The main contributions of this work, which is an extended version of our previous paper [48], are as follows:…”

Section: Contributions and Structurementioning

confidence: 99%

mentioning

confidence: 99%

See 1 more Smart Citation