Showing papers on "Otway–Rees protocol published in 1998"

Honest ideals on strand spaces

Abstract: In security protocol analysis, it is important to learn general principles that limit the abilities of an attacker and that can be applied repeatedly to a variety of protocols. The authors introduce the notion of an ideal-a set of messages closed under encryption and invariant under composition with arbitrary messages-to express such principles. In conjunction with the strand space formalism, they use the concept of ideals to prove bounds on a penetrator's capabilities, independent of the security protocol being analyzed. From this they prove a number of correctness properties of the Otway Rees protocol, using these results to explain the limitations of the protocol.

SNMP and SNMPv2: the infrastructure for network management

Abstract: The Simple Network Management Protocol is the most widely used protocol for the management of IP-based networks and internets. The original version, now known as SNMPv1, is widely deployed. SNMPv2 adds functionality to the original version but does not address its security limitations; this relatively recent standard has not achieved much acceptance. An effort is currently underway to develop SNMPv3, which will retain the functional enhancements of SNMPv2 and add powerful privacy and authentication features. This article provides a survey of the three versions of SNMP, including a discussion of the way in which management information is represented and the protocol functionality.

Authentication and Payment in Future Mobile Systems

Abstract: This article presents an efficient public-key protocol for mutual authentication and key exchange designed for third generation mobile communications systems. The paper also demonstrates how a micropayment scheme can be integrated into the authentication protocol; this payment protocol allows for the provision of incontestable charging. The problem of establishing authenticated public keys through cross-certification is addressed.

Formal analysis of a non-repudiation protocol

Abstract: The paper applies the theory of communicating sequential processes (CSP) to the modelling and analysis of a non-repudiation protocol. Non-repudiation protocols differ from authentication and key-exchange protocols in that the participants require protection from each other, rather than from an external hostile agent. This means that the kinds of properties that are required of such a protocol, and the way it needs to be modelled to enable analysis, are different to the standard approaches taken to the more widely studied class of protocols and properties. A non-repudiation protocol proposed by Zhou and Gollmann (1996) is analysed within this framework, and this highlights some novel considerations that are required for this kind of protocol.

Elements of network protocol design

Abstract: How to Specify Network Protocols. First Protocol Examples. Network Processes. More on Processes. Transmission Errors. Connections. Data Transfer and Multiplexing. Error Detection. Error Recovery. Flow Control. Maintaining Topology Information. The Abstraction of Perfect Channel. Routing. Switching. Congestion Control. The Abstraction of Virtual Neighborhood. Naming and Name Resolution. Security. Data Compression. Broadcast and Multicast. Application Structures. Applications. Ring Networks. Broadcast Networks. Protocol Layers and Hierarchies. Exercises. Bibliography. Indexes.

A simple logic for authentication protocol design

Abstract: The authors describe a simple logic. The logic uses the notion of channels that are generalisations of communication links with various security properties. The abstract nature of channels enables one to treat the protocol at a higher abstraction level than do most of the known logics for authentication, and thus, one can address the higher level functional properties of the system, without having to be concerned with the problems of the actual implementation. The major advantage of the proposed logic is its suitability for the design of authentication protocols. They give a set of synthetic rules that can be used by protocol designers to construct a protocol in a systematic way.

Some Timestamping Protocol Failures.

Abstract: Protocol failures are presented for two timestamping schemes. These failures emphasize the importance and di culty of implementing a secure protocol even though there exist secure underlying algorithms. As well, they indicate the importance of clearly de ning the goals for a protocol. For the scheme of Benaloh and de Mare (Eurocrypt '93), it is shown that although an indication of time can be included during the computation of the timestamp, the veri ation of the timestamp does not allow for the recovery of this temporal measure. For the scheme of Haber and Stornetta (Journal of Cryptology '91), we demonstrate how a collusion attack between a single user and a timestamping service allows for the backdating of timestamps. This attack is successful despite the claim that the timestamping service need not be trusted. For each of these schemes we discuss methods for improvement.

Evaluating and improving protocol analysis by automatic proof

Abstract: The paper summarizes the results of Automatic Authentication Protocol Analyzer (AAPA) analyses of 52 protocols from A Survey of Authentication Protocol Literature: Version 1.0 by Clark and Jacob, a continually updated library of protocols analyzed in the protocol-failure literature. The AAPA found no problems in 27 that Clark and Jacob did not identify as having problems, but also found no problems in 16 that Clark and Jacob did identify as having problems, though the attacks on 8 of these would be prevented by type checks that the AAPA assumes are always made. It found problems in 6 that Clark and Jacob also identified as having problems, and found problems in 3 that Clark anal Jacob did not identify as having problems. The paper defines a semantics for the AAPA's specification language, defines valid inference and protocol failure with respect to this semantics, identifies reasons for each of the AAPA's "misses", and sketches ongoing work that should correct all, or all except one, of these "misses".

An Authenticated Diffie-Hellman Key Agreement Protocol Secure Against Active Attacks

Abstract: A two-party authenticated Diffie-Hellman key agreement protocol is proposed. The protocol is practical and provably secure against passive eavesdropping, impersonation, interference, active eavesdropping and pretense in the random oracle model on the assumptions that the Diffie-Hellman problem is intractable and that the secret pieces of information of users are selected at random and independently of each other. All of these attacks are assumed to be known-key attacks. The security against passive eavesdropping is proved on the assumption that the attacker knows the secret pieces of information of the participants. As an application of the proposed protocol, a star-based conference key distribution protocol is also designed.

Efficient Identity-Based Conference Key Distribution Protocols

Abstract: In this paper we study security properties of conference key distribution protocols and give a hierarchy of four security classes. We show various problems with the Burmester-Desmedt conference key distribution protocol and show that the authenticated version of the protocol belongs to class 2. We give a modification of the protocol that makes it identity-based. Another modification provides us a class 4 protocol that is secure against insiders' attacks. This protocol is most efficient compared to known authenticated conference key distribution protocols. Finally we propose a particular key confirmation protocol that may be combined with almost all conference key distribution protocols to achieve the highest security.

An enhanced authentication protocol for personal communication systems

Abstract: The mutual authentication protocols of GSM and IS-41 are computationally efficient and thwart masquerading and eavesdropping. However, these protocols do not support non-repudiation of service. We propose a simple authentication protocol for personal communication systems emphasizing non-repudiation and play back attack prevention. We extend the core authentication functions of GSM to include a one way function that establishes trust between the mobile unit and visiting location register. The protocol is presented using a general notation and semantics, including major message flows.

Robust re-authentication and key exchange protocol for IEEE 802.11 wireless LANs

Abstract: We introduce a robust re-authentication and key exchange protocol for IEEE 802.11 wireless LANs. Based on an authentication protocol that we have previously published, we introduce a low computational complexity re-authentication and key exchange procedure that provides enhanced robustness in face of cryptographic attacks. This procedure accounts for the wireless media limitations, e.g., limited bandwidth and noise. We introduce the re-authentication period (RP) that reflects the frequency that the re-authentication procedure should be executed. We provide the user with suitable guidelines that will help in the determination of the re-authentication period.

SG logic : A formal analysis technique for authentication protocols

Abstract: The security of electronic communication relies to a great extent on the security of authentication protocols used to distribute cryptographic keys. Hence formal techniques are needed which help to analyse the security of these protocols. In this paper we introduce a formal method which allows to detect the possibility of certain replay and interleaving attacks. By using our method we are able to show the weakness of the Neuman-Stubblebine protocol and to detect inaccuracies in some authentication protocols standardized in ISO. These inaccuracies may cause the protocol to allow interleaving attacks in certain environments, a fact which seems to be unrecognized so far.

Using Refinement to Analyse the Safety of an Authentication Protocol

Abstract: This paper describes an approach to the analysis of security protocols using Abrial's B method. B is a general purpose formal method based on standard set theory and predicate logic. The refinement rule we use means that we only check for safety properties such as authentication rather than liveness properties such as absence of denial of service. The contribution of this paper is the development of a style of modelling and reasoning with B that allows for a straightforward and thorough analysis of security protocols. This analysis contributes to the understanding of a protocol and could lead to an improvement in the design of security protocols.

Attacks of BB84 protocol in quantum cryptography

Abstract: An optimal eavesdropping strategy for BB84 protocol in quantum cryptography is proposed. This scheme is based on the ‘indirect copying’. Under this scheme, eavesdropper can exactly obtain the exchanged information between the legitimate users without being detected.

A Note on an Authentication Technique Based on Distributed Security Management for the Global Mobility Network

Abstract: In this paper, we analyse the authentication protocol that has been proposed for the so called global mobility network in the October 1997 issue of the IEEE Journal on Selected Areas in Communications. Using a simple logic of authentication, we show that the protocol has flaws, and we present three different attacks that exploit these. We correct the protocol using a simple design tool that we have developed.

Dynamic authentication protocol for personal communication system (PCS)

Abstract: The security problem in personal communication systems is a crucial technique for the development of PCS. This paper proposes a dynamic secure protocol suitable for PCS, which is based on the public-key and secret-key hybrid algorithm timestamp and a small storage variable which embodies the dynamic character. The protocol overcomes the threatening problem of clone attack that cannot be resisted in Brown (1995), and remedies for the existing pity in Yu and Harn (1995) and Liu Jianwei and Wang Yumin (1998) in which the maximum times of calling have been limited. In addition, the implementation of the protocol becomes more convenient. The paper analyses the characteristics of this protocol and discusses that the protocol can effectively resist the relay-type clone attack which many secure schemes cannot conquer. Finally, we conclude that the protocol has very good security.

Security simulator in mobile computing environment

Abstract: In the global mobile computing environment the ideal is that the user accesses to the resources on the authorized network where the person is registered through any unauthorized network where the person is not registered from any location of transit. To make this ideal a reality, the user authentication system based on a third party authentication is vital at the access point of any unauthorized network on which the user is not registered. To achieve this goal, we have proposed the Global Mobile Authentication Protocol (GMAP) which reduces the use of the radio network to a minimum and enables user confirmation without leaking the user information. This study intended to verify GMAP's robust characteristics, involves an implementation of a security simulator (SS/AG) which generates a number of attack patterns to check safety of the message transmission and reception performance using the authentication protocol against these attacks. SS/AG is capable of generating the third party attacks on the network randomly or systematically. Moreover SS/AG is also characterized by the ability to allow each computer relating to the protocol to check the reaction to certain attack patterns or allow checking on the reaction of the entire authentication protocol.

HPP : A reliable causal broadcast protocol for large-scale replication in wide area networks

Abstract: This paper describes a fast, reliable, scalable and efficient broadcast protocol called HPP (hierarchical propagation protocol) for weak-consistency replica management. It is based on organizing the nodes in a network into a logical hierarchy and maintaining a limited amount of state information at each node. It ensures that messages are not lost due to failures or partitions and minimizes redundancy. Furthermore, the protocol allows messages to be diffused while nodes are down provided the parent and child nodes of a failed node are alive. Moreover, the protocol allows nodes to be moved in the logical hierarchy and the network to be restructured dynamically in order to improve performance, while still ensuring that no messages are lost while the switch takes place and without disturbing normal operation. A performance study of the protocol in terms of availability and propagation delay indicates that the protocol reduces the delay by a factor of four compared to a protocol that does not diffuse messages past failed nodes.