Dynamic fingerprints: improving the usability of peer-to-peer authentication

Peer-to-peer technology and wireless networking offer great potential for working together away from the desk – but they also introduce unique security challenges. A key aspect of that security is ensuring the identity of a peer user in the network (i.e., authentication) when standard server-based mechanisms are not available. Authentication is meant to foil the eavesdropping intruder who masquerades as a valid user (the socalled man in the middle attack). Peer-to-peer authentication methods rely on an out-of-band method for comparing some shared identity information. In public-key-infrastructure systems, this is a compressed version of the peer’s certificate (called a certificate digest or a digital fingerprint). However, these digital fingerprints are still too large to easily compare and the resulting poor usability means this step is often skipped, defeating the authentication. We describe a system and method for reducing the size of a digital fingerprint using an algorithm that incorporates a dynamic random nonce generated at run-time. This approach is shown mathematically to retain the security of previous authentication methods. In addition we present a user interface method for representing the smaller fingerprint in a variety of easily comparable and verifiable forms. The resulting authentication procedure requires less time, is easier to use, and runs on desktop, laptop and handheld devices. While this method is of critical importance to mobile workgroups who have limited or no access to a fixed security and network infrastructure, it is equally effective for any system using certificate-based peer-to-peer authentication.