AUTHORS
Ms. Marwa Mouallem
Technion Univ., USA
Dr. Ittay Eyal
Technion Univ., Israel
ABSTRACT
A myriad of authentication mechanisms embody a continuous evolution from verbal passwords in ancient times to contemporarymulti-factor authentication: Cryptocurrency wallets advanced from a single signing key to using a handful of well-kept credentials, and for online services, the infamous “security questions” were all but abandoned. Nevertheless, digital asset heists and numerous identity theft cases illustrate the urgent need to revisit the fundamentals of user authentication.We abstract away credential details and formalize the general, common case of asynchronous authentication, with unbounded message propagation time. Given credentials’ fault probabilities (e.g. loss or leak), we seek mechanisms with maximal success probability. Such analysis was not possible before due to the large number of possible mechanisms. We show that every mechanism is dominated by some Boolean mechanism—defined by a monotonic Boolean function on presented credentials. We present an algorithm for finding approximately optimal mechanisms by leveraging the problem structure to reduce complexity by orders of magnitude.The algorithm immediately revealed two surprising results: Accurately incorporating easily-lost credentials improves cryptocurrency wallet security by orders of magnitude. And novel usage of (easily-leaked) security questions improves authentication security for online services.
CCS CONCEPTS
- Security and privacy → Formal methods and theory of security; Authentication; Access control; • Theory of computation→ Distributed algorithms; KEYWORDS Authentication, asynchronous networks
ACM Reference Format:
Marwa Mouallem and Ittay Eyal. 2024. Asynchronous Authentication. In Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security (CCS ’24), October 14–18, 2024, Salt Lake City, UT, USA. ACM, New York, NY, USA, 15 pages.
Full Text: https://doi.org/10.1145/3658644.3670328