Otway–Rees protocol

About: Otway–Rees protocol is a research topic. Over the lifetime, 1975 publications have been published within this topic receiving 40569 citations.

Stateful traffic replay for web application proxies

Abstract: It is a common practice to test a network device by replaying network traffic onto it and observe its reactions. Many replay tools support Transmission Control Protocol/Internet Protocol stateful traffic replay and hence can be used to test switches, routers, and gateway devices. However, they often fail if the device under test DUT is an application level proxy. In this paper, we design and implement ProxyReplay to replay application-layer traffic for network proxies. As many application proxies have built-in security functions, the main purpose of this tool is to evaluate the security functionalities of DUTs using payloads constructed from real network traces. ProxyReplay modifies requests and responses and maintains queues for request-response pairs to resolve the issues of protocol dependency, functional dependency, concurrent replay, and error resistance. The solution provides two replay modes, that is, the preprocess mode and the concurrent mode. Depending on the benchmark scenario, we show that the preprocess mode is better for benchmarking the performance capability of a DUT. In contrast, the concurrent mode is used when the replayed trace file is extremely large. Our experiments show 99% accuracy. In addition, the replay performance exceeds 320 Mbps by running the benchmark with an off-the-shelf personal computer in the preprocess mode. Copyright © 2014 John Wiley & Sons, Ltd.

Method for testing safety access protocol conformity of access point and apparatus thereof

Abstract: A method and apparatus for testing safety access protocol conformity of access point includes the follow steps: capturing certification protocol data packet generated in safety access certification procedure of the access point, detecting and analyzing package format and protocol flow process of the safety access protocol data packet. Test result does not depend on implement of high layer in according to the present invention, and it is possible to achieve true test result even if implement of a standard device is not exact, so it increases the veracity of test result; further, it is possible to accurately find out the false place of protocol implement by capturing detail information from protocol data packets in according to the present invention, so it increases simulation test for possible abnormal situation and ensure the product of passing test accord with standard regulation and interoperation.

Design and analysis of a wireless authentication protocol against DoS attacks based on Hash function

Abstract: Denial of service(DoS) by exhausting the server resources has become a major security threat in open networks.Particularly,wireless networks are vulnerable to DoS attacks when they have much fewer system resources than the wired counterparts.The basic strategy against DoS attacks is to impose an adjustable cost on the attackers while the attacks are being launched.An authentication protocol against DoS attacks that is improved by asking the client to commit its system resources to the execution of the protocol before the server allocates its memory and processing time.The server sends the client a puzzle whose solution requires a brute force search for some bits of the inverse of an one way Hash function.The difficulty of the puzzle is parameterized according to the server available resources.The server stores the protocol state and computes expensive public key operations only after it has verified the client's solution.The puzzle protects the server that authenticates the clients against resource exhaustion attacks during the first messages of the connection opening before the clients are reliably authenticated.Then a four pass public key authentication and key establishment protocol is proposed.

Model-Checking a Secure Gorup Communication Protocol: A Case Study

Abstract: With the explosive growth of the Internet and the distributed applications it supports, there is a pressing need for secure group communications — the ability of a group of agents to communicate securely with each other while allowing members to join or leave the group. Prompted by the success of other researchers in applying finite-state model-checking tools to the verification of small security protocols, we decided to attempt a larger security protocol: a recently published protocol for secure group communication. Not surprisingly, creating an ad hoc abstract model suitable for model-checking required cleverness, and state explosion was always a threat. Nevertheless, with minimal effort, the model checking tool discovered two flaws in the protocol, one of which has not been reported previously. We conclude our paper with a discussion of possible fixes to the protocol, as well as suggested verification tool improvements that would have simplified our task.

Verification of Authentication Protocols using SDL-method

Abstract: Authentication between protocol agents is widely studied in the cryptographic protocol analysis area. It is essential in a virtual environment to rely on protocol parties' identity. In the academic literature there are many protocols that provide the authentication property. We present in this paper a new mechanism to verify authentication using SDL, general purpose specification language. We have defined a generic schema in SDL that allow us to specify a security system and check system behavior when a malicious agent ( the intruder ) is present. We have used the EKE authentication protocol to illustrate who the mechanism works.