International Association for Cryptologic Research
The authors use ideas from game theory to improve two families of authentication protocols, namely password-based and manual authentication schemes. The protocols will be transformed so that even if an intruder attacks different protocol runs between honest nodes, its expected payoff will still be lower than when it does not attack. A rational intruder, who always tries to maximize its payoff, therefore has no incentive to attack any protocol run among trust-worthy parties. To illustrate the use of their method, they present a paper relating to the password-based authentication stage of on-line banking, where passwords are chosen either randomly or biasedly by, e.g., humans. For the latter they use the publicly available 32 million passwords of the social gaming network website RockYou as the source of human-selected passwords.