Authentication and Key Management Automation in Decentralized Secure Email and Messaging via Low-Entropy Secrets

by   Itzel Vazquez Sandoval, et al.

We revisit the problem of entity authentication in decentralized end-to-end encrypted email and secure messaging to propose a practical and self-sustaining cryptographic solution based on password-authenticated key exchange (PAKE). This not only allows users to authenticate each other via shared low-entropy secrets, e.g., memorable words, without a public key infrastructure or a trusted third party, but it also paves the way for automation and a series of cryptographic enhancements; improves security by minimizing the impact of human error and potentially improves usability. First, we study a few vulnerabilities in voice-based out-of-band authentication, in particular a combinatorial attack against lazy users, which we analyze in the context of a secure email solution. Next, we propose solving the problem of secure equality test using PAKE to achieve entity authentication and to establish a shared high-entropy secret key. Our solution lends itself to offline settings, compatible with the inherently asynchronous nature of email and modern messaging systems. The suggested approach enables enhancements in key management such as automated key renewal and future key pair authentications, multi-device synchronization, secure secret storage and retrieval, and the possibility of post-quantum security as well as facilitating forward secrecy and deniability in a primarily symmetric-key setting. We also discuss the use of auditable PAKEs for mitigating a class of online guess and abort attacks in authentication protocols.


PakeMail: authentication and key management in decentralized secure email and messaging via PAKE

We propose the use of PAKE for achieving and enhancing entity authentica...

Fragment-synthesis-based multiparty cryptographic key distribution over a public network

A secure optical communication requires both high transmission efficienc...

Supporting tangible multi-factor key exchange in households

A common approach to securing end-to-end connectivity between devices on...

On the Everlasting Security of Password-Authenticated Quantum Key Exchange

Quantum Key Distribution, introduced in 1984 in the seminal paper of Ben...

TUSH-Key: Transferable User Secrets on Hardware Key

Passwordless authentication was first tested for seamless and secure mer...

AuthStore: Password-based Authentication and Encrypted Data Storage in Untrusted Environments

Passwords are widely used for client to server authentication as well as...

Cross-Layer Authentication Protocol Design for Ultra-Dense 5G HetNets

Creating a secure environment for communications is becoming a significa...

Please sign up or login with your details

Forgot password? Click here to reset