Showing papers on "Otway–Rees protocol published in 2005"

A Lightweight RFID Protocol to protect against Traceability and Cloning attacks

Abstract: RFID identification is a new technology that will become ubiquitous as RFID tags will be applied to every-day items in order to yield great productivity gains or “smart” applications for users. However, this pervasive use of RFID tags opens up the possibility for various attacks violating user privacy. In this work we present an RFID authentication protocol that enforces user privacy and protects against tag cloning. We designed our protocol with both tag-to-reader and reader-to-tag authentication in mind; unless both types of authentication are applied, any protocol can be shown to be prone to either cloning or privacy attacks. Our scheme is based on the use of a secret shared between tag and database that is refreshed to avoid tag tracing. However, this is done in such a way so that efficiency of identification is not sacrificed. Additionally, our protocol is very simple and it can be implemented easily with the use of standard cryptographic hash functions. In analyzing our protocol, we identify several attacks that can be applied to RFID protocols and we demonstrate the security of our scheme. Furthermore, we show how forward privacy is guaranteed; messages seen today will still be valid in the future, even after the tag has been compromised.

Security analysis and enhancements of 3GPP authentication and key agreement protocol

Abstract: This paper analyzes the authentication and key agreement protocol adopted by Universal Mobile Telecommunication System (UMTS), an emerging standard for third-generation (3G) wireless communications. The protocol, known as 3GPP AKA, is based on the security framework in GSM and provides significant enhancement to address and correct real and perceived weaknesses in GSM and other wireless communication systems. In this paper, we first show that the 3GPP AKA protocol is vulnerable to a variant of the so-called false base station attack. The vulnerability allows an adversary to redirect user traffic from one network to another. It also allows an adversary to use authentication vectors corrupted from one network to impersonate all other networks. Moreover, we demonstrate that the use of synchronization between a mobile station and its home network incurs considerable difficulty for the normal operation of 3GPP AKA. To address such security problems in the current 3GPP AKA, we then present a new authentication and key agreement protocol which defeats redirection attack and drastically lowers the impact of network corruption. The protocol, called AP-AKA, also eliminates the need of synchronization between a mobile station and its home network. AP-AKA specifies a sequence of six flows. Dependent on the execution environment, entities in the protocol have the flexibility of adaptively selecting flows for execution, which helps to optimize the efficiency of AP-AKA both in the home network and in foreign networks.

Challenge-eesponse based RFID authentication protocol for distributed database environment

Abstract: Recently, RFID system is a main technology to realize ubiquitous computing environments, but the feature of the RFID system may bring about various privacy problems. So, many kinds of protocols to resolve these problems have been researched. In this paper, we analyze the privacy problems of the previous protocols and propose more secure and effective authentication protocol to protect user's privacy. Then we analyze the security and effectiveness of the proposed protocol comparing with the previous protocols. The proposed protocol is based on Challenge-Response using one-way hash function and random number. The proposed protocol is secure against the replay the attack, spoofing attack and so on. In addition, the proposed protocol is fitted for distributed database environment.

Mutual Authentication Protocol for Low-cost RFID

Abstract: I am grateful to Prof. Adi Shamir of the Weizmann Institute in Israel for his precious comments and kind advice on our protocol during his visit to ICU during Asiacryt2004.

A derivation system and compositional logic for security protocols

Abstract: Many authentication and key exchange protocols are built using an accepted set of standard concepts such as Diffie-Hellman key exchange, nonces to avoid replay, certificates from an accepted authority, and encrypted or signed messages. We propose a general framework for deriving security protocols from simple components, using composition, refinements, and transformations. AS a case study, we examine the structure of a family of key exchange protocols that includes Station-TO-Station (STS), ISO-9798-3, Just Fast Keying (JFK), IKE and related protocols, derving all members of the family from two basic protocols, In order to associate formal proofs with protocol derivations, we extend our previous security protocol logic with preconditions, temporal assertions, composition rules, and Several other improvements. Using the logic, which we prove is sound with respect to the standard symbolic model of protocol execution and attack (the "Dolev-Yao model"), the security properties of the standard signature based Challange- Response protocol and the Diffie-Hellman key exchange protocol are estabilished. The ISO-9798-3 protocol is then proved correct by composing the correctness proofs of these two simple protocols Although our current formal logic is not sufficient to modulary prove security for all of our current protocol derivations. the derivation system provides a framework for further improvements.

Self-stabilizing structured ring topology P2P systems

Abstract: We propose a self-stabilizing and modeless peer-to-peer (P2P) network construction and maintenance protocol, called the Ring Network (RN) protocol. The RN protocol, when started on a network of peers that are in an arbitrary state, will cause the network to converge to a structured P2P system with a directed ring topology, where peers are ordered according to their identifiers. Furthermore, the RN protocol maintains this structure in the face of peer joins and departures. The RN protocol is a distributed and asynchronous message-passing protocol, which fits well the autonomous behavior of peers in a P2P system. The RN protocol requires only the existence of a bootstrapping system which is weakly connected. Peers do not need to be informed of any global network state, nor do they need to assist in repairing the network topology when they leave. We provide a proof of the self-stabilizing nature of the protocol, and experimentally measure the average cost (in time and number of messages) to achieve convergence.

An effective intrusion detection approach for OLSR MANET protocol

Abstract: The optimized link state routing (OLSR) protocol is a proactive mobile ad hoc network (MANET) routing protocol. Security aspects have not been designed into the OLSR protocol and therefore make it vulnerable to various kinds of attacks. Recent research efforts have focused on providing authentication and encryption techniques to secure the OLSR protocol against attacks from outside intruders. A second line of defense is required to provide intrusion detection and response techniques in protecting the OLSR protocol against attacks from inside intruders. In this paper, we describe security threats to the OLSR MANET routing protocol and present an intrusion detection solution based on protocol semantics checking. Our approach is based on semantic properties that are implied in the protocol definition and specify the correct OLSR routing update behavior. Conflict checking based on semantic properties is applied in every MANET node. Any abnormal protocol semantics triggers an intrusion alarm. While we use OLSR as an example, we argue that the presented approach can be applied to any multi-point relay (MPR) proactive MANET protocol.

An improved authenticated key agreement protocol with perfect forward secrecy for wireless mobile communication

Abstract: To provide secure communication for mobile devices, an authenticated key agreement protocol is an important primitive for establishing session keys. However, most existing authenticated key agreement protocols are not designed for wireless mobile communication for which bandwidth and device storage capacity are limited. Also, as mobile devices are more vulnerable to attack, providing forward secrecy becomes an essential element in the protocol. Based on Seo and Sweeney's simple authenticated key agreement algorithm (SAKA), we develop an improved authenticated key agreement protocol that eliminates the disadvantages of SAKA and provides identity authentication, key validation, and perfect forward secrecy. Also, our protocol can foil man-in-the-middle attacks. We also show how our proposed protocol can be included in the current 3GPP2 specifications for OTASP to improve A-key (authentication key) distribution, which is the master key in IS-95 and cdma2000 mobile networks. The proposed protocol requires significantly less bandwidth, and less computational and storage overhead, while having higher security compared to 3GPP2 specifications. The proposed protocol can also be applied to other wireless communication scenarios.

Multi-channel protocols

Abstract: We examine several ad-hoc pairing protocols that strengthen their radio exchanges with additional transmissions over another channel, for example a screen showing graphically encoded information to a camera. Additional channels may have limited capacity and may still be subject to eavesdropping, but they may offer specific advantages over radio such as data origin authenticity. A single protocol may profitably use more than one channel, each with its own specific security properties, for different messages in its trace. Making this option explicit allows for further advances in protocol design. We also present an intriguing asymmetric protocol that achieves results comparable to mutual authentication even though the verification happens only in one direction.

Replay attack in TCG specification and solution

Abstract: We prove the existence of a flaw which we individuated in the design of the object-independent authorization protocol (OIAP), which represents one of the building blocks of the trusted platform module (TPM), the core of the trusted computing platforms (TPs) as devised by the trusted computing group (TCG) standards. In particular, we prove, also with the support of a model checker, that the protocol is exposed to replay attacks, which could be used for compromising the correct behavior of a TP We also propose a countermeasure to undertake in order to avoid such an attack as well as any replay attacks to the aforementioned protocol

Repairing the bluetooth pairing protocol

Abstract: We implement and demonstrate a passive attack on the Bluetooth authentication protocol used to connect two devices to each other. Using a protocol analyzer and a brute-force attack on the PIN, we recover the link key shared by two devices. With this secret we can then decrypt any encrypted traffic between the devices as well as, potentially, impersonate the devices to each other. We then implement an alternative pairing protocol that is more robust against passive attacks and against active man-in-the-middle attacks. The price of the added security offered by the new protocol is its use of asymmetric cryptography, traditionally considered infeasible on handheld devices. We show that an implementation based on elliptic curves is well within the possibility of a modern handphone and has negligible effects on speed and user experience.

SLEACH: Secure low-energy adaptive clustering hierarchy protocol for wireless sensor networks

Abstract: LEACH (Low-Energy Adaptive Clustering Hierarchy) protocol is a basic clustering-based routing protocol of sensor networks. In this paper, we present the design of SLEACH, a secure extension for the LEACH protocol. We divide SLEACH into four phases and fit inexpensive cryptographic operations to each part of the protocol functionality to create an efficient, practical protocol. Then we give security analyses of SLEACH. Our security analyses show that our scheme is robust against any external attacker or compromised nodes in the sensor network

Verifying physical presence of neighbors against replay-based attacks in wireless ad hoc networks

Abstract: Verifying physical presence of a neighbor in wireless ad hoc networks is one of the key components in developing protocols resilient to replay-based attacks. For this, we first consider RTT-based and power-based approaches. We then couple them to design an effective neighbor verification protocol (NVP). In theory, we always see some room for replay-based attacks. However, our proposed protocol significantly limits the effectiveness of replay-based attacks by restricting the range where they might be launched and thus makes them practically impossible.

Protocol for Carrying Authentication and Network Access (PANA) Threat Analysis and Security Requirements

Abstract: This document discusses the threats to protocols used to carry authentication for network access. The security requirements arising from these threats will be used as additional input to the Protocol for Carrying Authentication for Network Access (PANA) Working Group for designing the IP based network access authentication protocol. This memo provides information for the Internet community.

An efficient ID-based deniable authentication protocol from pairings

Abstract: Deniability is a privacy property that ensures protocol participants can later deny taking part in a particular protocol run. A deniable authentication protocol enables an intended receiver to identify the source of a given message, but not prove the identity of the sender to a third party even if the intended receiver is willing to reveal his secret-key. In this paper, we present an efficient ID-based deniable authentication protocol from pairings. The proposed protocol satisfies the correctness, authentication and deniability properties.

Method for dynamically tunneling over an unreliable protocol or a reliable protocol, based on network conditions

Abstract: A method, and computer program product for providing dynamically tunneling over an unreliable protocol or a reliable protocol based on network conditions is presented A connection between a source device and a destination device is established using a reliable protocol An attempt is then made to utilize an unreliable protocol to communicate between the source device and the destination device When the attempt to utilize an unreliable protocol is successful, then the unreliable protocol is used to transmit data between the source device and the destination device When the attempt to utilize the unreliable protocol is unsuccessful, then the reliable protocol connection is used to transmit data between the source device and the destination device

Hybrid key establishment for multiphase self-organized sensor networks

Abstract: Recent work on key establishment for sensor networks has shown that it is feasible to employ limited elliptic curve cryptography in sensor networks through hybrid protocols. We propose a hybrid key establishment protocol for uniform self-organized sensor networks. The proposed protocol combines elliptic curve Diffie-Hellmann key establishment with implicit certificates and symmetric-key cryptographic techniques. The protocol can be implemented on uniform networks comprised of restricted functional devices. Furthermore, due to its public-key nature, the protocol is resilient to a wide range of passive and active attacks, such as known-key attacks, as well as attacks against the confidentiality, integrity and authenticity of the communication. The protocol is scalable and efficient for low-capability devices in terms of storage, communication and computational complexity; the cost per node for a key establishment is reduced to one scalar multiplication with a random point, plus one with a fixed point.

A computational analysis of the Needham-Schroeder-(Lowe) protocol

Abstract: The Needham Schroeder protocol and its repaired verdion due to Lowe are the main test cases used by symbolic methods for cryptographic protocol analysis. In this paper we proved the first computational analysis of the protocol. We start by translating Lowe's attack against the orginal protocol into the computational framework that we use in our analysis. Then we prove that the repaired protocol may not be secure. even when the encryption scheme that is used in its implementation satisfies indistinguishability under chosen-plaintext attack, This shows that symbolic security analysis is not sound for protocols that use this kind of encryption. Our main result is to prove that the Needham-schroeder-Lowe protocol is secure if it is Implemented with an encryption scheme that satisfies the stronger notion of indistinguishability under chosen-ciphertext attack.

Identity-based deniable authentication protocol

Abstract: A new and non-interactive deniable authentication protocol, which is based on identity cryptography, is presented. It has no need for use of certificates. Moreover, the non-interactive protocol is practical in some applications that do not allow for interaction.

CompChall: addressing password guessing attacks

Abstract: Even though passwords are the most convenient means of authentication, they bring along themselves the threat of dictionary attacks. Dictionary attacks may be of two kinds: online and offline. While offline dictionary attacks are possible only if the adversary is able to collect data for a successful protocol execution by eavesdropping on the communication channel and can be successfully countered using public key cryptography, online dictionary attacks can be performed by anyone and there is no satisfactory solution to counter them. This paper presents a new authentication protocol which is called CompChall (computational challenge). The proposed protocol uses only one way hash functions as the building blocks and attempts to eliminate online dictionary attacks by implementing a challenge-response system. This challenge-response system is designed in a fashion that it does not pose any difficulty to a genuine user but is time consuming and computationally intensive for an adversary trying to launch a large number of login requests per unit time as in the case of an online dictionary attack. The protocol is stateless and thus less vulnerable to DoS (Denial of Service) attacks.

Towards Security Two-part Authenticated Key Agreement Protocols.

Abstract: We first present a new security 2-AK protocol, which is more secure and more efficient than previously proposed ones. Meanwhile, we point that Xie's ID-2-AK protocol modified from McCullagh-Barreto in CT-RSA 2005 doesn't provide protection against KCI attack likewise, and finally utilize the modular arithmetic, first proposed in MQV and also used in Kim, to get a modified new ID-2-AK protocol. On second thoughts, we give another ID-2-AK protocol utilizing the operation of addition in finite field like our forenamed 2-AK protocol . The two ID-2-AK protocols are in possession of all the desired security attributes. We also compare our new protocols with others in terms of computational cost and security properties.

System and method for dynamically determining the role of a network device in a link authentication protocol exchange

Abstract: Various methods and systems for dynamically determining the role of a network device in a link authentication protocol exchange are disclosed. In one embodiment, such a method involves monitoring several (e.g., two) link authentication protocol exchanges. These link authentication protocol exchanges can be initiated at substantially the same time. A first network device acts as an authenticator in a first one of the link authentication protocol exchanges and a supplicant in a second one of the link authentication protocol exchanges. One of the link authentication protocol exchanges is terminated prior to completion.

A Simple Attack on a Recently Introduced Hash-Based Strong-Password Authentication Scheme

Abstract: The user authentication is an important part of network security. Several strong-password authentication protocols have been introduced, but a secure scheme, which probably withstands to several known attacks, is not yet available. Recently, a hash-based strong-password authentication scheme was described in [2], which withstands to the several attacks, including replay, passwordflle compromise, denial-of-service, and insider attacks. However, we show that this protocol is still vulnerable to stolen-verifler, denial-of-service, replay, and impersonation attacks.