Showing papers on "Otway–Rees protocol published in 2006"
TL;DR: The security of LEAP+ under various attack models is analyzed and it is shown that it is very effective in defending against many sophisticated attacks, such as HELLO flood attacks, node cloning attacks, and wormhole attacks.
Abstract: We describe LEAPp (Localized Encryption and Authentication Protocol), a key management protocol for sensor networks that is designed to support in-network processing, while at the same time restricting the security impact of a node compromise to the immediate network neighborhood of the compromised node. The design of the protocol is motivated by the observation that different types of messages exchanged between sensor nodes have different security requirements, and that a single keying mechanism is not suitable for meeting these different security requirements. LEAPp supports the establishment of four types of keys for each sensor node: an individual key shared with the base station, a pairwise key shared with another sensor node, a cluster key shared with multiple neighboring nodes, and a global key shared by all the nodes in the network. LEAPp also supports (weak) local source authentication without precluding in-network processing. Our performance analysis shows that LEAPp is very efficient in terms of computational, communication, and storage costs. We analyze the security of LEAPp under various attack models and show that LEAPp is very effective in defending against many sophisticated attacks, such as HELLO flood attacks, node cloning attacks, and wormhole attacks. A prototype implementation of LEAPp on a sensor network testbed is also described.
968 citations
01 Jan 2006
TL;DR: This document describes the architecture of the SSH protocol, as well as the notation and terminology used in SSH protocol documents, and discusses the SSH algorithm naming system that allows local extensions.
Abstract: The Secure Shell (SSH) Protocol is a protocol for secure remote login
and other secure network services over an insecure network. This
document describes the architecture of the SSH protocol, as well as
the notation and terminology used in SSH protocol documents. It also
discusses the SSH algorithm naming system that allows local
extensions. The SSH protocol consists of three major components: The
Transport Layer Protocol provides server authentication,
confidentiality, and integrity with perfect forward secrecy. The User
Authentication Protocol authenticates the client to the server. The
Connection Protocol multiplexes the encrypted tunnel into several
logical channels. Details of these protocols are described in separate
documents. [STANDARDS-TRACK]
481 citations
TL;DR: Experimental results indicate that the AVISPA Tool is a state-of-the-art tool for Internet security protocol analysis as, to the authors' knowledge, no other tool exhibits the same level of scope and robustness while enjoying the same performance and scalability.
356 citations
01 Jan 2006
TL;DR: This document describes the SSH authentication protocol framework and public key, password, and host-based client authentication methods and further authentication methods are described in separate documents.
Abstract: The Secure Shell Protocol (SSH) is a protocol for secure remote login
and other secure network services over an insecure network. This
document describes the SSH authentication protocol framework and
public key, password, and host-based client authentication methods.
Additional authentication methods are described in separate documents.
The SSH authentication protocol runs on top of the SSH transport layer
protocol and provides a single authenticated tunnel for the SSH
connection protocol. [STANDARDS-TRACK]
203 citations
30 Oct 2006
TL;DR: A solution is presented which makes novel use of program verification techniques such as theorem proving and weakest pre-condition and creates the first sound solution to the replay problem: replay succeeds whenever the approach yields an answer.
Abstract: We address the problem of replaying an application dialog between two hosts. The ability to accurately replay application dialogs is useful in many security-oriented applications, such as replaying an exploit for forensic analysis or demonstrating an exploit to a third party.A central challenge in application dialog replay is that the dialog intended for the original host will likely not be accepted by another without modification. For example, the dialog may include or rely on state specific to the original host such as its hostname, a known cookie, etc. In such cases, a straight-forward byte-by-byte replay to a different host with a different state (e.g., different hostname) than the original observed dialog participant will likely fail. These state-dependent protocol fields must be updated to reflect the different state of the different host for replay to succeed.We formally define the replay problem. We present a solution which makes novel use of program verification techniques such as theorem proving and weakest pre-condition. By employing these techniques, we create the first sound solution to the replay problem: replay succeeds whenever our approach yields an answer. Previous techniques, though useful, are based on unsound heuristics. We implement a prototype of our techniques called Replayer, which we use to demonstrate the viability of our approach.
109 citations
Patent•
06 Feb 2006TL;DR: In this paper, the authors propose a challenge-handshake protocol within the Extensible Authentication Protocol (EA) for authentication between a client and the network, which is a wireless authentication protocol.
Abstract: A wireless authentication protocol. Access to a network is managed by providing a challenge-handshake protocol within the Extensible Authentication Protocol for authentication between a client and the network.
86 citations
TL;DR: This paper proposes a new strong-password authentication protocol that not only can withstand many possible attacks including a stolen-verifier attack, but that is also more efficient than the modified OSPA protocol.
Abstract: Recently, Sandirigama et al. have proposed an authentication scheme by the name of SAS and have claimed that it has the lowest storage, processing, and transmission overhead. In 2001, Lin et al. showed that the protocol is insecure and proposed an optimal strong-password authentication protocol called the OSPA protocol. However, Chen and Ku pointed out that both SAS and OSPA are vulnerable to stolen-verifier attack in 2002. Later, Lin, Shen, and Hwang proposed a modified OSPA protocol to repair the security law of OSPA protocol. In this paper, we propose a new strong-password authentication protocol that not only can withstand many possible attacks including a stolen-verifier attack, but that is also more efficient than the modified OSPA protocol.
71 citations
01 Jan 2006
TL;DR: This paper proposes an extension to the SIP protocol that uses an identity-based authentication mechanism and key agreement protocol that provides stronger cryptographic assurances for VoIP authentication and enable provably secure key agreement between users.
Abstract: The Session Initiation Protocol (SIP) protocol is commonly used to establish Voice over IP (VoIP) calls. IETF SIP standards do not specify a secure authentication process thus allowing malicious parties to impersonate other parties or to charge calls to other parties. This paper proposes an extension to the SIP protocol that uses an identity-based authentication mechanism and key agreement protocol. These extensions provide stronger cryptographic assurances for VoIP authentication and enable provably secure key agreement between users. The use of ID based cryptography means that a large Public Key Infrastructure (PKI) is not required thus making this protocol viable for large scale implementation.
60 citations
13 Feb 2006
TL;DR: In this paper, the authors proposed a non-interactive message authentication protocol (NIMAP) based on short authenticated strings (SAS), which can achieve the same security as the first protocol but using less authenticated bits, without any stronger communication model, and without requiring a hash function to be collision-resistant.
Abstract: Vaudenay recently proposed a message authentication protocol which is interactive and based on short authenticated strings (SAS). We study here SAS-based non-interactive message authentication protocols (NIMAP). We start by the analysis of two popular non-interactive message authentication protocols. The first one is based on a collision-resistant hash function and was presented by Balfanz et al. The second protocol is based on a universal hash function family and was proposed by Gehrmann, Mitchell, and Nyberg. It uses much less authenticated bits but requires a stronger authenticated channel.
We propose a protocol which can achieve the same security as the first protocol but using less authenticated bits, without any stronger communication model, and without requiring a hash function to be collision-resistant. Finally, we demonstrate the optimality of our protocol.
50 citations
01 Sep 2006
TL;DR: LHAP resides in between the network layer and the data link layer, thus providing a layer of protection that can prevent or thwart many attacks from happening, including outsider attacks and insider impersonation attacks.
Abstract: Most ad hoc networks do not implement any network access control, leaving these networks vulnerable to resource consumption attacks where a malicious node injects packets into the network with the goal of depleting the resources of the nodes relaying the packets To thwart or prevent such attacks, it is necessary to employ authentication mechanisms to ensure that only authorized nodes can inject traffic into the network We propose LHAP, a hop-by-hop authentication protocol for ad hoc networks LHAP resides in between the network layer and the data link layer, thus providing a layer of protection that can prevent or thwart many attacks from happening, including outsider attacks and insider impersonation attacks Our detailed performance evaluation shows that LHAP incurs small performance overhead and it also allows a tradeoff between security and performance
45 citations
TL;DR: The authentication and key agreement protocol for universal mobile telecommunications system (UMTS) mobile networks, where a new protocol is proposed, is analyzed and the performance and the authentication delay time have been improved significantly.
Abstract: This paper analyzes the authentication and key agreement (AKA) protocol for universal mobile telecommunications system (UMTS) mobile networks, where a new protocol is proposed. In our proposed protocol, the mobile station is responsible for generating of authentication token (AUTN) and random number (RAND). The home location register is responsible for comparison of response and expected response to take a decision. Therefore, the bottleneck at authentication center is avoided by reducing the number of messages between mobile and authentication center. The authentication time delay, call setup time, and signalling traffic are minimized in the proposed protocol. A fluid mobility model is used to investigate the performance of signalling traffic and load transaction messages between mobile database, such as home location register (HLR) and visitor location register (VLR) for both the current protocol and the proposed protocol. The simulation results show that the authentication delay and current load transaction messages between entities and bandwidth are minimized as compared to current protocol. Therefore, the performance and the authentication delay time have been improved significantly.
TL;DR: An authentication protocol which is easy to implement without any infrastructural changes and yet prevents online dictionary attacks by implementing a challenge-response system that is perfectly stateless and thus less vulnerable to denial of service (DoS) attacks.
24 May 2006
TL;DR: This paper presents the design of secure-SPIN, a secure extension for the SPIN protocol, and shows that this secure protocol may increase the data communication security in wireless sensor networks.
Abstract: Many routing protocols have been proposed for sensor network, but most of them have not designed with security as a goal. Sensor protocol for information via negotiation (SPIN) protocol is a basic data centric routing protocol of sensor networks. In this paper, we present the design of secure-SPIN, a secure extension for the SPIN protocol. We divide secure-SPIN into three phases and use some cryptographic functions that require small memory and processing power to create an efficient, practical protocol. Then we give security analyses of this protocol. It shows that this secure protocol may increase the data communication security in wireless sensor networks.
08 May 2006
TL;DR: In this article, a group key agreement protocol that resists attacks by malicious insiders in the authenticated broadcast model, loses this security when it is transferred into an unauthenticated point-to-point network with the protocol compiler introduced by Katz and Yung.
Abstract: Considering a protocol of Tseng, we show that a group key agreement protocol that resists attacks by malicious insiders in the authenticated broadcast model, loses this security when it is transfered into an unauthenticated point-to-point network with the protocol compiler introduced by Katz and Yung We develop a protocol framework that allows to transform passively secure protocols into protocols that provide security against malicious insiders and active adversaries in an unauthenticated point-to-point network and, in contrast to existing protocol compilers, does not increase the number of rounds Our protocol particularly uses the session identifier to achieve the security By applying the framework to the Burmester-Desmedt protocol we obtain a new 2 round protocol that is provably secure against active adversaries and malicious participants
TL;DR: MuSeqoR as mentioned in this paper is a multi-path routing protocol that tackles the twin issues of reliability (protection against failures of multiple paths) and security, while ensuring a minimum data redundancy.
10 Mar 2006
TL;DR: The purpose is to emphasize the design criteria of an authentication protocol through the use of some nice and subtle attacks that existed in the literature in the field of the design of security protocols.
Abstract: The vulnerability and importance of computers, robots, internet etc, demand the employment of exceedingly reliable methods in the design of secure systems. Security protocols are one of the most important design parameters. History has proven security protocols to be vulnerable even after they enjoyed circumspect design and meticulous review by experts. We posit that understanding the subtle issues in security protocols is important when designing a protocol. In particular, understanding a penetrator and the knowledge of different attack strategies that a penetrator can apply are among the most important issues that affect the design of security protocols. We describe the notion of a penetrator and specify his characteristics. Our purpose is to emphasize the design criteria of an authentication protocol through the use of some nice and subtle attacks that existed in the literature in the field of the design of security protocols.
01 Jan 2006
TL;DR: This paper presents a generic security solution based on packet level authentication that can be used for authentication, access control, firewall applications, denial-of-service prevention, and so on and briefly describes the prototype implementation.
Abstract: Some of the worst problems in heterogeneous military networks are related to security. Several solutions have been proposed to ensure that the network is able to perform its tasks, namely to transport the right packets to the right place at the right time, however, the solutions have typically been tailored to specific protocols or made assumptions that are not realistic. In this paper, we present a generic security solution based on packet level authentication and briefly describe our prototype implementation. The architecture can be used for authentication, access control, firewall applications, denial-of-service prevention, and so on. It also secures all routing protocols.
Journal Article•
TL;DR: It is shown that the proposed protocol cannot resist the off-line password guessing attack and therefore a modified protocol is presented to avoid this attack.
Abstract: In 2004, Kim, Huh, Hwang and Lee proposed an efficient key agreement protocol for secure authentication In this paper, we shall show that their proposed protocol cannot resist the off-line password guessing attack and therefore present a modified protocol to avoid this attack
Journal Article•
TL;DR: In this article, a new cross-realm C2C-PAKE protocol is presented with security proof, and a formal model and corresponding security definitions are introduced to counter flaws and provide a secure cross real-world client-to-client password authenticated key exchange protocol.
Abstract: Client-to-client password authenticated key exchange (C2C-PAKE) protocol deals with the authenticated key exchange process between two clients, who only share their passwords with their own servers. Jin Wook Byun et al. first divided this scenario into two kinds called single-server C2C-PAKE protocol and cross-realm C2C-PAKE protocol respectively. Recently, Abdalla et al. proposed a generic construction for single-server C2C-PAKE protocol and presented a concrete example with security proof. But, no similar results about cross-realm C2C-PAKE protocol exist. In fact, all existing cross-realm C2C-PAKE protocols are found insecure. To counter flaws and provide a secure cross-realm C2C-PAKE protocol, in this paper, we introduce a formal model and corresponding security definitions. Then, a new cross-realm C2C-PAKE protocol is presented with security proof.
07 Aug 2006
TL;DR: The security analysis shows that this protocol could withstand several possible attacks in the network and is viable for implementation in resource-constrained platforms like MICA.
Abstract: This paper proposes an efficient protocol for authentication and shared key establishment in hierarchical clustered wireless sensor networks. The protocol authenticates a source node to a base station, designates a cluster head to each authenticated source node and establishes shared keys between source node and the base station as well as with the cluster head. The above tasks are accomplished in a single step to reduce the required channel capacities. The protocol is implemented for TinyOS using NesC, simulated under TOSSIM and is viable for implementation in resource-constrained platforms like MICA. The security analysis shows that this protocol could withstand several possible attacks in the network.
TL;DR: It is shown that the security has been significantly enhanced, while the computation complexity is similar to the existing ones appeared in the literature.
Abstract: A novel authentication protocol for teleconference service is proposed. The main features of the proposed protocol include identity anonymity, one-time Pseudonym Identity (PID) renewal and location intracability. Identity anonymity is achieved by concealing the real identity of a mobile conferee in a prearranged PID. One-time PID Renewal mechanism, in which the mobile conferee's PID is frequently updated communicating with the network centre, is introduced to offer location untracability. It is shown that the security has been significantly enhanced, while the computation complexity is similar to the existing ones appeared in the literature.
01 Jan 2006
TL;DR: This document describes a general purpose authentication method for the SSH protocol, suitable for interactive authentications where the authentication data should be entered via a keyboard (or equivalent alphanumeric input device).
Abstract: The Secure Shell Protocol (SSH) is a protocol for secure remote login
and other secure network services over an insecure network. This
document describes a general purpose authentication method for the SSH
protocol, suitable for interactive authentications where the
authentication data should be entered via a keyboard (or equivalent
alphanumeric input device). The major goal of this method is to allow
the SSH client to support a whole class of authentication mechanism(s)
without knowing the specifics of the actual authentication
mechanism(s). [STANDARDS-TRACK]
03 Jul 2006
TL;DR: A formal model and corresponding security definitions are introduced and a new cross-realm C2C-PAKE protocol is presented with security proof.
Abstract: Client-to-client password authenticated key exchange (C2C-PAKE) protocol deals with the authenticated key exchange process between two clients, who only share their passwords with their own servers. Jin Wook Byun et al. first divided this scenario into two kinds called single-server C2C-PAKE protocol and cross-realm C2C-PAKE protocol respectively. Recently, Abdalla et al. proposed a generic construction for single-server C2C-PAKE protocol and presented a concrete example with security proof. But, no similar results about cross-realm C2C-PAKE protocol exist. In fact, all existing cross-realm C2C-PAKE protocols are found insecure. To counter flaws and provide a secure cross-realm C2C-PAKE protocol, in this paper, we introduce a formal model and corresponding security definitions. Then, a new cross-realm C2C-PAKE protocol is presented with security proof.
01 Dec 2006
TL;DR: The proposed protocol provides mutual authentication, requires less storage, avoids replay attack and consumes smaller network bandwidth, based on Elliptic Curve Cryptography.
Abstract: In this paper we propose an improvement to the GSM authentication protocol, based on Elliptic Curve Cryptography. The proposed protocol offers enhanced security since it does not use A5/0, A5/1 and A5/2 algorithms which have been already broken. The proposed protocol provides mutual authentication, requires less storage, avoids replay attack and consumes smaller network bandwidth.
Posted Content•
TL;DR: A new anonymous authentication protocol for mobile ad hoc networks enhanced with a distributed reputation system is proposed to provide mechanisms concealing a real identity of communicating nodes with an ability of resist to known attacks.
Abstract: The pervasiveness of wireless communication recently gave mobile ad hoc networks (MANET) a significant researcher’s attention, due to its innate capabilities of instant communication in many time and mission critical applications. However, its natural advantages of networking in civilian and military environments make them vulnerable to security threats. Support for an anonymity in MANET is an orthogonal to security critical challenge we faced in this paper. We propose a new anonymous authentication protocol for mobile ad hoc networks enhanced with a distributed reputation system. The main its objective is to provide mechanisms concealing a real identity of communicating nodes with an ability of resist to known attacks. The distributed reputation system is incorporated for a trust management and malicious behavior detection in the network. The end-to-end anonymous authentication is conducted in three-pass handshake based on an asymmetric and symmetric key cryptography. After successfully finished authentication phase secure and multiple anonymous data channels are established. The anonymity is guarantied by randomly chosen pseudonyms owned by a user. Nodes of the network are publicly identified and are independent of users’ pseudonyms. In this paper we presented an example of the protocol implementation.
TL;DR: A hybrid authentication protocol due to Chien and Jan, designed for use in large mobile networks, which is used depending on whether the user and the request service are located in the same domain and suffers from a number of security vulnerabilities.
01 Nov 2006
TL;DR: A protocol by which network security can be included in existing Fieldbus systems that makes use of the 56-bit DES cipher for data encryption and includes a scheme for symmetric key exchange and automatic key update at specific time intervals.
Abstract: This paper describes a protocol by which network security can be included in existing Fieldbus systems. The protocol makes use of the 56-bit DES cipher for data encryption. It also includes a scheme for symmetric key exchange and automatic key update at specific time intervals. In addition, the protocol includes a new idea called Key Refresh. The Key Refresh is a simple scheme that can be an alternative to operating the cipher in processor intensive chaining or feedback modes. The industrial field devices are equipped with the TMS series of digital signal processors to perform DES encryption/decryption. Since these processors are already present embedded in many of the state-of-art field devices, they were chosen so that the protocol would not require additional hardware. The protocol is generic and can run over any of the commercial Fieldbus networks
13 Dec 2006
TL;DR: It can be observed from the experiments that the new scheme is comparable with the CRTDH scheme and better than many other non-authenticated schemes in terms of performance.
Abstract: The growing popularity of wireless ad hoc networks has brought increasing attention to many security issues for such networks. A lot of research has been carried out in the areas of authentication and key management for such networks. However, due to lack of existing standards for such networks, most of the proposed schemes are based on different assumptions and are applicable only in specific environments. Recently Balachandran et al. proposed CRTDH [1], a novel key agreement scheme for group communications in wireless ad hoc networks. The protocol has many desirable properties such as efficient computation of group key and support for high dynamics. However, the protocol does not discuss mutual authentication among the nodes and hence, suffers from two kinds of attacks: man-in-the-middle attack and Least Common Multiple (LCM) attack. This paper identifies the problems with the current CRTDH scheme and discusses these attacks. AUTH-CRTDH, a modified key agreement protocol with authentication capability, is also presented. Results from extensive experiments that were run on the proposed protocol and some other key agreement protocols including CRTDH are also discussed. It can be observed from the experiments that the new scheme is comparable with the CRTDH scheme and better than many other non-authenticated schemes in terms of performance.
Patent•
07 Jun 2006TL;DR: In this paper, the authors propose a method for translating messages complying with a first authentication protocol into messages compliant with a second authentication protocol over the course of an authentication phase during which a peer provided with an identity and which would like to access a resource of a network connects to an authenticator.
Abstract: The invention relates to a method for translating messages complying with a first authentication protocol into messages complying with a second authentication protocol over the course of an authentication phase during which a peer provided with an identity and which would like to access a resource of a network connects to an authenticator, said authenticator authorizing the access to the network contingent upon a verification of the identity and rights of the peer made by an authentication server according to authentication data received in messages complying with the second authentication protocol. The invention is characterized in that the translation method comprises: a step consisting of receiving the identity of the peer in a message complying with the first authentication protocol; a step consisting of generating a challenge and sending this challenge; a step consisting of receiving a first reply that is a reply to said challenge, of generating a request for accessing the network complying with the second authentication protocol, and of sending this request to the authentication server; a step consisting of receiving a second reply that is a reply to said request, and of translating the second reply for generating an authentication result complying with the first authentication protocol.
20 Apr 2006
TL;DR: The implementation of mobile node's authentication and authorization is presented with PANA (protocol for carrying authentication for network access) protocol, which provides the supports to the basic AAA process of mobile IPv6 nodes and dynamic home agent distribution in the visited network and the secret key distribution.
Abstract: The Diameter protocol is recommended by IETF as AAA (Authentication, Authorization and Accounting) protocol criterion for the next generation network. Because the IPv6 protocol will be widely applied in the intending all-IP network, mobile IPv6 application based on Diameter protocol will play more important role in authentication, authorization and accounting. In this paper, the implementation of mobile node's authentication and authorization is presented with PANA (Protocol for carrying Authentication for Network Access) protocol. It is based on Diameter protocol for the application expansion of mobile IPv6, which provides the supports to the basic AAA process of mobile IPv6 nodes and dynamic Home Agent distribution in the visited network and the secret key distribution. Finally, the correctness of this application expansion is testified with developing the design of protocol based on OpenDiameter.