Topic
Otway–Rees protocol
About: Otway–Rees protocol is a research topic. Over the lifetime, 1975 publications have been published within this topic receiving 40569 citations.
Papers published on a yearly basis
Papers
More filters
TL;DR: A new security protocol for secure mobile agent system is proposed that solves the weaknesses of their protocol and provides the security services such as the mutual authentication, the confidentiality, the non-repudiation, and the prevention of replay attack.
Abstract: Mobile agent is a program which can autonomously migrate from a host to another and it provides a useful framework for Electronic Commerce. But, in spite of mobile agent system's benefits, it has been exposed to the serious security attacks from malicious hosts or agents. So, there has been a lot of works in the mobile agent's security, and recently, Kim and Chung proposed a security protocol for mobile agent system [5]. But their protocol has some security weaknesses; i.e., it is vulnerable to intruder-in-the-middle attack and the previous agent platform can forge the multi-signature. In this paper, we show that their protocol has the security weaknesses. And then we propose a new security protocol for secure mobile agent system that solves the weaknesses of their protocol and provides the security services such as the mutual authentication, the confidentiality, the non-repudiation, and the prevention of replay attack. Our protocol is very suitable for protecting mobile agent from malicious host in the Electronic Commerce Web site that searches the best price of the products.
9 citations
TL;DR: A secure and efficient network mobility protocol named NeMHIP is presented, which provides secure and optimum mobility management and efficient end-to-end confidentiality and integrity protection apart from the basic security properties inherited from HIP.
9 citations
21 Oct 2011
TL;DR: A new SLSOP-based login protocol is presented and used to design a secure Single Sign-On (SSO) protocol, and a first full proof-of-concept of such a protocol is provided and also the first implementation of the channel binding described in RFC 5929 is provided.
Abstract: Today, entity authentication in the TLS protocol involves at least three complex and partly insecure systems: the Domain Name System (DNS), Public Key Infrastructures (PKI), and human users, bound together by the Same Origin Policy (SOP). To solve the security threats resulting from this construction, a new concept was introduced at CCS '07: the strong locked same origin policy (SLSOP). The basic idea behind the SLSOP is to strengthen the identification of web servers through domain names, certificates and browser security warnings by a recognition of public keys to authenticate servers. Many weaknesses of current protocols emerging from an insecure PKI or DNS can thus be handled, even without involving the user. This concept has also been adapted by the IETF in RFC 5929.The contribution of this paper is as follows: First we present a new SLSOP-based login protocol and use it to design a secure Single Sign-On (SSO) protocol. Second we provide a first full proof-of-concept of such a protocol and also the first implementation of the channel binding described in RFC 5929, implementing a cross-domain SLSOP both for a new type of authentication cookies, as well as for the HTML-based POST and Redirect bindings. Finally we evaluate the security of this protocol and describe, how our protocol copes with modern attack vectors.
9 citations
TL;DR: In this paper, a protocol for quantum millionaire problem with continuous variables is proposed, in the protocol, two participants can compare the values of their fortune with the assistance of a semi-trusted third party (STTP).
Abstract: In this paper, a protocol for quantum millionaire problem with continuous variables is proposed. In the protocol, two participants can compare the values of their fortune with the assistance of a semi-trusted third party (STTP). Only EPR states are exploited in our protocol while most other protocols exploited d-dimensional Bell states. Two participants are just required to perform single particle operations, which makes our protocol more efficiently. Our protocol can ensure fairness, correctness, security and high efficiency as well. In our protocol, only the two participants can deduce the results of comparisons, others include STTP will learn no information. Our protocol can resist various kinds of attacks from both the outside eavesdroppers and the inside participants, even the STTP.
9 citations
05 Dec 2005
TL;DR: A new protocol for authentication in Peer-to-Peer systems designed to meet specialized requirements of P2P systems, such as lack of direct communication between peers or requirements for controlled anonymity is described.
Abstract: This paper describes a new protocol for authentication in Peer-to-Peer systems. The protocol has been designed to meet specialized requirements of P2P systems, such as lack of direct communication between peers or requirements for controlled anonymity. At the same time, a P2P authentication protocol must be resistant to spoofing, eavesdropping and playback, and man-in-the-middle attacks. The protocol is studied for a model P2P storage system that needs to implement file access rights.
9 citations