Showing papers on "Otway–Rees protocol published in 1991"

Systematic Design of Two-Party Authentication Protocols

Abstract: We investigate protocols for authenticated exchange of messages between two parties in a communication network. Secure authenticated exchange is essential for network security. It is not difficult to design simple and seemingly correct solutions for it, however, many such 'solutions' can be broken. We give some examples of such protocols and we show a useful methodology which can be used to break many protocols. In particular, we break a protocol that is being standardized by the ISO.We present a new authenticated exchange protocol which is both provably secure and highly efficient and practical. The security of the protocol is proven, based on an assumption about the the cryptosystem employed (namely, that it is secure when used in CBC mode on a certain message space). We think that this assumption is quite reasonable for many cryptosystems, and furthermore it is often assumed in practical use of the DES cryptosystem. Our protocol cannot be broken using the methodology we present (which was strong enough to catch all protocol flaws we found). The reduction to the security of the encryption mode, indeed captures the non-existence of the exposures that the methodology catches (specialized to the actual use of encryption in our protocol). Furthermore, the protocol prevents chosen plaintext or ciphertext attacks on the cryptosystem.The proposed protocol is efficient and practical in several aspects. First, it uses only conventional cryptography (like the DES, or any privately-shared one-way function) and no public-key. Second, the protocol does not require synchronized clocks or counter management. Third, only a small number of encryption operations is needed (we use no decryption), all with a single shared key. In addition, only three messages are exchanged during the protocol, and the size of these messages is minimal. These properties are similar to existing and proposed actual protocols. This is essential for integration of the proposed protocol into existing systems and embedding it in existing communication protocols.

Exploring the BAN approach to protocol analysis

Abstract: The BAN approach to analysis of cryptographic protocols (M. Burrows et al., 1988) transforms a correctness requirement into a proof obligation of a formal belief logic. It is shown that the BAN protocol annotation rules make flaws due solely to protocol step permutation undetectable by the BAN logic. This is illustrated by a short example. In the style of BAN logic, the author defines the concept of a terminating idealized protocol. BAN logic has been used to prove the correctness of an insecure protocol (D. Nessett, 1990). The author shows that this protocol belongs to the class of nonterminating protocols. >

A Security Analysis of Version 2 of the Network Time Protocol NTP: A Report to the Privacy and Security Research Group

Abstract: The Network Time Protocol is being used throughout the Internet to provide an accurate time service. This paper examines the security requirements of such a service, analyzes version 2 of the NTP protocol to determine how well it meets these requirements, and suggests improvements where appropriate.