Showing papers on "Otway–Rees protocol published in 2009"

Prospex: Protocol Specification Extraction

Abstract: Protocol reverse engineering is the process of extracting application-level specifications for network protocols. Such specifications are very useful in a number of security-related contexts, for example, to perform deep packet inspection and black-box fuzzing, or to quickly understand custom botnet command and control (C\&C) channels.Since manual reverse engineering is a time-consuming and tedious process, a number of systems have been proposed that aim to automate this task. These systems either analyze network traffic directly or monitor the execution of the application that receives the protocol messages. While previous systems show that precise message formats can be extracted automatically, they do not provide a protocol specification.The reason is that they do not reverse engineer the protocol state machine.In this paper, we focus on closing this gap by presenting a system that is capable of automatically inferring state machines. This greatly enhances the results of automatic protocol reverse engineering, while further reducing the need for human interaction. We extend previous work that focuses on behavior-based message format extraction,and introduce techniques for identifying and clustering different types of messages not only based on their structure, but also according to the impact of each message on server behavior.Moreover, we present an algorithm for extracting the state machine.We have applied our techniques to a number of real-world protocols, including the command and control protocol used by a malicious bot. Our results demonstrate that we are able to extract format specifications for different types of messages and meaningful protocol state machines. We use these protocol specifications to automatically generate input for a stateful fuzzer,allowing us to discover security vulnerabilities in real-world applications.

Efficient and secure authenticated key exchange using weak passwords

Abstract: Mutual authentication and authenticated key exchange are fundamental techniques for enabling secure communication over public, insecure networks. It is well known how to design secure protocols for achieving these goals when parties share high-entropy cryptographic keys in advance of the authentication stage. Unfortunately, it is much more common for users to share weak, low-entropy passwords which furthermore may be chosen from a known space of possibilities (say, a dictionary of English words). In this case, the problem becomes much more difficult as one must ensure that protocols are immune to off-line dictionary attacks in which an adversary exhaustively enumerates all possible passwords in an attempt to determine the correct one.We propose a 3-round protocol for password-only authenticated key exchange, and provide a rigorous proof of security for our protocol based on the decisional Diffie-Hellman assumption. The protocol assumes only public parameters—specifically, a “common reference string”—which can be “hard-coded” into an implementation of the protocol; in particular, and in contrast to some previous work, our protocol does not require either party to pre-share a public key. The protocol is also remarkably efficient, requiring computation only (roughly) 4 times greater than “classical” Diffie-Hellman key exchange that provides no authentication at all. Ours is the first protocol for password-only authentication that is both practical and provably-secure using standard cryptographic assumptions.

A Chaotic Maps-Based Key Agreement Protocol that Preserves User Anonymity

Abstract: A key agreement protocol is a protocol whereby two or more communicating parties can agree on a key or exchange information over an open communication network in such a way that both of them agree on the established session keys for use in subsequent communications. Recently, several key agreement protocols based on chaotic maps are proposed. These protocols require a verification table to verify the legitimacy of a user. Since this approach clearly incurs the risk of tampering and the cost of managing the table and suffers from the stolen-verifier attack, we propose a novel key agreement protocol based on chaotic maps to enhance the security. The proposed protocol not only achieves mutual authentication without verification tables, but also allows users to anonymously interact with the server. Moreover, security of the proposed protocol is modelled and analyzed with Petri nets. Our analysis shows that the proposed protocol can successfully defend replay attacks, forgery attacks, and stolen-verifier attacks.

Security Analysis of Ultra-lightweight Cryptographic Protocol for Low-cost RFID Tags: Gossamer Protocol

Abstract: Gossamer protocol has been recently published to achieve mutual authentication in low-cost RFID tags. This protocol is considered to fall in ultra-lightweight class as it incorporates simple and low cost operations. Most of the earlier proposals in this class were exposed soon after their publication. Common weaknesses included use of Triangular functions and improper use of logic operators. Gossamer protocol used two non-triangular functions a) ROTbits and b) MIXbits. These functions provide confusion and diffusion properties and are implemented as cheaper operations. Thus, this protocol can be used for EPCglobal Class-1 Generation-2 standard (considered as universal standard for low-cost tags). This protocol is able to overcome existing weaknesses and is considered to be more attractive for low-capability devices as compared to earlier protocols of this class. In this paper, we analyze the security features provided by Gossamer protocol. The vulnerabilities discovered during this analysis reveal that different attacks including denial of service, memory and computation exhaustive, de-synchronization, replay, attack on data integrity and IDS (index pseudonym) collision are possible. As a consequence, we propose a new mutual authentication protocol keeping in mind the constraints and making use of the existing operations without addition of any expensive one. The analysis of the proposed protocol shows that it is resistant to all the attacks possible in case of Gossamer protocol. A comparative security analysis shows that proposed protocol provides better security features with a small compromise of communication overheads. Two additional public messages are exchanged between the reader and the tag to address the vulnerabilities present in Gossamer protocol.

A New Ultralightweight RFID Protocol with Mutual Authentication

Abstract: Due to the well-developed technology and its variety of applications, the Radio Frequency Identifications (RFIDs) become more and more popular. In many applications such as authentication, the RFID systems need security mechanism to resist all possible attacks and threats. However, most of the security mechanisms always too complex on computation or need large memory space such that they are not suit for low-cost RFIDs. In this paper, we propose a new ultralightweight RFID authentication protocol with mutual authentication. The protocol requires only simple bit-wise operations and can resist various attacks.

Randomly directed exploration: An efficient node clone detection protocol in wireless sensor networks

Abstract: Node clone attack, that is, the attempt by an adversary to add one or more nodes to the network by cloning captured nodes, imposes a severe threat to wireless sensor networks. Several distributed detection protocols have been proposed against this attack. However, all of them rely on too strong assumptions and cannot be efficiently applied to most of sensor networks. In this paper, we propose an innovative randomly directed exploration protocol to detect the node clone. Each node need only know its neighbors' information, and then collaborates to forward claiming messages, trying to find out clone. No any specific routing protocols or infrastructures are demanded in the proposed protocol. Therefore, it is highly practical in the general sensor network applications. In addition, the memory requirement of the protocol is almost optimal. Furthermore, the protocol consumes relatively low communication overload, which is not inferior to any previous schemes. The simulation results show that the protocol can achieve high detection probability. Overall, the proposed protocol outweighs previous approaches in terms of practicability and performance.

Enhanced delegation-based authentication protocol for PCSs

Abstract: Lee and Yeh recently presented a delegation-based authentication protocol for portable communication systems (PCSs), which is claimed to provide non-repudiation in on-line authentication. This investigation indicates that their protocol has a weakness in that a malicious visited location register can forge the authentication messages in off-line authentication processes, preventing mobile users from obtaining non-repudiation in such processes. This study also presents an enhanced protocol, which not only has the same security properties as the original protocol but also avoids the weakness in the original scheme and reduces the computational cost.

Efficient Biometric Verification in Encrypted Domain

Abstract: Biometric authentication over public networks leads to a variety of privacy issues that needs to be addressed before it can become popular. The primary concerns are that the biometrics might reveal more information than the identity itself, as well as provide the ability to track users over an extended period of time. In this paper, we propose an authentication protocol that alleviates these concerns. The protocol takes care of user privacy, template protection and trust issues in biometric authentication systems. The protocol uses asymmetric encryption, and captures the advantages of biometric authentication. The protocol provides non-repudiable identity verification, while not revealing any additional information about the user to the server or vice versa. We show that the protocol is secure under various attacks. Experimental results indicate that the overall method is efficient to be used in practical scenarios.

Security of RFID Protocols -- A Case Study

Abstract: In the context of Dolev-Yao style analysis of security protocols, we investigate the security claims of a recently proposed RFID authentication protocol. We exhibit a flaw which has gone unnoticed in RFID protocol literature and present the resulting attacks on authentication, untraceability, and desynchronization resistance. We analyze and discuss the authors' proofs of security. References to other vulnerable protocols are given.

Robust authentication and key agreement protocol for net-generation wireless networks

Abstract: Embodiments of the invention may be used to provide an authentication and key agreement protocol that is more robust against base station, replay and other attacks compared to previously known systems. The nonce-based authentication and key agreement protocol provides security against such attacks while avoiding the problems that arise in systems that use sequence number counters on the home environment and mobile station-sides. In an embodiment, a nonce that is transmitted from the user to the home environment through the serving network, as well as subsequent values for the nonce that are derived from the initial nonce, are used as indices for authentication vectors.

Cryptanalysis of the Anshel-Anshel-Goldfeld-Lemieux Key Agreement Protocol

Abstract: The Anshel-Anshel-Goldfeld-Lemieux (abbreviated AAGL) key agreement protocol [1] is proposed to be used on low-cost platforms which constraint the use of computational resources. The core of the protocol is the concept of an Algebraic Eraser (abbreviated AE) which is claimed to be a suitable primitive for use within lightweight cryptography. The AE primitive is based on a new and ingenious idea of using an action of a semidirect product on a (semi)group to obscure involved algebraic structures. The underlying motivation for AAGL protocol is the need to secure networks which deploy Radio Frequency Identification (RFID) tags used for identification, authentication, tracing and point-of-sale applications.

HB-MP ++ protocol: An ultra light-weight authentication protocol for RFID system

Abstract: Since Hopper and Blum suggested the HB protocol which is based on the conjectured hardness of the LPN (Learning Parity in the Presence of Noise) problem in 2001, a family of light-weight authentication protocols has been developed for RFID (Radio Frequency Identification) system by many engineers. It was found that each algorithm had own weakness against new attacks so that more advanced protocols have been expanded in order to overcome the attacks. In this paper, we enhance the HB-MP and HB-MP+ protocol, called HB-MP++. Ultra low-weight and concrete function will be used to eliminate vulnerability of the conventional methods. We also provide the security and performance analysis of the proposed protocol.

Security Analysis of the Kerberos Protocol Using BAN Logic

Abstract: Kerberos protocol is a famous identity authentication protocol and it is widely used in the network as a standard. But there is still not a strict proof of it base on the Formal method. That is very nervous for the users. So a security analysis of the Kerberos protocol using BAN logic is proposed in this paper, and the reliability, practicability and security of Kerberos protocol are proved.

A Secure Internet Voting Protocol Based on Non- interactive Deniable Authentication Protocol and Proof Protocol that Two Ciphertexts are Encryption of the Same Plaintext

Abstract: Internet voting protocol is the base of the Internet voting systems. Firstly, an improved proof protocol that two ciphertexts are encryption of the same plaintext is introduced. Secondly, a receipt-free and coercion-resistant Internet voting protocol based on the non-interactive deniable authentication protocol and an improved proof protocol that two ciphertexts are encryption of the same plaintext is developed. Thirdly, we analyze the proposed Internet voting protocol. The proposed Internet voting protocol has the properties of universal verifiability, receiptfreeness and coercion-resistance. At the same time the proposed protocol is with the weak physical assumption. Lastly, we compare security properties of the several typical Internet voting protocols with our present protocol.

A New RFID Authentication Protocol with Ownership Transfer in an Insecure Communication Environment

Abstract: During recent years, RFID technology raises many privacy and security concerns. However, most previous works provided authentication protocols by the assumption of secure channel between the reader and the database. But this assumption is not suitable for wireless environment. In 2005, Yang et al. proposed a scheme in which the channel between the reader and the database is assumed to be insecure. Unfortunately, Yang et al.’s scheme cannot achieve some critical security requirements. Due to above reason, we propose a new authentication protocol against all possible attacks and this method is secure even if the channel between the reader and the database may suffer from the attacks of interception, eavesdropping and masquerade. Additionally, the proposed scheme also supports the ownership transfer property inspired by Osaka et al.’s and Lei-Cao’s schemes.

Cryptanalysis of Two RFID Authentication Protocols

Abstract: Radio frequency identification (RFID) technologies have many advantages in applications such as object tracking and monitoring, ticketing, supply-chain management, contactless payment systems. However, the RFID system may bring about various security and privacy problems. In this paper we present our security analysis of the LAK protocol and the CWH protocol. First, we show that the LAK protocol cannot resist replay attacks, and there- fore an adversary can impersonate a legal tag. Next, we present a full-disclosure attack on the CWH protocol. By sending malicious queries to a tag and collecting the response messages emitted by the tag, the full-disclosure attack allows an adversary to extract the secret information from the tag.

An Exquisite Mutual Authentication Scheme with Key Agreement Using Smart Card

Abstract: To access a network system legally, efficiently and securely, the authentication scheme is essential and very important. In this paper, we propose a nonce-based authentication scheme using smart card. We use DiffieHellman scheme to enhance the security of our protocol. To lessen the computation load, the remote system alone proceeds the exponentiation computation and it also implements only once. The other computations are all concerned with simple one-way hash functions or exclusive-or operations. No verification table is needed in our protocol. The protocol provides not only mutual authentication between a user and the remote server but also achievement of key agreement. The protocol also supports convenient password update at the user’s terminal. To avoid the identity duplication, we introduce the idea of transformed identity in our protocol. Povzetek: Opisana je nova shema dostopa do omreuja s pomoˇ cjo pametne kartice.

Extensible Authentication Protocol - Generalized Pre-Shared Key (EAP-GPSK) Method

Abstract: This Internet Draft defines an Extensible Authentication Protocol method called EAP Generalized Pre-Shared Key (EAP-GPSK). This method is a lightweight shared-key authentication protocol supporting mutual authentication and key derivation.

A Collusion-Resistant Distributed Scalar Product Protocol with Application to Privacy-Preserving Computation of Trust

Abstract: Private scalar product protocols have proved to beinteresting in various applications such as data mining, data integration, trust computing, etc. In 2007, Yao et al. proposed a distributed scalar product protocol with application to privacy-preserving computation of trust [1]. This protocol is split in two phases: an homorphic encryption computation; and a private multi-party summation protocol. The summation protocol has two drawbacks: ?rst, it generates a non-negligible communication overhead; and second, it introduces a security ?aw.The contribution of this present paper is two-fold. We ?rst prove that the protocol of [1] is not secure in the semi-honest model by showing that it is not resistant to collusion attacks and we give an example of a collusion attack, with only four participants. Second, we propose to use a superposed sending round as an alternative to the multi-party summation protocol, which results in better security properties and in a reduction of the communication costs. In particular, regarding security, we show that the previous scheme was vulnerable to collusions of three users whereas in our proposal we can ?x t [1..n − 1] and de?ne a protocol resisting to collusions of up to t users.

Design and implementation of an ECDSA-based identity authentication protocol on WSN

Abstract: As the first step of the key management, identity authentication directly affects the security of WSN. However because of the limited-resources of WSN, traditional authentication protocol can't directly apply in WSN. To adapt to needs of it, we propose an ID-based identity authentication protocol based on ECDSA. ECDSA (Elliptic Curve Digital Signature Algorithm) is the application of ECC in the signature protocol and the elliptic curve edition of the DSA (Digital Signature Algorithm [1]. Based on this theory, protocol not only can prevent the imitation of the enemy node under the passive attack, but also can authenticate KAC (Key Assign Center) and effectively avoid the attack of masquerading. We also simulate the protocol on TinyOS, and the experimental results show that the protocol is effective and feasible in WSN.

An extended certificate-based authentication and security protocol for mobile networks

Abstract: An optimized certificate-based protocol for mobile network with authentication and security has been proposed by Yi et al. This protocol allows efficient computation and less storage requirement in the mobile device. As a result, less power is consumed in the mobile device. However, in 1999, 2002, and 2003, Martin et al., Wong, and Laih et al. respectively showed that Yi et al.’s scheme is vulnerable to some attacks, but did not remedy these attacks. In this paper, we propose an improved protocol to remedy these attacks. Using the new protocol, the protection against attacks can be assured. The security of the key distribution on the mobile network is enhanced as well.

A new mutual authentication protocol for GSM networks

Abstract: The widespread use of wireless cellular networks has made security an ever increasing concern. GSM is the most popular wireless cellular standard, but its security is an issue. The most critical weakness in the GSM protocol is the use of one-way entity authentication, i.e., only the mobile station is authenticated by the network. This creates many security problems including vulnerability against man-in-the-middle attacks. Several solutions have been proposed to establish mutual entity authentication. In this paper, it is shown that these solutions cannot provide bilateral authentication. To solve this problem, we propose a novel mutual entity authentication using the TESLA protocol. The proposed solution not only provides secure bilateral authentication, but also decreases the call setup time and the required connection bandwidth. An important feature of the proposed protocol is that it is compatible with the GSM standard.

A Pairing Identity based Key Management Protocol for Heterogeneous Wireless Sensor Networks

Abstract: Key management in wireless sensor networks is still a challenging problem. Most existing research considers symmetric cryptosystems to achieve key agreement assuming homogenous network architecture. However, these solutions suffer from performance bottleneck and poor scalability. Recently, deployed sensor network systems are increasingly following heterogeneous designs. In this paper, we propose a key management protocol for heterogeneous sensor networks based on an asymmetric cryptosystem named pairing identity based cryptography. We show that the proposed protocol has low communication and storage overhead. Moreover, our protocol assures key update and forward secrecy. We discuss the resilience of the proposed scheme against several types of attacks. Formal security validation, using the AVISPA tool, is used to demonstrate the privacy of the generated keys and the robustness of our protocol against several attacks.

Formal Modeling and Analyzing Kerberos Protocol

Abstract: Kerberos protocol is one of the popular security protocols used to authenticate the identities of the communication participants. The key distribution mechanism in this protocol is suitable for other secure applications. We formalize the protocol using CSP methods. Based on the formal model, the mechanism of the protocol is exposed to us clearly. Principles and tools support the verification of the formal model. In that way, we can prove that the system protected by the protocol is indeed secure as it declared. The reasons for security can be fixed out formally as a reference to analyzing other protocols.