Involving humans in the cryptographic loop: introduction and threat analysis of EEVEHAC
Hekkala, Julius; Nikula, Sara; Latvala, Outi-Marja; Halunen, Kimmo (2021-07-09)
Hekkala, J.; Nikula, S.; Latvala, O. and Halunen, K. (2021). Involving Humans in the Cryptographic Loop: Introduction and Threat Analysis of EEVEHAC. In Proceedings of the 18th International Conference on Security and Cryptography - SECRYPT, ISBN 978-989-758-524-1; ISSN 2184-7711, pages 659-664. DOI: 10.5220/0010517806590664
© 2021 by SCITEPRESS – Science and Technology Publications, Lda. All rights reserved. Published under a Creative Commons CC-BY-NC-ND license.
https://creativecommons.org/licenses/by-nc-nd/4.0/
https://urn.fi/URN:NBN:fi-fe2021102151932
Tiivistelmä
Abstract
Our digital lives rely on modern cryptography that is based on complicated mathematics average human users cannot follow. Previous attempts at adding the human user into the cryptographic loop include things like Human Authenticated Key Exchange and visualizable cryptography. This paper presents our proof-of-concept implementation of these ideas as a system called EEVEHAC. It utilizes human capabilities to achieve an endto- end encrypted channel between a user and a server that is authenticated with human senses and can be used through untrusted environments. The security of this complete system is analyzed. We find that the combination of the two different systems into EEVEHAC on a theoretical level retains the security of the individual systems. We also identify the weaknesses of this implementation and discuss options for overcoming them.
Kokoelmat
- Avoin saatavuus [31939]