Otway–Rees protocol

About: Otway–Rees protocol is a research topic. Over the lifetime, 1975 publications have been published within this topic receiving 40569 citations.

Security Analysis of Some Recent Authentication Protocols for RFID

Abstract: Radio frequency identification technology has been increasingly used in many applications. However, there are many threats and security risks in the RFID systems since an insecure wireless channel exists between the reader and the tags. The security of RFID protocols must be designed and proved with careful cryptanalysis. In this paper, we analyze some RFID authentication protocols proposed recently. Firstly, Shen et al. propose an authentication protocol with strong privacy and security, but we prove that the attacker is able to impersonate a reader to desynchronize a tag by eavesdropping on and modifying the messages transmitted. Secondly, WeiHWang et al. claim that their hash function based protocol can resist from several attacks including denial of service attack, but we perform this attack by inducing a desynchronization of secret between server and tags. At last, Sandhya and Rangaswarmy propose an authentication protocol with many security features, while we present desynchronization attack and reader impersonation attack on this protocol.

A New Message Recognition Protocol with Self-recoverability for Ad Hoc Pervasive Networks

Abstract: We examine the problem of message recognition by reviewing the definitions and the security model in the literature. In particular, we examine the Jane Doe protocol, which was proposed by Lucks et al., more closely and note its inability to recover in case of a certain adversarial disruption. Our paper saves this well-studied protocol from its unrecoverable state when such adversarial disruption occurs. We propose a new message recognition protocol, which is based on the Jane Doe protocol, and incorporate the resynchronization technique within the protocol itself. That is, without having to provide a separate resynchronization procedure, we overcome the recoverability problem of the Jane Doe protocol. Moreover, we enumerate all possible attacks against the new protocol and show that none of the attacks can occur. We further prove the security of the new protocol and its ability to self-recover once the disruption has stopped.

Cryptanalysis of Park's Authentication Protocol in Wireless Mobile Communication Systems

Abstract: In 2004, C. Park proposed an authentication protocol to provide user anonymity and untraceability in wireless mobile communication systems. The real user identities are hidden and randomized by means of error-correcting codes. In this work, it is shown that Park’s protocol does not provide anonymity and untraceability. More precisely, the users real identities can be obtained easily by an eavesdropper. Furthermore, the protocol is not secure since the session key established in the authentication phase can also be obtained, breaking the confidentiality of the radio link.

On the automated correction of security protocols susceptible to a replay attack

Abstract: Although there exist informal design guidelines and formal development support, security protocol development is time-consuming because design is error-prone. In this paper, we introduce Shrimp, a mechanism that aims to speed up the development cycle by adding automated aid for protocol diagnosis and repair. Shrimp relies on existing verification tools both to analyse an intermediate protocol and to compute attacks if the protocol is flawed. Then it analyses such attacks to pinpoint the source of the failure and synthesises appropriate patches, using Abadi and Needham's principles for protocol design. We have translated some of these principles into formal requirements on (sets of) protocol steps. For each requirement, there is a collection of rules that transform a set of protocol steps violating the requirement into a set conforming it. We have successfully tested our mechanism on 36 faulty protocols, getting a repair rate of 90%.