Duress Authentication via Partially Homomorphic Encryption
Primary Investigator:
Research Independant
Ben Harsha, Mikhail Atallah
Abstract
Duress authentication request that a user under duress has a covert way of signaling this fact while authenticating. The signal must be undetectable to an attacker who is coercing the victim to authentication, even when the attacked knows the details of the system being used and even if the user is one of many administrators with root access. The scheme must have a low rate of false positives and negatives, and should not be difficult to use even in a stressful situation. Given our requirements we show that currently deployed duress authentication systems are inadequate. We then describe a new method for duress authentication based on public key partially homomorpic encryption (e.g. Paillier). We show that this new system does not reveal any duress signal to an attacker that does not have access to a secret key, that it accurately determines when duress has occurred, and that it is likely easy to use for users under duress.