Demo: Human-Computable One-Time Passwords

Abstract

This demo shows an enhanced alternative to the Multi-Factor Authentication (MFA) methods. The improvement lies in the elimination of any supplementary gadgets/devices or theft-sensitive biometric data, by substituting it with direct human-computer authentication. This approach remains secure also in untrusted systems and environments. Despite the use of different identification factors by MFA methods, the basic condition for reliable authentication is the use of the intelligence of the human brain, in the form of a static password. For security reasons, it is recommended to use different passwords for each online account. As a result, users often adopt insecure password practices (e.g., reuse or weak password) or they have to frequently reset their passwords. We solved this problem in such a way that the user reconstructs each of his passwords, calculating the response to the public challenge according to his secret by performing simple mathematical operations, i.e. adding modulo 10. For each internet account, such a challenge must be stored on the server with the correct response as a hashed password, but only the user needs to know the secret, only one secret as a universal private key for all these accounts. This secret key is used by our innovative challenge-response protocol for human-generated One-Time Passwords (OTP) based on a hard lattice problem with noise introduced by our new method which we call Learning with Options (LWO). This secret has the form of an outline like a kind of handwritten autograph (Fig. 1), designed in invisible ink. The password generation process requires following such an invisible contour, similar to a manual autograph, and it can also be done offline on paper documents with an acceptable level of security and usability meeting the requirements for post-quantum symmetric cyphers and commercial implementation also in the field of IoT. Many attempts to achieve this goal have been made for over 30 years since Matsumoto's first publication in 1991, but only two protocols have been commercially implemented: strong but very slow HB, presented by Hopper and Blum in 2000 [2], and easy and fast but very weak grIDsure (GS) presented by Brostoff et al. in 2010 [3]. Our iChip scheme has security properties better than HB and usability close to GS, while eliminating their drawbacks.