Limitations of humans when using malicious terminals

Rok, strany: 2004, 1 - 16

A user wishes to communicate with a remote partner over an insecure network. Since the user is a human being, a terminal is needed to gain access to the network. In this paper the problem of sending authentic messages from insecure or untrusted terminals is analyzed. In this case attackers are able to gain total control over the terminal, so the user must consider the terminal a potential attacker. The authors consider an important merit of the paper the construction of a formal model that is able to handle interesting problems in case of untrusted terminals. According to this model, the user is able to encrypt or authenticate messages with very small degree of security only, so these messages can be broken by the terminal with significant probability. Since the cryptographic abilities of the user are more than limited, and no solution is known for the problem, our model seems to be realistic. We show that if the user lacks the ability to encrypt (and decrypt) messages in one step, i.e., without interaction with the remote partner, then the latter is unable to help the user in establishing a secret channel. We also show the same conclusion for authenticity: If the user is unable to calculate an authenticator that cannot be broken by the terminal, then the remote partner is unable to help the user in constructing an authenticated channel.

ISO 690:

Berta, I., Vajda, I. 2004. Limitations of humans when using malicious terminals. In Tatra Mountains Mathematical Publications, vol. 29, no.3, pp. 1-16. 1210-3195.

APA:

Berta, I., Vajda, I. (2004). Limitations of humans when using malicious terminals. Tatra Mountains Mathematical Publications, 29(3), 1-16. 1210-3195.