L. Buttyán, I. Zs. Berta, I. Vajda|
Eliminating Man-in-the-Middle attacks of Malicious Terminals
Workshop organised by the IST Coordination Point of the Ministry of Education, Budapest, 2002.
Communication with a remote partner is considered over an insecure network, where the user can gain access only to a terminal, which cannot be trusted: an attacker is assumed to be able to fully control the terminal, so the user must consider the terminal as a potential attacker. Surprisingly many terminals belong to this class.
Assuming such an environment the problem of sending authentic messages is considered. Various cryptographic algorithms exist for algorithmic protection, however to run such highly complex algorithms, the user must rely on the computational power of an insecure terminal. Smart cards are often considered the ultimate tool for secure messaging from untrusted terminals. Although they are secure tamper-resistant microcomputers with strong cryptographic power, their lack of user interface (i.e. lack of direct access to its input/output channels) enables man-in-the middle attack from the terminal. Therefore involving a smart card cannot eliminate the basic problem, because any protocol between the user and the smart card would rely - once again - on the insecure terminal. It might seem obvious that the user should give all security goals up as hopeless.
We have come to the conclusion that the user is unable to send authentic messages to the card, so in case of untrusted terminals the signature of the card does not prove that the message originates from the user. This is why the authenticity of plaintext messages from insecure terminals cannot be guaranteed.
However the user as a human being has additional resources that can be exploited to increase the security level of the system. The user is an excellent 'biometric device'. Biometric data (e.g. speech, video, handwriting) carry the information content (plaintext) together with the identity of the sender, which is far more difficult to counterfeit than plaintext content. Moreover the human user has limited but trusted algorithmic capabilities too, having some secure memory and computational power.
Apart from encapsulating the identity of the user and the content of the message, biometric messages (or multimedia messages) also have structure. If the structure is violated, the message has obviously been tampered with.
The manipulation of biometric messages requires considerably more time and resources than that of plaintext ones. If the chosen biometric method is properly calibrated, the attacker may not only need massive computational power, but human interaction or biometric laboratories could be required to successfully counterfeit a biometric message. Thus, not only a large percentage of attackers have been excluded, but even the most advanced ones may require significantly more time to create a counterfeited biometric message than a plaintext one.
A protocol has been developed in our laboratory that combines the biometric powers of the user and cryptographic powers of the smart card to dramatically limit the time the attacker has to manipulate a message. In this case, the smart card acts as a secure time gate. The protocol verifies that only a small amount of time has passed between the recording of the biometric message and card signing it. Naturally, after the message passes through the smart card, attackers have no chance to manipulate.
The protocol also uses the smart card to securely introduce the user to the remote partner, so the latter would already be familiar with the biometric features of the user. Thus, the smart card not only ensures authenticity, but also enables communication without having to exchange biometric identities in advance.
Having investigated the problem of secure communication via insecure terminals, we propose a solution that enables the everyday user to send authentic messages. Combined usage of biometry and smart cards can increase security to a level suitable for several practical applications.