Secure Communications over Insecure Channels Using an Authenticated Channel
A secure communication over an insecure channel without any prior exchanged key can be established with the help of an authentication step to exchange a public key and then using public-key cryptography such as RSA. In this work, we concentrate on message authentication protocols which require an extra authenticated channel. We also recall biometrics-based systems which are hard to implement and distance bounding-based authentication systems which are limited to closer communications. We sketch three generic attacks against any message authentication protocol, conclude on their maximal security, and study the security of some protocols. Finally, we propose a new protocol which achieves the same security level as that of SSH and GPG, but using much less authenticated bits.