dslreports logo
spacer
1
spacer
 
   
spc
Mathematical trick counters wireless fraud
by Cudni 11:02AM Sunday Feb 20 2005
by Will Knight

Wireless computer networks could be secured against fraud and identity theft using a novel cryptographic protocol designed to keep passwords safe from prying eyes.

Markus Jakobsson and Steve Myers of Indiana University, US, demonstrated the new security scheme, dubbed "delayed password disclosure", at the American Association for the Advancement of Science meeting in Washington DC on Saturday.


more at Newscientist.com

home

view:
topics flat nest 

funchords
Hello
Premium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:6

How is this different from PSK?

Existing security protocols focus on securing the link between two machines to counteract eavesdropping. But making sure that a computer is connected to a legitimate access point in the first place is also important. If a hacker uses his computer as a fake access point and then relays the messages on to a real one, the information can be stolen covertly.

The delayed password disclosure protocol counteracts this threat by allowing both parties use a pre-arranged password or pin for authentication, but preventing this from being revealed during communications.

A mathematical function is applied to the agreed code by the user who initiates the wireless link, turning it into an incoherent string of bits. At the other end of the link, another mathematical function is applied to the string and it is sent back to the user.

The resulting code can then be mathematically checked to confirm that the person at the other end of the link shares the same secret password or pin.
I couldn't have explained WPA-PSK any better!
--
Robb Topolski
http://www.funchords.com/
Hillsboro, Oregon USA
DSLrgm
Premium,MVM
join:2002-08-22
Oak Park, MI

Re: How is this different from PSK?

No. This is NOT PSK. Or rather, how we designed the 4-way handshake that produces the session key from the master key.

It is also not how MOST challenge responses work, but I can find dozens of authentication methods that work in this manner. This is NOT a new invention. There is plenty of prior art.

funchords
Hello
Premium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:6

Re: How is this different from PSK?

What is different about it?