LU100728B1 - Human memory-based key generation and retrieval protocol arrangement for secure electronic signature generation - Google Patents
Human memory-based key generation and retrieval protocol arrangement for secure electronic signature generation Download PDFInfo
- Publication number
- LU100728B1 LU100728B1 LU100728A LU100728A LU100728B1 LU 100728 B1 LU100728 B1 LU 100728B1 LU 100728 A LU100728 A LU 100728A LU 100728 A LU100728 A LU 100728A LU 100728 B1 LU100728 B1 LU 100728B1
- Authority
- LU
- Luxembourg
- Prior art keywords
- key
- user
- input
- signature
- query
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/36—User authentication by graphic or iconic representation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/316—User authentication by observing the pattern of computer usage, e.g. typical user behaviour
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2143—Clearing memory, e.g. to prevent the data from being stolen
Abstract
The invention provides an alternative to key storage of public-key cryptosystems, which is usually one of the weakest points when attacked. This is because, no matter how secure the physical memory we use to store the private key, at one point authentication is required to retrieve it. Therefore, we are running two risks here: one being the risk of breaking the memory storing the key, the other is to get the authentication information (which can be knowledge-based, token-based or biometric). The alternative proposed needs no storage of the key, nor does it need the user to remember newly generated authentication information (e.g. password), which is of limited length. It instead relies on already existing knowledge (memory) of the user.
Description
LU100728
Human memory-based key generation and retrieval protocol andarrangement for secure electronic signature generation
Author: Lorand Szollosi (born: 1981-03-12, mother's maiden name: lldiko Foldesi)Document as of: 2018-03-12
Current technological level
Electronic signature generation algorithms exist since at least [RSA 78]. Currently the most wide-spreaded signature protocols are: • RSA [RSA 78] • DSA (DSS) [FIPS 186] • ECDSA [FIPS 186-4], used internally by BitCoin
There were so far 3 generations of electronic signature generation technologies: 1. PC (or other generic-purpose device) signature creation: A PC, tablet or smartphone stores the private key of the user, usually in an encrypted way,protected by password. This is considered currently completely insecure: if the password iscaptured, the attacker can make a copy of the private key, thereby forging signatures evenbackwards in time. If the device is infected by a virus, the key can be used to sign a documentdifferent than the one displayed to the user, thereby posing immeasurable risks. 2. Smart Card-based signature creation: A physical device stores the private key in a tamper-resistant memory, connecting to theterminal that displays the text to be signed via a channel which transmits only the documentand the signature, not the private key. This needs the device to be capable of creatingsignatures. Note that, while it seems as an advancement to the previous step as the key cannotbe captured, in reality it's equivalently vulnerable to the insecure terminal problem: theterminal might display a different text than the one sent to the device for signature. This doesnot allow private key capture, but it allows for forging signatures on any document if theterminal is vulnerable. 3. TeDiES (Hungarian Patent P0401823) and VISA CodeSure (US20130048712 et. al.)
The first secure solution according to our knowledge was Hungarian Patent P0401823 (Text-Displaying Electronic Signature Creation Device). This device contained all the necessaryelements of signature creation and verification: secure memory for the key, embedded in amicrocontroller that's able to produce signatures, tamper-resistant connection to a display forreviewing the text to be signed and a keypad to enter PIN code and control the process ofdocument display and signature creation. VISA CodeSure was patented much later and providedbasically the same elements on a bank card. It's not the purpose of this review to judge on thedifferences and similarities as the goal is to propose a technology that's superior to both ofthese. LU100728
The technology we propose works without key storage, eliminating the need for secure memory. Onestill needs a reliable e-signature creation device, but this device stores zero user-specific information(when turned off, i.e., not during signing): therefore, even stealing the device will not allow an attackerto forge signatures.
Proposed technology
An alternative to the above is proposed where the private key is not stored on the device or anywhereelse. Instead, it's generated each time the user signs a document based on the user's memory. Thisdiffers from password-based authentication in at least two major factors: first, instead of somethingnew to remember, it's based on already existing memory of the user; second, instead of authentication,it's used as the input of the key generation. This means much more information than a simple password,which then becomes the entropy source of randomness in key generation.
To model the key generation, we first define a 'query'. This can be: • An actual form of questions, to be answered completely or partially, based on knowledge ofuser (past events, personal information, choices) • A set of information (e.g. words or images) of which the user chooses a subset • A rhythm that's recorded via e.g. a microphone o This can either be a rhythm known by the user, or o A list of questions/words in a temporal format (e.g. recorded questions, song), for whichthe user can 'tap' to mark words. The method of which words are marked is based onwhat the user associates with (e.g. existing memories). This allows for using contextualmemory to be serialized to binary information and be used as an entropy source.
These unanswered queries can be stored in a central server and can be shared amongst multiple users;similarly, a user can use multiple queries. Filling the query is done while initializing the device. Thisprovides sufficient entropy for key generation. Note that this is likely still correlated information,therefore further transformation might be needed; additionally, an error-correcting code might beapplied so that a given tolerance is allowed on the answers of the query. After this, the transformed(and error-corrected) code is fed - as an initialization vector - to the cryptographically securepseudorandom generator that's used to generate keys. Thus, the generation of public-private keypair isno longer a random process. It's based on a pseudorandom generator that is initialized with an inputfrom the user, and this input is the same for each device initialization (key generation) of the user. Thus,the resulting key will be the same each time.
Thus, the technology consists of the following blocks: (note that "entropy" is actually well-determinedfrom the user's point of view and seems random only to the attacker) IV: initialization vector CSPRNG: cryptographically-secure random number generator LU100728
Proposed arrangement for secure signature generation
As described in the chapter on current technological level, simply implementing a signature algorithmon a PC/smartphone (or other general-purpose device which might be infected or hacked) is potentiallyvulnerable to multiple kinds of attacks: in this case, even key theft. Thus, one should only use theprotocol described on a secure device, even if the memory of the device can be cleaned after theprocess. Previously, secure memory was needed and the device was associated with a single user. Now,memory only needs to be secure until the end of the signature creation (because the key only exists inthe device during signature creation) and, while the device should be kept by the user (to lower the riskof fraudulent/insecure devices), if it's lost, it's not associable in any way to the user.
The recommended arrangement contains therefore: • A communication unit that allows input of document proposed for signing and output of signeddocument (or the signature) in some format • A display to view the document to be signed o In a preferred arrangement, this is a display that allows viewing for only the user(s) ofthe device (such solutions are e.g. virtual retinal display or head-mounted display) o In other arrangements, this might be a textual or audio/visual display • Secure input device to control the flow of the presentation of the document and confirm orreject signature creation and input of the query answers o Ina preferred arrangement the query answers are input as selections amongst displayeditems (words, pictures)
Either one per set, or Multiple choice per set o In another preferred arrangement (which can be combined with the previous), the inputis a temporal-coded binary information, e.g., A complex rhythm that the user knows A sequence of 'taps' (answers) that selects words (or other information) from atemporal query (e.g., words of a song selected, yes-no answers to questionsthat are recorded, et. al.) • Secure processing unit that's capable of creating signatures when connected to the abovedevices o Ina preferred solution, it has internal memory that can be cleaned after the signaturecreation
List 1. Proposed Arrangement
All of these must be connected in a way that external tampering is noticeable, eavesdropping ispractically impossible and the device is completely under the control of the user (i.e., very lowprobability of external hacking or virus infection as the device is built for this specific purpose).
Note that the requirements on secure memory are relaxed: the condition that the memory must be ableto store secure information - private key - in a way that can't be extracted even after (temporarily or LU100728 permanently) losing access to the device is dropped; instead the requirement is simply that the memorymust resist tampering and external read attempts during the signature creation. A possible use case is when the memories used are distributed amongst users (e.g. in a company), sothat the query can be filled if a given number of them is available. In this case it's possible to storesigned and encrypted documents either as a blockchain, or, preferably, as a tree of BitTorrent magnetURLs, each torrent containing documents or further URLs and a signature of some clients that theyverified each and every signature in the chain. This allows for distributed storage and voting on what'saccepted.
Another possible use case is when the documents are encrypted, not just signed, which might be viablein case of private sensitive or corporate sensitive information. A possible use of the device is to make BitCoin, Ethereum and other cryptocurrency transfers and smartcontracts more secure.
[FIPS 186] Federal Information Processing Standards Publication 186: Digital Signature Standard (DSS),1994 May 19, http://www.umich.edu/~x509/ssleay/fipl86/fipl86.htm [FIPS 186-4] Federal Information Processing Standards Publication 186-4: Digital Signature Standard (DSS- ECDSA), 2013 Jul, http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf [RSA 78] R.L. Rivest, A. Shamir, and L. Adleman: A Method for Obtaining Digital Signatures and Public-
Key Cryptosystems, Communications of the ACM Vol 21. Issue 2, Feb. 1978
Claims (2)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
LU100728A LU100728B1 (en) | 2018-03-12 | 2018-03-12 | Human memory-based key generation and retrieval protocol arrangement for secure electronic signature generation |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
LU100728A LU100728B1 (en) | 2018-03-12 | 2018-03-12 | Human memory-based key generation and retrieval protocol arrangement for secure electronic signature generation |
Publications (1)
Publication Number | Publication Date |
---|---|
LU100728B1 true LU100728B1 (en) | 2019-10-01 |
Family
ID=61899329
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
LU100728A LU100728B1 (en) | 2018-03-12 | 2018-03-12 | Human memory-based key generation and retrieval protocol arrangement for secure electronic signature generation |
Country Status (1)
Country | Link |
---|---|
LU (1) | LU100728B1 (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080263361A1 (en) * | 2007-04-20 | 2008-10-23 | Microsoft Corporation | Cryptographically strong key derivation using password, audio-visual and mental means |
US7962761B1 (en) * | 2009-12-18 | 2011-06-14 | CompuGroup Medical AG | Computer implemented method for generating a pseudonym, computer readable storage medium and computer system |
US20160127327A1 (en) * | 2014-11-05 | 2016-05-05 | Microsoft Technology Licensing, Llc. | Roaming content wipe actions across devices |
-
2018
- 2018-03-12 LU LU100728A patent/LU100728B1/en active IP Right Grant
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080263361A1 (en) * | 2007-04-20 | 2008-10-23 | Microsoft Corporation | Cryptographically strong key derivation using password, audio-visual and mental means |
US7962761B1 (en) * | 2009-12-18 | 2011-06-14 | CompuGroup Medical AG | Computer implemented method for generating a pseudonym, computer readable storage medium and computer system |
US20160127327A1 (en) * | 2014-11-05 | 2016-05-05 | Microsoft Technology Licensing, Llc. | Roaming content wipe actions across devices |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Lu et al. | Lightweight public key authenticated encryption with keyword search against adaptively-chosen-targets adversaries for mobile devices | |
US9740849B2 (en) | Registration and authentication of computing devices using a digital skeleton key | |
CN110958219B (en) | SM2 proxy re-encryption method and device for medical cloud shared data | |
CN109543434B (en) | Block chain information encryption method, decryption method, storage method and device | |
US9641328B1 (en) | Generation of public-private key pairs | |
CN110380846B (en) | Electronic medical record patient signature method and system | |
US11251949B2 (en) | Biometric security for cryptographic system | |
EP3038287A1 (en) | General encoding functions for modular exponentiation encryption schemes | |
WO2010099603A1 (en) | Split key secure access system | |
CN111512590B (en) | Homomorphic encryption for password authentication | |
US11693944B2 (en) | Visual image authentication | |
US11128453B2 (en) | Visual image authentication | |
US11716191B2 (en) | Method, apparatus, and computer-readable medium for searching polymorphically encrypted data | |
KR20080025121A (en) | Generating a secret key from an asymmetric private key | |
CN107566360B (en) | A kind of generation method of data authentication code | |
US20040228485A1 (en) | Method and apparatus for the generation of public key based on a user-defined ID in a cryptosystem | |
CN109831306B (en) | Anti-quantum computation ring signature method and system based on multiple key pools | |
EP4300338A1 (en) | Computer file security encryption method, computer file security decryption method, and readable storage medium | |
CN115567188A (en) | Multi-key value hiding intersection solving method and device and storage medium | |
CN111125456B (en) | Virtual bit password comparison method, system and intelligent lock | |
CN110771190A (en) | Controlling access to data | |
CN113688399A (en) | Firmware digital signature protection method and device, computer equipment and storage medium | |
CN116108497B (en) | Medical data lightweight cloud storage method and device based on identity anonymity | |
LU100728B1 (en) | Human memory-based key generation and retrieval protocol arrangement for secure electronic signature generation | |
CN109787773B (en) | Anti-quantum computation signcryption method and system based on private key pool and Elgamal |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
FG | Patent granted |
Effective date: 20191001 |