Recovery of Encrypted Mobile Device Backups ... - ACM Digital Library

Recovery of Encrypted Mobile Device Backups from Partially Trusted Cloud Servers Omid Mir

René Mayrhofer

Institute of Networks and Security Johannes Kepler University, Linz, Upper Austria [email protected]

Institute of Networks and Security Johannes Kepler University, Linz, Upper Austria [email protected]

Michael Hölzl

Thanh-Binh Nguyen

Institute of Networks and Security Johannes Kepler University, Linz, Upper Austria [email protected]

Institute of Networks and Security Johannes Kepler University, Linz, Upper Austria [email protected]

ABSTRACT

KEYWORDS

Including electronic identities (eIDs), such as passports or driving licenses in smartphones transforms them into a single point of failure: loss, theft, or malfunction would prevent their users even from identifying themselves e.g. during travel. Therefore, a secure backup of such identity data is paramount, and an obvious solution is to store encrypted backups on cloud servers. However, the critical challenge is how a user decrypts the encrypted data backup if the user’s device gets lost or stolen and there is no longer a secure storage (e.g. smartphone) to keep the secret key. To address this issue, Password-Protected Secret Sharing (PPSS) schemes have been proposed which allow a user to store a secret key among n servers such that the user can later reconstruct the secret key. Unfortunately, PPSS schemes are not appropriate for some applications. For example, users will be highly unlikely to remember a cryptographically strong password when the smartphone is lost. Also, they still suffer from inefficiency. In this paper, we propose a new secret key reconstruction protocol based recently popular PPSS schemes with a Fuzzy Extractor which allows a client to recover secret keys from an only partially trusted server and an auxiliary device using multiple key shares and a biometric identifier. We prove the security of our proposed protocol in the random oracle model where the parties can be corrupted separately at any time. An initial performance analysis shows that it is efficient for this use case.

Secret key reconstruction, Password-Protected Secret Sharing, Digital identity, Cloud backup

CCS CONCEPTS • Security and privacy → Cryptography; Database and storage security; • Human and societal aspects of security and privacy → Usability in security and privacy; • Network security → Security protocol; Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]. ARES 2018, August 27–30, 2018, Hamburg, Germany © 2018 Copyright held by the owner/author(s). Publication rights licensed to the Association for Computing Machinery. ACM ISBN 978-1-4503-6448-5/18/08. . . $15.00 https://doi.org/10.1145/3230833.3232815

ACM Reference Format: Omid Mir, René Mayrhofer, Michael Hölzl, and Thanh-Binh Nguyen. 2018. Recovery of Encrypted Mobile Device Backups from Partially Trusted Cloud Servers. In ARES 2018: International Conference on Availability, Reliability and Security, August 27–30, 2018, Hamburg, Germany. ACM, New York, NY, USA, 10 pages. https://doi.org/10.1145/3230833.3232815

1

INTRODUCTION

Moving various aspects of an electronic identity (eID) into mobile devices is a growing trend; photo ID documents [18, 19] are already being implemented on smartphones1 as well as mobile payment wallets [16] and tokens for two-factor authentication2 . Other (less security-critical) aspects include loyalty cards for shops, public transport tickets, or simple age verification in various use cases [6, 18, 29]. A general approach is to transform these elements of eIDs from formerly physical cards into software components (often hardware-backed) on mobile devices. However, this trend also creates a major single point of failure. Loss, theft, or simple malfunction of the smartphone becomes highly problematic when a user relies on the smartphone for identification and payment as well as communication. It is therefore clear that all such critical elements need to be backed up in encrypted form, allowing owners to recover them on a new device if necessary –potentially under time pressure and outside of their normal, trusted environments (e.g. when losing a device during travel). In addition, security and also usability problems appear with decryption of this encrypted data backup if user’s device gets lost or stolen and there is no longer a secure storage (e.g. smartphone) to keep a secret key for decryption. Informally, we define our main user scenario as follows: an individual, Alice, using her smartphone as digital identity such as a passport and credit card wallet. The smartphone regularly creates a backup of all encrypted data, including the payments and eID data. If her phone is stolen, then she needs to acquire a new, compatible device and restores her private eID and payment data within a short 1 Our

research group is currently implementing a prototype of the Austrian mobile driving license on Android smartphones with off-line verification, strong privacy guarantees, and scalable revocation. Details will be published in future work. 2 E.g. by implementing the FIDO U2F or UAF protocols on smartphones with fingerprint sensors.

ARES 2018, August 27–30, 2018, Hamburg, Germany time frame and probably under great stress. She should have the ability to recover her secret key to decrypt her private eID data. Note that the additional complexities of locking/wiping/revoking her stolen phone, paying for her new device before recovering the virtual wallet, or verifying that the new device is genuine (which is a hard problem even for previously used devices [18]) are out of scope of the current work. Currently, the problem of backing up smartphones (not specifically eIDs) is typically approached with implicitly trusted cloud services by the respective device or OS manufacturers. Although these services may potentially be made secure with significant technical efforts (cf. the recent public presentation of the Apple cloud keystore [23]), they still require complete trust in the operator (secure hardware), which is exactly what we want to prevent. Therefore, for decrypting backup data on a new device during recovery, we cannot rely on a trusted execution environment (TEE) or other secure hardware to protect a private key. So, we assume the original device (from which the backup had been created) to be completely unavailable (Alice’s phone was stolen). An obvious (and naive) approach is to directly derive a cryptographic key from a user-provided password, locally encrypt/decrypt, and sign/verify all backup data before sending it to the cloud service. In this case, the service provider would only need to be trusted for providing availability, but not for keeping confidentiality of the stored data. Current approaches for full-device backups typically use such a method (including both the Android and iOS platforms at this time). However, the well-known difficulty of remembering passwords with high entropy [31] is even more of a problem for the recovery of eIDs: such a recovery password would only be used very rarely (if at all) and often under stress. At the same time, it needs to be of higher entropy than typical login passwords, otherwise a simple offline dictionary attack would allow the attacker to achieve a weak password. Therefore, a simple password-based key derivation function (PKDF) does not seem to be an appropriate solution, and on-device encryption methods have already been extended by including a hardware-based key part in the derivation function (first on iOS, now also on Android platforms). Recently proposed Password-Protected Secret Sharing (PPSS) schemes allow a user to reconstruct a high-entropy secret from a single (human-memorable) password, by communicating with at least t + 1 honest servers (among n possible ones) where the best attacks are online brute force attacks [4, 8, 15, 20]. However, they still suffer from some problems, for example, inefficiency. This is because the PPSS schemes need to communicate with n servers and potentially rely on computationally complex operations like zero-knowledge proofs [20, 21]. In addition, the schemes are not usable for many applications such as our main scenario, as the user still needs to remember her password until the recovery phase. Moreover, in many cases the password is not the only thing the user should remember, they also need to securely remember some of the initially trusted servers in the setup to avoid interacting with t + 1 bad servers in a reconstruction phase (e.g. phishing attack). To address these problems, we propose a new construction to restore a secure key. Indeed, we reduce the required level of trust in cloud services for backup and recovery of security- and privacycritical data on smartphones, with a particular focus on the use

Omid Mir, René Mayrhofer, Michael Hölzl, and Thanh-Binh Nguyen case of eIDs. In our protocol, a user can securely recover the secret key on a new device using her biometric. Our approach therefore relies on the following two aspects to enable authenticated recovery from partially trusted cloud services: (1) Users authenticate themselves to the server with biometric identifiers which are part of the key derivation function based on a fuzzy extractor. Individuals therefore do not have to remember strong passwords. Note that we do not assume biometric identifiers (specifically fingerprint data within the scope of this paper) to be confidential against sufficiently dedicated adversaries. (2) To increase the entropy of the biometric template for avoiding biometric information leakage, an additional key part is added in the key derivation, akin to the device-specific, hardware-based keys currently used for on-device encryption. As we cannot rely on a single secure hardware component to be available, we split this key into shares that need to be combined during recovery. For instance, Alice can keep one of these shares online in a cloud service, and keep a second one on an auxiliary device. Our major contributions are as follows: • We design a new architecture and protocol to reconstruct a secret encryption/decryption/signature key for cloud backups using a biometric factor and a fuzzy extractor. • To the best of our knowledge, this protocol is the first provablysecure secret key reconstruction protocol using biometrics which can be used in cases where the user’s mobile device is stolen or lost. Similar to PPSS schemes, our scheme does not rely on a trusted server and does not require a secure storage to store the secret key. • Third, we define a formal security model for our proposed protocol and carry out a detailed security analysis to prove that the proposed protocol is provably secure under a realistic threat model. • In the performance section, we demonstrate that our protocol is more efficient than PPSS schemes and practical for cloud backup environments.

2

RELATED WORK

An approach to secretly backing up the credentials of smart-phones has been recently presented by Ivan Krstić, Head of Security Engineering and Architecture at Apple [23]. In their concept of a cloud key-store, they encrypt the credentials with a random backup ("escrow") key and further protect it with a user-defined iCloud Security Code (iCSC). This escrow key is stored inside a tamper-resistant computer, a so-called Hardware Security Module (HSM), on the Apple server infrastructure. As this key never leaves this tamperresistant hardware, decryption of the smart-phone credentials can only be done within this HSM and by providing the correct iCSC. To further protect the credentials and the escrow key from being disclosed, Apple destroys the access keys for the administration of these HSMs (i.e. keys to program the HSM), locking even themselves out. However, this system still requires some trust in the operator. Even though the organization tries to prevent itself from

Recovery of Encrypted Mobile Device Backups from Partially Trusted Cloud Servers ARES 2018, August 27–30, 2018, Hamburg, Germany being able to extract previously stored key material with tamperresistant hardware and delete the access keys to that hardware, the implementations and processes for new backups can always be changed without users being able to notice. Recently, secret sharing protocols with password protection have been provided with a way to solve this problem and remove the tamper-resistant hardware. The first Password Protected Secret Sharing scheme was proposed by Bagherzandi et al. [4]. Their protocol lets a user spread a secret key among different servers, and then reconstructs the secret key from the user’s password, by communicating with at least t + 1 honest servers (among n servers). The scheme has an initialization phase where the user interacts with any of a set of n servers. After that each server reserves some public information related to the user, including the public information is a function of the secret key sk, the password pw and the server names Si . When a user needs to retrieve the secret key sk, she runs a reconstruction protocol by interacting with at least t + 1 servers where the only input from the user is the password pw. However, the authors assume an additional PKI. Furthermore, if an adversary can catch the key pair of one server, he has the ability to run an offline attack [1]. In a subsequent work, Camenisch et al. [9] introduce a PPSS protocol for Threshold Password-Authenticated Secret Sharing T-PASS, that does not require PKI authentication during the reconstruction phase. However, their scheme is still expensive, the cost of their scheme is 14 client exponentiations per server and 7 exponentiations for each server. It also requires 10 messages between a user and each server in the secret reconstruction phase. Yi et al. [31] propose a lightweight TPASS based on distributing a password, a secret key and a digest of the secret key. However, in the reconstruction protocol, at least t servers perform a broadcasting protocol to obtain and return the ElGamal encryptions of both the secret and the digest, then users can verify the secret key. Camenisch et al. [10] propose an efficient protocol that is not based on robust secret sharing scheme or zeroknowledge. Nevertheless, it is not able to detect which shares are valid. Since that if a password is incorrect, the user’s failure happens at the end of the verification step and their scheme needs to restart again with a different set of servers, which leads to DoS attacks. Jarecki et al. [20] present a PPSS scheme that uses a Verifiable Oblivious Pseudorandom Function (VOPRF) to avoid easy DoS attacks. Indeed, it guarantees that the user detects which server has tried to cheat or which communication has been changed. Jarecki et al. [21] improve the cost of this VOPRF scheme by giving up the robustness property (the capability to eliminate wrong computations during communication with servers). In addition, this can be an efficient method with a few servers. However, the user is unable to detect the cheating servers. Recently, Abdalla et al. [1] propose two efficient Oblivious Pseudorandom Random Function OPRF constructions to overcome this drawback: the first one is based on the One-More Gap Diffie-Hellman assumption. The second scheme is an oblivious evaluation of the NaorReingold PRF, based on the sole DDH assumption. Their main contribution is the efficient realization of the robustness in only one round of communication with each server. They also avoid any complex zero-knowledge proof. Although their scheme is much more efficient than related PPSS schemes, it is still expensive (because it needs to communicate with many servers). In addition, if the user enters a wrong password, previous definitions confront with failure which leads to extra computations.

3

PRELIMINARIES

In the proposed protocol, we use the elliptic curve diffie-hellman to exchange information securely and also use a fuzzy extractor with biometrics to reconstruct secret keys.

3.1

Mathematical Problems

Elliptic Curve Discrete Logarithm Problem (ECDLP): For two points P, Q ∈ G, it is difficult to find integer x ∈ Zq to fulfill equation Q = x · P. Elliptic Curve Diffie-Hellman Problem (ECDH): Given two points R, Q ∈ G 1 , the goal of the ECDH problem is to find a point xy · P in polynomial time, where Q = y · P, R = x · P and x, y are two unknown elements in Zq .

3.2

Fuzzy Extractor

The fuzzy extractor is provided by Dodis et al. [14]. We summarily explain the basic concepts and the notions associated to the fuzzy extractor system. Definition: (Fuzzy Extractor (FE)). A FE is presented with two procedures (Gen, Rep). The FE is officially defined as follows: 1. (Gen) receives biometric B entered by the user, then the procedure will output a random string σ and a random auxiliary string ϑ . Note that, (Gen) is a probabilistic generation procedure. 2. (Rep) receives a near biometric entered B ∗ and the random auxiliary ϑ , then the procedure retrieves σ . Note that, (Rep) is a definitive reproduction procedure. In other words, if dis (B, B ∗ ) ≤ t where t is the difference tolerance, then Rep(B ∗ , ϑ ) = σ . We store ϑ to recover σ from the biometric, when B and B ∗ are adequately close, the string σ can be reproduced entirely. Then, we can use σ as an encryption/authentication key. A strong FE can extract l = | σ | approximately random bits and the probability to guess the biometric key data σ ∈ {0, 1}l by an attacker is approximately 21l [21,25].

4 SYSTEM MODEL 4.1 Network Model The system model of the proposed protocol for a cloud backup architecture includes three types of participants: a mobile user Ui , an authentication server AS as well as Fi as an auxiliary device. • AS: responsible for the registration of users and provides general information to the registered users. In addition, it generates the global system parameters. • Ui : mobile users who can send a request message to the auxiliary device and the AS. After successful verification by the AS, the users can query their information from the AS and an auxiliary device. The users can use this information in order to restore their secret key using their own biometric. • Fi : An auxiliary device of the user Ui (such as a laptop, either a cloud storage or smartphone). It helps the user by providing some auxiliary information to return the secret key. Note that users can select several auxiliary devices to keep the same information where users can recover the secret key if one of these auxiliary devices is online.

ARES 2018, August 27–30, 2018, Hamburg, Germany Table 1: The notions Symbol

Description

σ SK = h(σ .PpubAS ) d AS PpubAS = d AS .P k Ppub F = k.P h() H () Enc k ()/Dec k ()

Master key of the user Secret key of the user Private key of the authentication server Public key of the authentication server Private key of the auxiliary device Public key of the auxiliary device A one-way hash function A one-way Bio-hash function An encryption/decryption function

4.2

Threat Model

In order to demonstrate the security of proposed protocol, we determine the capabilities and possible actions of an attacker. We consider a probabilistic polynomial-time attacker that has perfect control of the communication channels: he can eavesdrop all messages in the public channels, and also modify, remove and add messages to the network. The attacker can at any time corrupt a party, in which case the attacker knows all the long-term secrets (such as private keys or master shared keys). To clarify the threat model, a user Ui can initiate the creation of an account with her username and biometric with the authentication server AS and the auxiliary device Fi to restore a secret SK using a biometric Bi . We assume that if at least either the authentication server or the auxiliary device is honest, the biometric Bi and the secret key SK remain secure from the adversary. If both AS and Fi are corrupted, the adversary has access to all information stored on them. Then, the best chance for the adversary to obtain the secret key is running an offline brute force attack upon the user’s biometric (False match). However, in the security analysis section, we show that if user chooses a strong and appropriate biometric match threshold, the possibility that an adversary extracts the secret key is near to zero. Nevertheless, in our threat model, we consider that at least one of the AS or the auxiliary device is honest.

5

THE PROPOSED SCHEME

Thanks to fuzzy extractors [13, 14], we present the notion of the secret key reconstruction using biometrics when a user loses his/her phone as a new concept in the area of cloud backup. The proposed protocol includes two main phases. First, in the initialization phase, the suggested protocol operations and system setup are defined. We assume that the authentication server stores a table for each user (before he/she lost their phone). Moreover, we assume the secret key is SK = h(σ .PpubAS ) which the user wants to restore. Obviously, SK can be used as a secret key to decrypt encrypted eIDs. Second, the reconstruction phase will be in on-line mode with the AS and the Fi to retrieve the secret key SK. Some notions used throughout the paper and system setup in the proposed protocol are described in Table 1.

Omid Mir, René Mayrhofer, Michael Hölzl, and Thanh-Binh Nguyen

5.1

Assumptions

Our protocol requires the following assumptions: the authentication server can register it’s public key, for example, using certificate pinning and then the user can look up the public key. This is a reasonable assumption in the reconstruction phase because there is only one authentication server and also phone theft happens rarely. In addition, the AS and the Fi define the maximum number of reconstruction requests, which ensures no online guessing attack.

5.2

System Setup Phase

The AS executes the following steps to generate the system private key and the system parameters. (1) AS chooses an elliptic curve E (Fp ) defined on Fp for example Curve25519, and a generator P with the order q. (2) AS randomly chooses an element d AS ∈ Zq as the private key and computes the corresponding public key PpubAS = d AS .P (3) AS selects two secure hash functions h : {0, 1}∗ → Z ∗ , for instance using SHA3-512 and a one-way Bio-hash function H () [22]. (4) AS publishes {p, q, E (Fp ), P, PpubAS } and saves d AS secretly.

5.3

Initialization

The user’s purpose is to produce a secret key SK so that the user can retrieve it with the aid of the authentication server and the auxiliary device, just using her biometric. The user thus runs an initialization protocol with the authentication server and the auxiliary device. Finally, the user terminates with a random key SK. As shown in Figure 1, the following steps are executed by the user, AS and Fi . The user imprints her personal biometric impression Bi at a sensor. Then, Ui uses fuzzy extractor to compute (σ , ϑ ) = Gen(Bi ), where σ is the random secret value which the user uses to reconstruct the secret key SK. In addition, the auxiliary string ϑ for the commitment which is used to restore the secret value σ . Then, the user generates the shares of the auxiliary string ϑ as (ϑ F , ϑ S ) ←− ShareGen(ϑ ) using, for example, Shamir’s secret sharing algorithm [8, 28] and computes a verification information as L = h(H (Bi ) ∥ ϑ F ). In addition, Ui computes Com = h(σ , ϑ , SK ) and again splits this value Com as (C S , C F ) ←− ShareGen(Com). Then, Ui sends the set {C S , ϑ S , L} to the AS. On the other hand, the user executes the following steps to send the encryption of the pair {C F , ϑ F } to the auxiliary device: • Ui generates a random element r i , computes the scalar multiplication A = H (Bi ) · r i · P, and sends M 1 = {A} to Fi . • Upon receiving M 1 = {A} from the user, Fi computes X = k · A = k · H (Bi ) · r i · P using the secret key k and returns M 2 = {X } to Ui . • After receiving the messages M 2 = {X } from the auxiliary device, Ui computes Y = r i−1 · X = H (Bi ) · k · P D = h(Y )

(1)

V = Enc D (C F , ϑ F ).

(3)

(2)

Recovery of Encrypted Mobile Device Backups from Partially Trusted Cloud Servers ARES 2018, August 27–30, 2018, Hamburg, Germany

Figure 1: Initialization Phase At the end, the data V is stored on the auxiliary device and also the authentication server creates an account with the values {C S , ϑ S , L} for each user.

5.4

Reconstruction Phase

In the initialization phase, we assume that all communications are secured, and the messages are not modified during the communication. In the reconstruction phase, the adversary has control over the network. The adversary can also send fake data and may corrupt either the authentication server or the auxiliary device. The user needs to restore the secret key on a new device in order to receive the eID, while there is no other information available. First, the user sends an authentication request to the auxiliary device and receives the set {ϑ F , C F } from Fi . Then, the user sends an authentication message to the AS in order to verify the user and receives the other parts ϑ S and C S . At the end, the user can compute SK by combining the received information. As shown in Figure 2, the following steps describe the reconstruction phase in more details which are executed by the user, AS and Fi : (1) The user Ui generates a random number r j and computes A = r j · H (Bi ) · P. Then, Ui sends the message M 1 = {A} to the auxiliary device. (2) Upon receiving the message M 1 = {A}, the auxiliary device performs the following computation: X = k · A = k · r j · H (Bi ) · P

(4)

Finally, the auxiliary device sends M 2 = {X , V } to the user where V = Enc D (C F , ϑ F ) was previously stored in the initialization phase. (3) After receiving the message M 2 = {X , V } from the auxiliary device, the user computes: Y = r j−1 · X = H (Bi ) · k · P

(5)

D = h(Y )

(6)

{C F , ϑ F } = Dec D (V ).

(7)

(4) Ui generates the verification information by inserting her biometric and computes L∗ = h(H (Bi ) ∥ ϑ F ). Then, the user

Figure 2: Reconstruction Phase

encrypts EncpubAS {L∗ , A,T1 } where T1 is the current timestamp. Ui sends the authentication message M 3 = {EncpubAS (L∗ , A),T1 } to the AS. (5) After receiving the message M 3 = {EpubAS (L∗ , A),T1 } from the user, AS acquires the current timestamp T2 and checks if (T2 − T1 ) > △T , where △T is the maximum time interval for transmission delay. If so, then AS rejects the login request; otherwise decrypts the message and looks up L∗ in its database if an entry is found, the user is authenticated and AS continues calculating: S = d AS .A ω = Ench (S ) (ϑ S , C S ) H 2 = h(ϑ S , C S , S, PpubAS , ω)

(8) (9) (10)

Finally, AS sends the message M 4 = {PpubAS , H 2 , ω} to the user. (6) Upon receiving the message M 4 = {PpubAS , H 2 , ω}, Ui computes S ∗ = H (Bi ) · r j .PpubAS {ϑ S , C S } = Dech (S ∗ ) (ω) H 2∗ = h(ϑ S , C S , S ∗ , PpubAS , ω)

(11) (12) (13)

and checks whether H 2 and H 2∗ are equal. If they are not equal, Ui terminates the session. Otherwise, the user combines ϑ S and ϑ F to reconstruct the auxiliary string ϑ . Also, the user combines C S and C F to reconstruct Com. (7) The user now uses Rep procedure of the fuzzy extractor to compute Rep(Bi∗ , ϑ ) = σ . Then, the user computes the secret key as SK = h(σ .PpubAS ) and Com ∗ = h(σ , ϑ , SK ). Finally, it checks whether Com ∗ = Com holds or not. If it holds, the secret key is correct.

ARES 2018, August 27–30, 2018, Hamburg, Germany

6

SECURITY ANALYSIS OF THE PROPOSED SCHEME

We illustrate that the proposed scheme is provably-secure in a strong security model and prove all security requirements under the random oracle [5, 12, 25]. In our security analysis, the adversary tries to retrieve the secret key of the user from the transmitted messages and AS table of the user’s information or Fi ’s database. Generally, we demonstrate that our scheme is secure against secret key attack and other related attacks.

6.1

Security Model

In the security model, we analyze the security of the proposed scheme against a polynomial time adversary A∗ to demonstrate that the possibility of break the secret key in our scheme is negligible. In this case, the attacker has the ability to compromise either the authentication server or the auxiliary device to reveal their private keys [2, 24]. The adversary’s capabilities are modeled by various flows queries. Before we define these queries, we introduce three types of participants in our proof: the Mobile Pi , the authenQp Q tication server AS and a challenger C. Note that P and sAS are i instances p and s of Pi and ASi , respectively. These are explained as oracles. The formal security of the secret key is based on a game involving a challenger C and a polynomial time adversary A∗ , which is described as follows. During the game, the attacker A∗ is permitted to make the following queries that are responded by the challenger C. h(m): C maintains a list Lhi , which is initialized empty. Upon receiving the query, C checks if Lhi contains (m, r ). If so, C returns r to A∗ ; otherwise, C picks a number r randomly, stores (m, r ) in Lhi and returns r to A∗ . Qp Q Execute ( P , sAS ): It is performed by A∗ in order to get the i messages transmitted among two truthful parties. This is modeled as an eavesdropping attack. Qp Q Send ( P , sAS ): This query is appropriate for modeling an i active attack. A∗ has the ability to modify the message transmitted Qp Q and sends it to a parties instance P and sAS and waits to receive i a response message. Corrupt (P): This query models the corruption ability of the adversary A∗ . It produces the private key of the participant P which can be AS or Fi and also extracts data stored into them. Qp Test ( P ): This oracle query is defined to simulate symmetric i secret keys semantic security. Upon receiving the query, C chooses Qp a random bit b ∈ {0, 1}. If b = 1, C returns the secret key of P to i A∗ ; otherwise (b = 0), C generates a random number and returns ∗ it to A . Semantic security, In the random model, the adversary is challenged in an experiment to distinguish between an instance’s real user secret key SK and a random number. After carrying out the above queries, A∗ makes its guess b ′ of b generated in Test-query. We say A∗ breaks the security of the scheme, if A∗ correctly guess ′ b and wins the game where b ′ = b. Let Succ P denotes the event in which the adversary can suc′ cessfully guess as b and wins the game. The advantage of A∗ in breaking the security of the protocol is defined to be: Adv P = [2.Pr [Succ P ] − 1]

Omid Mir, René Mayrhofer, Michael Hölzl, and Thanh-Binh Nguyen We say that proposed protocol provides reasonable security if the advantage is negligible Adv P ≤∈.

6.2

Security Proof of the Proposed Protocol

Theorem1 (encryption/decryption secret key security): based on the assumptions, our scheme is provably secure against a polynomial time adversary for deriving the secret key of a user in the random oracle. The probability that the adversary breaks the secret key security of the proposed scheme P by A∗ is Adv P ≤

qh2 |HASH |

+ 2.qs .max {(

1 1 , ϵbm · m )}+ 2 2l 2.Adv PEC DLP (t )

Where qh , qs , |HASH |, Adv PEC DLP (t ) and ϵbm define the number of Hash queries, the number of send queries, the range space of the hash function, the advantage of A∗ in breaking the ECDLP problem and the possibility of accidental guessing of "false positive" respectively. Let l =| σ | and m =| ϑ F | or | ϑ S |, be the length of string in the random secret value σ and ϑ F (or ϑ S ) respectively. Security Proof: We assume, there is a probabilistic polynomial time challenger C that can break a one way hash function and the ECDLP problem by cooperating with the adversary. We denote a sequence of games GAMEi , where i = [0, 4]. Suppose, Succ i defines the event where the adversary succeed in guessing the bit b in GAMEi and wins the game. The games start from GAME 0 as a real attack against the proposed scheme P and finish with the game GAME 4 that maintains a negligible advantage of breaking the secret key. GAME 0 This game represents the real attack by A∗ against the protocol P in the random oracle model. At the beginning of this game, the bit b is chosen at random. By definition, we have Adv P = [2.Pr [Succ P ] − 1] GAME 1 : In this game, we simulate all the oracles (The Execute, Send, and Test oracles) for each queries and keep three lists to store the answers to the oracles. It has to make a decision whether the output of Test is the real secret key or a random number. From the simulation, we can see that the transcript distribution of the game GAME 0 and GAME 1 are indistinguishable from the real experiment. Therefore, message eavesdropping cannot help to increase the winning possibility of the A’s game. We have, Pr [Succ 0 ] = Pr [Succ 1 ] GAME 2 : In this game, we simulate all the oracles in game GAME 1 , except that we stop all executions in which a collision happens in the transcript. It transforms GAME 1 into GAME 2 by adding the simulation of both the Send and Hash oracles. GAME 2 creates an active attack where the adversary tries tricking a participant into accepting a forged message. Adversary calls several Hash queries to find hash collisions. Thus, games GAME 1 and GAME 2 are indistinguishable unless the collusions of group points and hash value happen. According to the birthday paradox result [7] we obtain the following: Pr [Succ 1 ] − Pr [Succ 2 ] ≤

qh2 2.|HASH |

Recovery of Encrypted Mobile Device Backups from Partially Trusted Cloud Servers ARES 2018, August 27–30, 2018, Hamburg, Germany GAME 3 : This game GAME 2 is converted to GAME 3 by simulating the corrupt oracle and the attacker gets long term key and data stored from AS or Fi . Then, A∗ tries to obtain the secret key SK from guessing the values σ . Note that a strong fuzzy extractor is used in our protocol P, which can extract at most l nearly random bits. The guessing probability of the biometric key σ ∈ {0, 1}l by A∗ is approximately 21l [14, 27]. Furthermore, we should consider the possible accidental guessing of "false positive" case with probability ϵbm . For instance, as shown in Figure 3, the authors used the fuzzy extractor on the fingerprint database for results and analysis. Obviously, if the user chooses appropriate threshold around 10, we then obtain very good security. In practice, the possibility that false match happens and the usability of the system are approximately 0 and 70 percentage respectively [3]. Nevertheless, the adversary needs to guess ϑ F or ϑ S to find string value ϑ (since each of AS or Fi only has one part of the value ϑ ). As a whole, if the length of the string ϑ F or ϑ S is m =| ϑ F | or | ϑ S | bits, the guessing probability under this case is at most Pr [Succ 2 ] − Pr [Succ 3 ] ≤ qs .max {(

1 1 , ϵbm · m )} 2 2l

GAME 4 : In the last game, the notion of this security feature is that the adversary A∗ cannot obtain the secret encryption key even if A∗ can run corrupt oracle model. The adversary A∗ goal is to compute Qp Q the secret key SK in the above case by asking Execute P , sAS i queries and corresponding Hash queries. The session transcripts M 3 = {PpubAS , H 2 , ω} and M 2 = {V , X } are available to the adversary where V = Ench (D ) {ϑ F , C F } and X = k.A = k.H (Bi )r j .P. A∗ should ask a Hash query to win, and the ECDLP problem is broken. Nevertheless, the secret key SK is computed as SK = h(σ .PpubAS ), and computing SK using these values and available transcripts is computationally infeasible to the adversary. Thus, in the case that the adversary needs to solve the ECDLP problem to compute the secret key SK. As a result, the game GAME 3 and the game GAME 4 are indistinguishable as long as the ECDLP assumption holds, due to the random self-reducibility of the ECDLP problem. We can obtain SK 1 ′ in the list La with the probability . Let t be the running time qh ′ in all, and we can see that t = O (t + (qs + qe )Tpm ) where Tpm denotes the elliptic curve point multiplication operation in ECC and qe execution queries. So we have

Thus, using two Equations above, we have Adv P ≤

6.3

qh2 |HASH |

+ 2.qs .max {(

1 1 , ϵbm · m )}+ 2 2l 2.Adv PEC DLP (t )

Discussion

Security of Key Recovery: In the proposed scheme, the secret key SK = h(σ .PpubAS ) is established to encrypt/ decrypt eID data. To compute the secret key, the adversary needs to know both, the biometrics of the user and the secret value ϑ . However, according to the proof of Theorem 1, the adversary cannot compute these values without breaking the ECDLP problem, the security of hash function or compromising security of both the authentication server and the auxiliary device. However, as illustrated in Figure 3, even if both the Fi and the AS are corrupted, if we select a suitable threshold for example T = 10 in this experiment, the probability to find false match is near to zero. Nevertheless, we assume that either one of the authentication server or the auxiliary device should be honest to remain secure. Stolen Verifier Attack: In our scheme, {C S , ϑ S , L} is stored in a verifier-table for each of the user’s that is maintained by the authentication server. However, even if the adversary has access to this information, he cannot obtain any secret information of Ui without knowing the biometric and ϑ F . This is because, it is protected by the ECDLP and a hash function. This is also the same for adversary with access to the auxiliary device. Impersonation Attack: Suppose, the adversary wants to pass the fake login message E Ppub {L = h(H (Bi ) ∥ ϑ F )} to the authenAS tication server. According to the proof of Theorem 1, he cannot pass fake login message, because he/she does not know the secret value ϑ F and biometric Bi . Even if he gets ϑ F by compromising the auxiliary device, he only has ability to run online brute-force attack with the authentication server(in order to check if biometric guessed is correct or not). Note that we used timestamps to avoid a reply attack. Thus, our proposal protocol can resist user impersonation attacks.

′

Pr [Succ 3 ] − Pr [Succ 4 ] ≤ O (qh .AdvpEC DLP (t )) In addition, whatever the bit b involves in the Test-query, the answer is random. Therefore, A∗ gains no advantage to guess the correct bit b, we get Pr [Succ 4 ] = 1/2 from first equation, note that 1 1 .Advp =| Pr [Succ 0 ] − | 2 2 From all the games, we have | Pr [Succ 0 ] −

qh2 1 1 1 |≤ + max {qs ( , ϵbm · m )}+ l 2 2|HASH | 2 2 ′

O (qh .AdvpEC DLP (t )

Figure 3: False match rate (FMR) and False non match rate (FNMR) evaluation using fuzzy extractor and fingerprint on FVC2000 1a Database[3].

ARES 2018, August 27–30, 2018, Hamburg, Germany

Omid Mir, René Mayrhofer, Michael Hölzl, and Thanh-Binh Nguyen

Table 2: Comparison between our protocol and PPSS schemes Scheme [11] [20] [4] [9] [21] Our

(t+1,n)

ROM/STD

Client

Inter-server

Msg.

Commun.

(2,2) any any any any (2,2)

Std/ROM ROM ROM ROM ROM ROM

CRS CRS PKI Std CRS CRS/PKI

PKI none PKI PKI none none

8 2 3 10 2 2

O(1) O(n ) O(n ) O(n 2 ) O(n ) O(1)

Privileged Insider Attack: In the registration phase, the authentication server AS stores a random string ϑ S and {L = h(H (Bi ) ∥ ϑ F )}. Based on Theorem 1, it is very difficult for the authentication provider AS to run off-line guessing attacks on the user’s master key σ without the knowledge of his/her biometric and ϑ F , assuming the length of ϑ string is long enough [13]. Modification Attack: In the reconstruction phase, all messages from device and AS are protected with the secret keys D and S, as well as hash values H 2∗ and H 2 . Thus, the user can discover any modification of the response messages by checking these hash values. Therefore, the proposed protocol can resist modification attacks.

7

PERFORMANCE

We analyze the efficiency of the proposed scheme by computing the computation cost in the reconstruction phase. We also compare our scheme with some of the most efficient related works: Abdalla et al. [1], Jarecki et al. [21], Bagherzandi et al. [4], Jarecki et al. [20], Camenisch et al. [11], and Camenisch et al. [9]. For the simplicity of assessing computational costs, let Tecc ,Th ,Ts ,Thp ,Te be the time cost of executing an elliptic curve point multiplication, a hash function operation, an encryption/decryption operations, a hash to point function operation, and an exponentiation operation respectively. We also presume that the execution time needed for a fuzzy extractor in the worst case is the almost equal to an elliptic curve point multiplication [17]. Thus, the user phone in the proposed scheme needs to apply four elliptic curve point multiplication operations, seven general hash function operations one encryption/decryption operation: 4.Tecc + 7.Th + 1Ts . In addition, the verifier requires to carry out one elliptic curve point multiplication operation, one decryption operation and two general hash function operations as 1.Tecc + 2.Th + 1.Ts . The auxiliary device in the proposed scheme has to carry out one elliptic curve point multiplication operation as 1.Tecc . Instead, In Abdalla et al.’s OneMore-Gap-Diffie-Hellman-based PRF protocol [1] which is entirely similar to the first protocol from [21] that user needs to compute one hash to point, two exponentiations and one hash function for each server connection (client cost is t + 2 exponentiations). This means that the user’s computation time is (m + 1)Te + mTh + Thp where m = t + 1 is the number of the honest servers. In Table 2, to compare the computational complexity with related works, we extended the table from [20] where the threshold t is defined as the number honest servers among n possible ones. The last column (multi)exponentiations in a prime order group accomplished by the user and every server in the reconstruction phase. The costs in the PPSS schemes point to an idealistic assumption with no adversarial interference. The "total comm." column shows

Complexity Client | Server O(1) 2t+3 | 3 8t+17 | 16 14t+24 | 7t+28 t+2 | 1 O(1)

the number of exchanged group elements. The "msgs column" indicates the number of the messages per server. Analysis. In the recent years many research papers have previously implemented and evaluated cryptography operations, we exert the results of execution timings for different operations introduced in [17, 30]. The hardware platform is a Windows 7 64-bit PC, Intel Core i5-3210M CPU of 2.5 GHz, 8GB RAM, they get the running time for cryptographic operations using MIRACL library [26]. The existing experimental values of these operations are as follows: one hash operation requires 0.068 ms (millisecond), one block encryption/decryption requires 0.56 ms, one modular exponentiation requires 3.043 ms, and one scalar multiplication on elliptic curve requires 2.501 ms. Thus, the user execution time in our proposed scheme is around 4 × 2.501 + 7 × 0.068 + 0.56 = 11.04. In addition, verifier execution time is about 1 × 2.501 + 2 × 0.068 + 0.56 = 3.197 and for the auxiliary device side this time is 1 × 2.501 = 2.501. Table 3 indicates the computational efficiency of the client and each server (among t+1 honest servers) in the reconstruction protocol with various thresholds. In addition, we ignore operations other than exponentiations and elliptic curve point multiplications because their cost is insignificant in the comparison. Threshold is the number of servers that need to be honest among all the servers. This number depends on the concrete protocol implementation. For example, we consider three different thresholds for showing the performance of related works. Note that this is the minimum computation for the user, it can be more according to the number of the server responses to the user.

550 500 450 400 350 300 250 200 150 100 50 0 Our (2, 2)

[11] (4, 6)

[21] (6, 10)

[4]

[20]

[9]

(10, 18)

Figure 4: User’s Runtime of various protocols

Recovery of Encrypted Mobile Device Backups from Partially Trusted Cloud Servers ARES 2018, August 27–30, 2018, Hamburg, Germany Table 3: Computation costs comparison (millisecond)

Schemes [9]

(10, 18) User 150 Te ≈ 456.45 Each server 35Te ≈ 106.50

(t+1, n) Threshold (6, 10) 94Te ≈ 286.04 35Te ≈ 106.50

(2, 2) 52Te ≈ 158.23 35Te ≈ 106.50

[20]

User 21Te ≈ 63.90 Each server 3Te .9 ≈ 9.12

13Te ≈ 39.55 3Te ≈ 9.12

9Te ≈ 27.38 3Te ≈ 9.12

7Te ≈ 21.30 3Te ≈ 9.12

[4]

User 89Te ≈ 270.82 Each server 16Te ≈ 48.68

57Te ≈ 173.45 16Te ≈ 48.68

41Te ≈ 124.76 16Te ≈ 48.68

33Te ≈ 100.41 16Te ≈ 48.68

[21]

User 11.Te ≈ 33.47 Each server 1.Te ≈ 3.043

7.Te ≈ 21.30 1.Te ≈ 3.043

5.Te ≈ 15.21 1.Te ≈ 3.043

4.Te ≈ 12.17 1.Te ≈ 3.043

[11]

User Server 1 Server 2

19Te ≈ 57.81 26Te ≈ 79.11 30Te ≈ 91.29

19Te ≈ 57.81 26Te ≈ 79.11 30Te ≈ 91.29

Our

User Device Server

19Te ≈ 57.81 26Te ≈ 79.11 30Te ≈ 91.29

19Te ≈ 57.81 26Te ≈ 79.11 30Te ≈ 91.29

3.Tecc + Tf e ≈ 10 3.Tecc + Tf e ≈ 10 3.Tecc + Tf e ≈ 10 3.Tecc + Tf e ≈ 10 1.Tecc ≈ 2.50 1.Tecc ≈ 2.50 1.Tecc ≈ 2.50 1.Tecc ≈ 2.50 1.Tecc ≈ 2.50 1.Tecc ≈ 2.50 1.Tecc ≈ 2.50 1.Tecc ≈ 2.50

As illustrated in the Figure 4, we can see that the improvement of the proposed scheme over related works is impressive in the user’s device. Moreover, the costs of related works increases rapidly when raising the threshold. It is clear that, the proposed scheme has less computation cost than related schemes. So, our scheme is suitable for resource-constrained smart devices.

8

(4, 6) 66Te ≈ 200.83 35Te ≈ 106.50

CONCLUSION

In this paper, we proposed a new protocol to retrieve the secret key (when a smartphone is lost or stolen, which means the user has also lost the secret key), in order to restore an encrypted eID from a cloud server without completely re-enrolling in the eID system. Moreover, our protocol uses biometrics (such as fingerprint) as a replacement for password, thus it improves the usability by resolving the password memorability issue. The security analysis shows that the proposed scheme is secure under a realistic threat model, which includes adversarial control of cloud server. In addition, we showed that computation costs of the proposed protocol are reasonably cheap making it practical on current mobile devices. Finally, we showed that the proposed scheme is therefore a practical and feasible alternative to previously proposed PPSS protocols for recovering eIDs on mobile devices.

REFERENCES [1] Michel Abdalla, Mario Cornejo, Anca Nitulescu, and David Pointcheval. 2016. Robust password-protected secret sharing. In European Symposium on Research in Computer Security (PKC’05). Springer-Verlag, Berlin, Heidelberg, 61–79. https: //doi.org/10.1007/978-3-319-45741-3_4 [2] Michel Abdalla, Pierre-Alain Fouque, and David Pointcheval. 2005. PasswordBased Authenticated Key Exchange in the Three-party Setting. In Proceedings of the 8th International Conference on Theory and Practice in Public Key Cryptography (PKC’05). Springer-Verlag, Berlin, Heidelberg, 65–84. https://doi.org/10.1007/ 978-3-540-30580-4_6 [3] Arathi Arakala, Jason Jeffers, and K. J. Horadam. 2007. Fuzzy Extractors for Minutiae-based Fingerprint Authentication. In Proceedings of the 2007 International Conference on Advances in Biometrics (ICB’07). Springer-Verlag, Berlin, Heidelberg, 760–769. http://dl.acm.org/citation.cfm?id=2391659.2391745

[4] Ali Bagherzandi, Stanislaw Jarecki, Nitesh Saxena, and Yanbin Lu. 2011. Passwordprotected Secret Sharing. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS ’11). ACM, New York, NY, USA, 433–444. https://doi.org/10.1145/2046707.2046758 [5] Mihir Bellare, David Pointcheval, and Phillip Rogaway. 2000. Authenticated Key Exchange Secure Against Dictionary Attacks. In Proceedings of the 19th International Conference on Theory and Application of Cryptographic Techniques (EUROCRYPT’00). Springer-Verlag, Berlin, Heidelberg, 139–155. http://dl.acm. org/citation.cfm?id=1756169.1756185 [6] Patrik Bichsel, Bud Bruegger, Alberto Crespo Garcia, Thomas Gross, André Gutwirth, Moritz Horsch, Detlef Houdeau, Charles Bastos Rodriguez, and Tarvi Martens. 2013. Survey and Analysis of Existing eID and Credential Systems. Deliverable D32.1. http://www.cspforum.eu/FutureID_D32.1_WP32_v1.0_Survey_of_ existing_eID_and_credential_systems.pdf [7] Victor Boyko, Philip MacKenzie, and Sarvar Patel. 2000. Provably Secure Password-authenticated Key Exchange Using Diffie-Hellman. In Proceedings of the 19th International Conference on Theory and Application of Cryptographic Techniques (EUROCRYPT’00). Springer-Verlag, Berlin, Heidelberg, 156–171. http: //dl.acm.org/citation.cfm?id=1756169.1756186 [8] Jan Camenisch, Robert R Enderlein, and Gregory Neven. 2015. Two-server password-authenticated secret sharing UC-secure against transient corruptions. In IACR International Workshop on Public Key Cryptography (PKC’05). SpringerVerlag, Berlin, Heidelberg, 283–307. https://doi.org/10.1007/978-3-662-46447-2_ 13 [9] Jan Camenisch, Anja Lehmann, Anna Lysyanskaya, and Gregory Neven. 2014. Memento: How to reconstruct your secrets from a single password in a hostile environment. In International Cryptology Conference (CRYPTO’06). SpringerVerlag, Berlin, Heidelberg, 256–275. https://doi.org/10.1007/978-3-662-44381-1_ 15 [10] Jan Camenisch, Anja Lehmann, and Gregory Neven. 2015. Optimal Distributed Password Verification. In Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security (CCS ’15). ACM, New York, NY, USA, 182–194. https://doi.org/10.1145/2810103.2813722 [11] Jan Camenisch, Anna Lysyanskaya, and Gregory Neven. 2012. Practical Yet Universally Composable Two-server Password-authenticated Secret Sharing. In Proceedings of the 2012 ACM Conference on Computer and Communications Security (CCS ’12). ACM, 525–536. https://doi.org/10.1145/2382196.2382252 [12] Ran Canetti and Hugo Krawczyk. 2001. Analysis of key-exchange protocols and their use for building secure channels. In International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT’00). Springer-Verlag, Berlin, Heidelberg, 453–474. https://doi.org/10.1007/3-540-44987-6_28 [13] Yevgeniy Dodis, Jonathan Katz, Leonid Reyzin, and Adam Smith. 2006. Robust Fuzzy Extractors and Authenticated Key Agreement from Close Secrets. In Proceedings of the 26th Annual International Conference on Advances in Cryptology (CRYPTO’06). Springer-Verlag, Berlin, Heidelberg, 232–250. https: //doi.org/10.1007/11818175_14

ARES 2018, August 27–30, 2018, Hamburg, Germany [14] Yevgeniy Dodis, Rafail Ostrovsky, Leonid Reyzin, and Adam Smith. 2008. Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data. SIAM J. Comput. 38, 1 (March 2008), 97–139. https://doi.org/10.1137/060651380 [15] Warwick Ford and Burton S. Kaliski, Jr. 2000. Server-Assisted Generation of a Strong Secret from a Password. In Proceedings of the 9th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE ’00). IEEE Computer Society, Washington, DC, USA, 176–180. http: //dl.acm.org/citation.cfm?id=647068.715647 [16] Mohsen Guizani, Daojing He, Kui Ren, Joel JP Rodrigues, Sammy Chan, and Yan Zhang. 2015. Security and privacy in emerging networks: Part II [Guest Editorial]. IEEE Communications Magazine 53, 8 (2015), 40–41. https://doi.org/ 10.1109/MCOM.2015.7180505 [17] Debiao He, Neeraj Kumar, Jong-Hyouk Lee, and R Sherratt. 2014. Enhanced three-factor security protocol for consumer USB mass storage devices. IEEE Transactions on Consumer Electronics 60, 1 (2014), 30–37. https://doi.org/10.1109/ TCE.2014.6780922 [18] Michael Hölzl, Michael Roland, and René Mayrhofer. 2016. Real-World Identification: Towards a Privacy-Aware Mobile eID for Physical and Offline Verification. In Proceedings of the 14th International Conference on Advances in Mobile Computing and Multi Media (MoMM ’16). ACM, 280–283. https://doi.org/10.1145/ 3007120.3007158 [19] Michael Hölzl, Michael Roland, Omid Mir, and René Mayrhofer. 2018. Bridging the Gap in Privacy-Preserving Revocation: Practical and Scalable Revocation for a Privacy-Aware Mobile eID. In Proceedings of SAC 2018: Symposium on Applied Computing. ACM, Pau, France. https://doi.org/10.1145/3167132.3167303 [20] Stanislaw Jarecki, Aggelos Kiayias, and Hugo Krawczyk. 2014. Round-optimal password-protected secret sharing and T-PAKE in the password-only model. In International Conference on the Theory and Application of Cryptology and Information Security. Springer-Verlag, Berlin, Heidelberg, 233–253. https://doi. org/10.1007/978-3-662-45608-8_13 [21] Stanislaw Jarecki, Aggelos Kiayias, Hugo Krawczyk, and Jiayu Xu. 2016. Highlyefficient and composable password-protected secret sharing (or: how to protect your bitcoin wallet online). In IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, 276–291. https://doi.org/10.1109/EuroSP.2016.30 [22] Andrew Teoh Beng Jin, David Ngo Chek Ling, and Alwyn Goh. 2004. Biohashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern recognition 37, 11 (2004), 2245–2255. https://doi.org/10.1016/j. patcog.2004.04.011 [23] Ivan Krstić. 2016. Behind the scenes’ iOS security talk. (August 2016). https: //www.youtube.com/watch?v=BLGFriOKz6U [24] Omid Mir, Jorge Munilla, and Saru Kumari. 2017. Efficient anonymous authentication with key agreement protocol for wireless medical sensor networks. Peer-to-Peer Networking and Applications 10, 1 (Aug. 2017), 79–91. https://doi.org/10.1007/s12083-015-0408-1 [25] Omid Mir and Morteza Nikooghadam. 2015. A Secure Biometrics Based Authentication with Key Agreement Scheme in Telemedicine Networks for EHealth Services. Wirel. Pers. Commun. 83, 4 (Aug. 2015), 2439–2461. https: //doi.org/10.1007/s11277-015-2538-4 [26] MIRACALć. 2015. Multiprecision Integer and Rational Arithmetic Cryptographic Library. (2015). https://github.com/CertiVox/MIRACl [27] Vanga Odelu, Ashok Kumar Das, and Adrijit Goswami. 2015. A secure biometricsbased multi-server authentication protocol using smart cards. IEEE Transactions on Information Forensics and Security 10, 9 (2015), 1953–1966. https://doi.org/10. 1109/TIFS.2015.2439964 [28] Adi Shamir. 1979. How to Share a Secret. Commun. ACM 22, 11 (Nov. 1979), 612–613. https://doi.org/10.1145/359168.359176 [29] Kris Shrishak. 2016. Enhancing the Privacy of Users in eID schemes through Cryptography. Literature Survey, Delft University of Technology, Delft, 45. [30] Qi Xie, Duncan S Wong, Guilin Wang, Xiao Tan, Kefei Chen, and Liming Fang. 2017. Provably secure dynamic id-based anonymous two-factor authenticated key exchange protocol with extended security model. IEEE Transactions on Information Forensics and Security 12, 6 (2017), 1382–1392. https://doi.org/10. 1109/TIFS.2017.2659640 [31] Xun Yi, Feng Hao, Liqun Chen, and Joseph K. Liu. 2015. Practical Threshold Password-Authenticated Secret Sharing Protocol. In Proceedings, Part I, of the 20th European Symposium on Computer Security – ESORICS 2015 - Volume 9326. Springer-Verlag, Berlin, Heidelberg, 347–365. https://doi.org/10.1007/ 978-3-319-24174-6_18

Omid Mir, René Mayrhofer, Michael Hölzl, and Thanh-Binh Nguyen