Topic
Otway–Rees protocol
About: Otway–Rees protocol is a research topic. Over the lifetime, 1975 publications have been published within this topic receiving 40569 citations.
Papers published on a yearly basis
Papers
More filters
••
TL;DR: An architecture for securely resolving IP addresses into hardware addresses over an Ethernet and two protocols: an invite-accept protocol and a request-reply protocol that are designed to overcome the actions of any adversary that can lose sent messages, arbitrarily modify the fields of sent message, and replay old messages is proposed.
97 citations
••
TL;DR: It is shown that this protocol is vulnerable to a kind of man-in-the-middle attack that exploits an authentication flaw in their protocol and is subject to the undetectable on-line dictionary attack.
95 citations
••
[...]
TL;DR: This paper identifies a simple and easily verified characteristic of protocols, and shows that the Otway-Rees protocol remains correct even when used in combination with other protocols that have this characteristic.
Abstract: Strand space analysis is a method for stating and proving correctness properties for cryptographic protocols. In this paper we apply the same method to the related problem of mixed protocols, and show that a protocol can remain correct even when used in combination with a range of other protocols. We illustrate the method with the familiar Otway-Rees protocol. We identify a simple and easily verified characteristic of protocols, and show that the Otway-Rees protocol remains correct even when used in combination with other protocols that have this characteristic. We also illustrate this method on the Neuman-Stubblebine protocol. This protocol has two parts, an authentication protocol (I) in which a key distribution center creates and distributes a Kerberos-like key, and a reauthentication protocol (II) in which a client resubmits a ticket containing that key. The re-authentication protocol II is known to be flawed. We show that in the presence of protocol II, there are also attacks against protocol I. We then define a variant of protocol II, and prove an authentication property of I that holds even in combination with the modified II.
94 citations
••
TL;DR: This paper demonstrates that recently proposed SIP authentication schemes are insecure against attacks such as off-line password guessing attacks, Denning-Sacco attacks and stolen-verifier attacks.
93 citations
••
14 Jun 2009TL;DR: This work proposes a novel key agreement protocol that achieves mutual authentication without verification tables, but also allows users to anonymously interact with the server and is modelled and analyzed with Petri nets.
Abstract: A key agreement protocol is a protocol whereby two or more communicating parties can agree on a key or exchange information over an open communication network in such a way that both of them agree on the established session keys for use in subsequent communications. Recently, several key agreement protocols based on chaotic maps are proposed. These protocols require a verification table to verify the legitimacy of a user. Since this approach clearly incurs the risk of tampering and the cost of managing the table and suffers from the stolen-verifier attack, we propose a novel key agreement protocol based on chaotic maps to enhance the security. The proposed protocol not only achieves mutual authentication without verification tables, but also allows users to anonymously interact with the server. Moreover, security of the proposed protocol is modelled and analyzed with Petri nets. Our analysis shows that the proposed protocol can successfully defend replay attacks, forgery attacks, and stolen-verifier attacks.
93 citations