Otway–Rees protocol

About: Otway–Rees protocol is a research topic. Over the lifetime, 1975 publications have been published within this topic receiving 40569 citations.

Modification in Kerberos Assisted Authentication in Mobile Ad-Hoc Networks to Prevent Ticket Replay Attacks

Abstract: Security is an important issue for any type of networks, especially for wireless ad-hoc networks. Kerberos tickets used in KAMAN authentication scheme can be captured over the network are prone to replay attacks. The research work described in this document demonstrates that the modification in KAMAN protocol can increase authorization. We are proposed that all of contents are encapsulated in an encrypted packet. So the replay attacks become impossible. Moreover, in the proposed scheme there is no burden on the server and the client to undertake the modified KAMAN process. We also simulate describe architecture and verified that propose methods can reduce the chances of reply attack in MANET using KAMAN as authentication protocol.

SecSyWiSe: A secure time synchronization scheme in wireless sensor networks

Abstract: In this paper we suggest a protocol for secure data distribution in a one-way communication scenario aimed at time distribution for sensor networks. Our protocol is designed to support timestamps in any format, including repeating, resettable, and incomplete timestamps. The protocol requires a trusted powerful source node. We show that the protocol is immune to attacks including replay attacks, wormhole attacks, byzantine traitors, and node capture. These security features are achieved by the use of digital signatures with additional replay protection that is not based on time synchronization. Pulse delay attacks can be countered by the use of a filter accompaigned by a continuous timestamp format. The protocol relies on the source node to sign and broadcast messages with sufficient transmission power to reach all other nodes. These will not transmit any messages for time synchronization. We show that our protocol scales to networks of any density and allows for stealth applications. Conservative simulation results show that our protocol is more energy efficient for the sensor nodes than a comparable protocol.

Fractal: a mobile code-based framework for dynamic application protocol adaptation

Abstract: The rapid growth of heterogeneous devices and diverse networks in our daily life, makes it is very difficult, if not impossible, to build a one-size-fits-all application or protocol, which can run well in such a dynamic environment. Adaptation has been considered as a general approach to address the mismatch problem between clients and servers; however, we envision that the missing part, which is also a big challenge, is how to inject and deploy adaptation functionality into the environment. In this paper we propose a novel application level protocol adaptation framework, Fractal, which uses the mobile code technology for protocol adaptation and leverages existing content distribution networks (CDN) for protocol adaptors (mobile codes) deployment. To the best of our knowledge, Fractal is the first application level protocol adaptation framework that considers the real deployment problem using mobile code and CDN. To evaluate the proposed framework, we have implemented two case studies: an adaptive message encryption protocol and an adaptive communication optimization protocol. In the adaptive message encryption protocol, Fractal always chooses a proper encryption algorithm according to different application requirements and device characteristics. And the adaptive communication optimization protocol is capable of dynamically selecting the best one from four communication protocols, including Direct sending, Gzip, Bitmap, and Vary-sized blocking, for different hardware and network configurations. In comparison with other adaptation approaches, evaluation results show the proposed adaptive approach performs very well on both the client side and server side. For some clients, the total communication overhead reduces 41% compared with no protocol adaptation mechanism, and 14% compared with the static protocol adaptation approach.

Formal verification of a key establishment protocol for EPC Gen2 RFID systems: work in progress

Abstract: The EPC Class-1 Generation-2 (Gen2 for short) is a standard Radio Frequency Identification (RFID) technology that has gained a prominent place on the retail industry. The Gen2 standard lacks, however, of verifiable security functionalities. Eavesdropping attacks can, for instance, affect the security of monitoring applications based on the Gen2 technology. We are working on a key establishment protocol that aims at addressing this problem. The protocol is applied at both the initial identification phase and those remainder operations that may require security, such as password protected operations. We specify the protocol using the High Level Protocol Specification Language (HLPSL). Then, we verify the secrecy property of the protocol using the AVISPA model checker tool. The results that we report show that the current version of the protocol guarantees sensitive data secrecy under the presence of a passive adversary.

Methods, systems, and computer readable media for providing access network protocol interworking and authentication proxying

Abstract: The subject matter described herein includes methods, systems, and computer readable media for access network protocol interworking and authentication proxying. One method includes receiving an authentication request from a node in an access network for authenticating a user using cellular network authentication. The method further includes, in response to the request, using a native protocol of the cellular network to obtain an authentication challenge from a node in the cellular network. The method further includes communicating the authentication challenge to the node in the access network. The method further includes receiving a response to the authentication challenge from the node in the access network. The method further includes determining whether the response matches an expected response. The method further includes, in response to determining that the response matches the expected response, communicating an indication of successful authentication to the node in the access network.