A New Biometric ID-Based Cryptography Protocol and Security Analysis Using Petri Nets
read more
References
Security analysis of the secure authentication protocol by means of coloured petri nets
50 years after the PhD thesis of Carl Adam Petri: A perspective
Modelling and Simulation of a Biometric Identity-Based Cryptography
Related Papers (5)
Frequently Asked Questions (10)
Q2. What is the definition of a petri net?
A Petri net is defined as a bipartite directed, weighted graph with two types of nodes called places and transitions, linked by directed arcs.
Q3. What is the main goal of the adversary model?
The main goal of the adversary model is to examine the protocol behaviour with the presence of an adversary while modelling attacks.
Q4. What is the viable countermeasure to defend authentication attacks?
It is evident that the most viable countermeasure to defend authentication attacks is to encrypt the message exchange between the client and server.
Q5. What is the definition of adversary entity?
the adversary entity is nondeterministic, in that it may perform different possible actions under different client identities at a given time to ultimately compromise the target system.
Q6. What is the common type of trust relationship between a client and a server?
Sometimes it may involve a trusted third party to operate the authentication and validation, such as the Kerberos login protocol [1], while other systems deploy biometric automated verification systems to recognise trusted users.
Q7. What is the likelihood of correlation associated with T – TC?
(1) The likelihood of correlation associated with T –̀ TC ≤ ∆T will be high considering the time-delay in widearea networks is unpredictable and varies most of the time.
Q8. How has the PN attack been simulated?
Each attack scenario has been simulated using PN to exploits vulnerabilities in case if the symmetric encryption was not applied to their new protocol.
Q9. What is the reason why the fabricated login request is sent to C?
A instantly impersonates C and initiates a new session with S by sending a fabricated login request: P19 = [IDA =ID`C , TA = T`S, W1=W`2, M3 = M`6, M7, MAC`k(IDC, TS, W2, M6, M7)], which is S original reply to C.Assume if the fabricated message arrives to S at time T, it will pass the verification check for the following reasons:
Q10. What is the purpose of the attack?
To exploit the reflection attack, the adversary A intercepts the login request while listening to the electronic conversation between client C and server S. Then, the adversary sends the same login request [ID`C, T`C, W`1, M`3, MAC`k(IDC, TC, W1 ,M3)] to C in a timely manner.