Topic
Otway–Rees protocol
About: Otway–Rees protocol is a research topic. Over the lifetime, 1975 publications have been published within this topic receiving 40569 citations.
Papers published on a yearly basis
Papers
More filters
••
03 Dec 2011TL;DR: It is proved that the attacker is able to impersonate a reader to desynchronize a tag by eavesdropping on and modifying the messages transmitted and desynchronization attack and reader impersonation attack on this protocol.
Abstract: Radio frequency identification technology has been increasingly used in many applications. However, there are many threats and security risks in the RFID systems since an insecure wireless channel exists between the reader and the tags. The security of RFID protocols must be designed and proved with careful cryptanalysis. In this paper, we analyze some RFID authentication protocols proposed recently. Firstly, Shen et al. propose an authentication protocol with strong privacy and security, but we prove that the attacker is able to impersonate a reader to desynchronize a tag by eavesdropping on and modifying the messages transmitted. Secondly, WeiHWang et al. claim that their hash function based protocol can resist from several attacks including denial of service attack, but we perform this attack by inducing a desynchronization of secret between server and tags. At last, Sandhya and Rangaswarmy propose an authentication protocol with many security features, while we present desynchronization attack and reader impersonation attack on this protocol.
6 citations
••
16 May 2009TL;DR: In this article, a new message recognition protocol based on the Jane Doe protocol is proposed, which is able to overcome the recoverability problem of the original protocol by incorporating the resynchronization technique within the protocol itself.
Abstract: We examine the problem of message recognition by reviewing the definitions and the security model in the literature. In particular, we examine the Jane Doe protocol, which was proposed by Lucks et al., more closely and note its inability to recover in case of a certain adversarial disruption. Our paper saves this well-studied protocol from its unrecoverable state when such adversarial disruption occurs. We propose a new message recognition protocol, which is based on the Jane Doe protocol, and incorporate the resynchronization technique within the protocol itself. That is, without having to provide a separate resynchronization procedure, we overcome the recoverability problem of the Jane Doe protocol. Moreover, we enumerate all possible attacks against the new protocol and show that none of the attacks can occur. We further prove the security of the new protocol and its ability to self-recover once the disruption has stopped.
6 citations
•
TL;DR: It is shown that Park's protocol does not provide anonymity and untraceability and the users real identities can be obtained easily by an eavesdropper and the protocol is not secure since the session key established in the authentication phase can also be obtained, breaking the confidentiality of the radio link.
Abstract: In 2004, C. Park proposed an authentication protocol to provide user anonymity and untraceability in wireless mobile communication systems. The real user identities are hidden and randomized by means of error-correcting codes. In this work, it is shown that Park’s protocol does not provide anonymity and untraceability. More precisely, the users real identities can be obtained easily by an eavesdropper. Furthermore, the protocol is not secure since the session key established in the authentication phase can also be obtained, breaking the confidentiality of the radio link.
6 citations
••
TL;DR: It is shown in this paper that although this proposed protocol prevents this active attack, it remains vulnerable to a passive (simpler) off-line password-guessing attack.
6 citations
••
24 Sep 2007TL;DR: Shrimp is introduced, a mechanism that aims to speed up the development cycle by adding automated aid for protocol diagnosis and repair by translating Abadi and Needham's principles for protocol design into formal requirements on protocol steps.
Abstract: Although there exist informal design guidelines and formal development support, security protocol development is time-consuming because design is error-prone. In this paper, we introduce Shrimp, a mechanism that aims to speed up the development cycle by adding automated aid for protocol diagnosis and repair. Shrimp relies on existing verification tools both to analyse an intermediate protocol and to compute attacks if the protocol is flawed. Then it analyses such attacks to pinpoint the source of the failure and synthesises appropriate patches, using Abadi and Needham's principles for protocol design. We have translated some of these principles into formal requirements on (sets of) protocol steps. For each requirement, there is a collection of rules that transform a set of protocol steps violating the requirement into a set conforming it. We have successfully tested our mechanism on 36 faulty protocols, getting a repair rate of 90%.
6 citations