Showing papers on "Otway–Rees protocol published in 1996"

A fair non-repudiation protocol

Abstract: A fair non-repudiation protocol should not give the sender of a message an advantage over the receiver, or vice versa. We present a fair non-repudiation protocol that requires a trusted third party but attempts to minimize its involvement in the execution of the protocol. We draw particular attention to the nonstandard use of encryption in our protocol and discuss some aspects of its formal verification.

Generalized security policy management system and method

Abstract: A system and method for regulating the flow of internetwork connections through a firewall having a network protocol stack which includes an Internet Protocol (IP) layer. A determination is made of the parameters characteristic of a connection request, including a netelement parameter characteristic of where the connection request came from. A query is generated and a determination is made whether there is a rule corresponding to that query. If there is a rule corresponding to the query, a determination is made whether authentication is required by the rule. If authentication is required by the rule, an authentication protocol is activated and the connection is activated if the authentication protocol is completed successfully.

CAPSL: Common Authentication Protocol Specification Language

Abstract: CAPSL is a formal language for expressing authentication and key-exchange protocols. It is intended to capture enough of the abstract features of these protocols to perform an analysis for protocol failures. The impetus for such a language grew out of project work in protocol analysis. A common protocol specification language seems necessary to bridge the gap between the typical informal presentations of protocols given in papers and the precise characterizations required to conduct formal analysis. It is hoped that proponents of different analysis techniques will offer algorithms for compiling this language into whatever form they require. Doing so will go a long way toward ensuring that the assumptions made by different techniques, as well as the analysis results, are comparable. Since Denning and Sacco published a replay attack on the Needham-Schroeder protocol in 1981, it has been welI known that protocols for exchanging cryptographic keys over data networks can be vulnerable to message modification attacks. The abundance of flaws in published protocols led to the development of formal techniques for their security aualysis. The proposed techniques, as represented by some of the earlier papers on the subject, include the use of goal-directed state search tools implemented in Prolog, the application of general purpose specification and verification tools, a specially-designed logic of belief, and the application of a model-checking tool for CSP specifications. It has become evident that it was difficult for analysts other than the developers of the various techniques to apply them. One reason for this difficulty is the fact that the protocols had to be m-specified for each technique, and it was not easy to transform the published description of the protocol into the required formal system. Some tool developers began work on translators or compilers that would perform the transformation automatically. The input to any such translator still requires a formally-defined language, but it can be made similar to the message-oriented protocol descriptions that are typically published. Besides our initial work on CAPSL for the Interrogator at MITRE, there were independent efforts by Steve Brai and Gavin Lowe, with a similar language, CASPER, for the application of FDR using a CSP model-checking approach. The idea of having a single common protocol specification language that could be used as the input format for any formal analysis technique was first presented at the 1996 Isaac Newton Institute Programme on Computer Security, Cryptology, and Coding Theory. The design of CAPSL is still in progress. Current documentation for the language, and discussions on design alternatives and extensions, may be found at the CAPSL home page on the World-Wide Web, at the URL http:// www.mitre.org/research/capsI.

An Authentication and Security Protocol for Mobile Computing

Abstract: The main contributions of this paper are: (1) to analyze an authentication and key distribution protocol for mobile computing proposed by Beller, Chang and Yacobi in 1993, and reveal two problems associated with their protocol. (2) to propose a new authentication and key distribution protocol that utilizes a broadcast channel in a mobile network. A particularly interesting feature of the new proposal is that it allows the authentication of a base station by a mobile user to be conducted “at the background”, which yields a very compact protocol whose total number of moves of information between a mobile user and a base station is only 1.5 !

Tailoring authentication protocols to match underlying mechanisms

Abstract: Authentication protocols are constructed using certain fundamental security mechanisms. This paper discusses how the properties of the underlying mechanisms affect the design of authentication protocols. We firstly illustrate factors affecting the selection of protocols generally. These factors include the properties of the environment for authentication protocols and the resources of the authenticating entities. We then consider a number of authentication protocols which are based on mechanisms satisfying different conditions than those required for the ISO/IEC 9798 protocols, in particular the use of non-random nonces and the provision of identity privacy for the communicating parties.

A high performance reliable atomic group protocol

Abstract: A novel and efficient group communication (multicast) protocol, based on a single logical-clock token ring approach, is described The protocol is highly efficient and it guarantees total ordering and atomicity of multicast messages for asynchronous distributed systems Unlike other logical token-ring algorithms, the protocol does not have a problem of token loss The optimized fault-tolerant algorithms of the protocol can handle process failures and network partitioning The experiment results of the implemented protocol in a local area network of workstations have demonstrated that its performance is better than any existing solutions in the same environment, especially, for achieving message total ordering and atomic (safe) delivery

Why the Kuperee authentication system fails

Abstract: The Kuperee system has been proposed as an authentication system using public keys by Hardjono and Seberry at ESORICS' 94. It employs the improved cryptosystem of Zheng and Seberry which is immune against chosen ciphertext attacks. The Kuperee authentication protocol has some interesting features. One of them is the binding of two entities (e.g. a client and a server) by a third entity (e.g. authentication server) so that only the cooperation of these two entities leads to the completion of an authentication protocol. Unfortunately this feature, together with other weaknesses, has led to some strong attacks such as impersonating the Ticket Granting Server, clients and servers. As a result the Kuperee authentication system is not resistant against modification attacks, replay attacks and even impersonating attacks. We discuss the serious weaknesses and show how to attack the Kuperee authentication system. Attacking the Kuperee is not the only purpose of this paper, since the Kuperee system is not widely used. We are more interested to point out the importance of paying more attention to the interface between design of protocols and implementation using concrete cryptographic algorithms.

Applying distributed simulation to a communication protocol development environment

Abstract: Creating robust communication protocols for distributed systems is an inherently difficult task due to the many possible executions and message orderings. We describe a communication protocol development environment based on a discrete-event simulator. We have used this development environment in testing and debugging a fault-tolerant totally-ordered multicast protocol operating over a network of multiple interconnected local-area networks (LANs). Each LAN is simulated by a processor participating in the testbed, and a "virtual gateway" mechanism is used to interconnect the LANs. The resulting distributed simulation environment allows the developer to create reproducible test scenarios, to inject faults such as network partitions, to single step protocol execution and, in general, to observe and analyze protocol behavior across each host in the network.