# Lighting Two Candles With One Flame: An Unaided Human Identification   Protocol With Security Beyond Conventional Limit

**Authors:** Nilesh Chakraborty, Samrat Mondal

arXiv: 1705.10747 · 2017-05-31

## TL;DR

This paper introduces a novel authentication protocol that controls information leakage and incorporates threat detection, enhancing security and usability beyond traditional limits in the presence of powerful eavesdroppers.

## Contribution

It proposes the concept of leakage control and a threat detection strategy based on honeywords, addressing security and usability issues simultaneously in authentication protocols.

## Key findings

- Leakage control increases security and usability.
- Threat detection effectively identifies attacks.
- Protocol guarantees security beyond conventional limits.

## Abstract

Designing an efficient protocol for avoiding the threat of recording based attack in presence of a powerful eavesdropper remains a challenge for more than two decades. During authentication, the absence of any secure link between the prover and verifier makes things even more vulnerable as, after observing a threshold challenge-response pair, users' secret may easily get derived due to information leakage. Existing literature only present new methodologies with ensuring superior aspects over previous ones, while ignoring the aspects on which their proposed schemes cope poorly. Unsurprisingly, most of them are far from satisfactory - either are found far from usable or lack of security features.   To overcome this issue, we first introduce the concept of "leakage control" which puts a bar on the natural information leakage rate and greatly helps in increasing both the usability and security standards. Not just prevention, but also, by introducing the threat detection strategy (based on the concept of honeyword), our scheme "lights two candles". It not only eliminates the long terms security and usability conflict under the practical scenario, but along with threat detection from the client side, it is capable of protecting the secret at the server side under the distributed framework, and thus, guaranteeing security beyond the conventional limit.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1705.10747/full.md

## Figures

30 figures with captions in the complete paper: https://tomesphere.com/paper/1705.10747/full.md

## References

52 references — full list in the complete paper: https://tomesphere.com/paper/1705.10747/full.md

---
Source: https://tomesphere.com/paper/1705.10747