Neuroscience meets cryptography: Designing crypto primitives secure against rubber hose attacks

Hristo Bojinov, Daniel Sanchez, Paul Reber, Dan Boneh, Patrick Lincoln

Research output: Contribution to conferencePaper

31 Scopus citations

Abstract

Cryptographic systems often rely on the secrecy of cryptographic keys given to users. Many schemes, however, cannot resist coercion attacks where the user is forcibly asked by an attacker to reveal the key. These attacks, known as rubber hose cryptanalysis, are often the easiest way to defeat cryptography. We present a defense against coercion attacks using the concept of implicit learning from cognitive psychology. Implicit learning refers to learning of patterns without any conscious knowledge of the learned pattern. We use a carefully crafted computer game to plant a secret password in the participant’s brain without the participant having any conscious knowledge of the trained password. While the planted secret can be used for authentication, the participant cannot be coerced into revealing it since he or she has no conscious knowledge of it. We performed a number of user studies using Amazon’s Mechanical Turk to verify that participants can successfully re-authenticate over time and that they are unable to reconstruct or even recognize short fragments of the planted secret.

Original languageEnglish (US)
Pages129-141
Number of pages13
StatePublished - Jan 1 2012
Event21st USENIX Security Symposium - Bellevue, United States
Duration: Aug 8 2012Aug 10 2012

Conference

Conference21st USENIX Security Symposium
CountryUnited States
CityBellevue
Period8/8/128/10/12

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems
  • Safety, Risk, Reliability and Quality

Fingerprint Dive into the research topics of 'Neuroscience meets cryptography: Designing crypto primitives secure against rubber hose attacks'. Together they form a unique fingerprint.

  • Cite this

    Bojinov, H., Sanchez, D., Reber, P., Boneh, D., & Lincoln, P. (2012). Neuroscience meets cryptography: Designing crypto primitives secure against rubber hose attacks. 129-141. Paper presented at 21st USENIX Security Symposium, Bellevue, United States.