Does Counting Still Count? Revisiting the Security of Counting based User Authentication Protocols against Statistical Attacks

At NDSS 2012, Yan et al. analyzed the security of sev-eral challenge-response type user authentication protocolsagainst passive observers, and proposed a generic countingbased statistical attack to recover the secret of some count-ing based protocols given a number of observed authentica-tion sessions. Roughly speaking, the attack is based on thefact that secret (pass) objects appear in challenges with adifferent probability from non-secret (decoy) objects whenthe responses are taken into account. Although they men-tioned that a protocol susceptible to this attack should min-imize this difference, they did not give details as to how thiscan be achieved barring a few suggestions. In this paper,we attempt to fill this gap by generalizing the attack with amuch more comprehensive theoretical analysis. Our treat-ment is more quantitative which enables us to describe amethod to theoretically estimate a lower bound on the num-ber of sessions a protocol can be safely used against theattack. Our results include 1) two proposed fixes to makecounting protocols practically safe against the attack at thecost of usability, 2) the observation that the attack can beused on non-counting based protocols too as long as chal-lenge generation is contrived, 3) and two main design prin-ciples for user authentication protocols which can be con-sidered as extensions of the principles from Yan et al. This∗This is the full version of the paper with the same title which is toappear in the Proceedings of the Network & Distributed System SecuritySymposium (NDSS) 2013.detailed theoretical treatment can be used as a guidelineduring the design of counting based protocols to determinetheir susceptibility to this attack. The Foxtail protocol, oneof the protocols analyzed by Yan et al., is used as a represen-tative to illustrate our theoretical and experimental results.