Otway–Rees protocol

About: Otway–Rees protocol is a research topic. Over the lifetime, 1975 publications have been published within this topic receiving 40569 citations.

A Correctness Proof of WAPI Certificate Authentication Protocol

Abstract: WAPI certificate authentication protocol is the core and key component of WAPI security mechanism proposed by Chinese WLAN standard. This protocol adopts pubfic key cryptographic technique, ASUE (authentication supplicant entity) and AE (authenticator entity) implement the mutual identity authentication aided by their trusting third ASE (authentication security entity) to realize secure access and negotiate the corresponding BK. Using a formal logic of PCL, WAPI certificate authentication protocol is programmed and its security properties are proved. The results show that if all the entities involved in the protocol do not reveal their long-term keys or short-term keys, this protocol provides the properties of strong session authentication and key secrecy and achieves its predefined security goals.

Zero-Knowledge-Based User Authentication Technique in Context-aware System

Abstract: We explore the security in context-aware computing with focus on user authentication. We propose an improved user security authentication protocol for context-aware computing, which uses a zero-knowledge-based protocol for identification and cryptographic calculations, and uses a context-aware system for verifying and protecting the user's location by the way that access control policy for context information based on IPv6, the mist-link and the password. We present the details of the prototyped implementation, and then we analyze the security of this protocol via active attacks and passive attacks, finally we discuss the tradeoff between usability and security.

An efficient certificateless deniable authentication protocol without pairings

Abstract: A deniable authentication protocol enables an intended receiver to identify the source of a given message, but the receiver cannot prove the source of a given message to any third party. It is very useful in some particular applications such as electronic voting, online negotiation and online shopping. However, many related protocols are lack of formal security proof which is very important for cryptographic protocol design. In this paper, we present a certificateless deniable authentication protocol. Our protocol is based on certificateless cryptography, which can solve the public key certificate management problem of public key infrastructure PKI-based cryptography and the key escrow problem of identity-based cryptography. Our protocol does not need the pairing operation which is the most time-consuming. In addition, our protocol can admit formal security proof in the random oracle model and resist key compromise impersonation KCI attack. Compared with the existing deniable authentication protocols, our protocol can be well applied in electronic voting system.

A family of multi-party authentication protocols

Abstract: We introduce a family of multi-party authentication protocols and discuss six novel protocols, which are members of this family. The first three generalize the well-known Needham-Schroeder-Lowe public-key protocol, the Needham-Schroeder private-key protocol, and the Bilateral Key Exchange protocol. The protocols satisfy injective synchronisation, which is a strong authentication property, and establish agreement over the nonces. These protocols make use of delegated authentication to keep the protocols small and efficient. For each of these protocols we define a strengthened version that does not rely on delegated authentication. All instantiations of the protocol family consist of 2p - 1 messages for p parties, which we show to be the minimal number of messages required to achieve the desired security properties in the presence of a Dolev-Yao style intruder with compromised agents.

How far an evolutionary approach can go for protocol state analysis and discovery

Abstract: Securing todays computer networks requires numerous technologies to constantly be developed, refined and challenged. One area of research aiding in this process is that of protocol analysis, the study of the methods with which networks communicate. Our specific area of interest, the interaction with different protocol implementations, is a crucial component of this domain. Our work aims to identify and highlight a protocols states and state transitions, while minimizing the required a priori knowledge known about the protocol and its different versions (implementations). To this end, our approach uses a Genetic Programming (GP) based technique in order to analyze a client or a server of a given protocol via interacting with it with minimum a priori information. We evaluate our system against another well-known system from the literature on two different protocols, namely Dynamic Host Configuration Protocol (DHCP) and File Transfer Protocol (FTP). We measure the performances of these two systems in terms of the similarities and differences seen in the state diagrams produced for the protocols under testing. Results show that, by using our approach, it is possible to identify the different versions of a given protocol.