Topic
Otway–Rees protocol
About: Otway–Rees protocol is a research topic. Over the lifetime, 1975 publications have been published within this topic receiving 40569 citations.
Papers published on a yearly basis
Papers
More filters
15 Dec 2007
TL;DR: An improvement called authenticated authentication test (AAT) is presented and an analysis of Denning-Sacco and other protocols using AAT shows that the improved method is effective.
Abstract: Authentication Test (AT), based on strand spaces, is a method used to verify cryptographic protocols. This paper identifies an inaccuracy existing in AT and presents an improvement called authenticated authentication test (AAT). An analysis of Denning-Sacco and other protocols using AAT shows that the improved method is effective.
5 citations
20 Jun 2005
TL;DR: A new service authentication protocol is proposed by means of which many networks are linked together forming an ad hoc network system that will provide an aggregated range of services to users.
Abstract: []: When an IP network is unable to provide users with demanded services, it usually outsources to other networks Outsourcing will involve the process of authenticating users for services over IP networks The process can become complex when different networks have different authentication schemes, in which users are required to provide varying sets of information for service authentication In this paper, we propose a new service authentication protocol by means of which many networks are linked together forming an ad hoc network system This ad hoc network system will provide an aggregated range of services to users Individual networks within the system retain their own authentication schemes and the result of user authentication can be relayed to other networks within the system We argue that with this protocol, the burden of collecting authentication information and obtaining authentication for each outsourced service is alleviated We also demonstrate how to construct a service authentication framework and apply the protocol in two case studies
5 citations
30 Aug 2011
TL;DR: An improvement by using the alternative items of TCP packets, on this basis of which a security protocol is designed with authentication, which is compatible with the original protocol, adding authentication against various attacks.
Abstract: TCP three-way handshake protocol has a variety of security risks for the absence of safety certification, not enabling to make immense modification in it if maintained compatibility with the protocol.In this paper, we present an improvement by using the alternative items of TCP packets, on this basis of which a security protocol is designed with authentication. The new protocol is compatible wth the original protocol, adding authentication against various attacks. The formal analysis proves that the security protocol is in accordance with established safety goals.
5 citations
25 Sep 2006
TL;DR: It is demonstrated that Ma et al.'s M-PAP protocol is still vulnerable to off-line password guessing attacks, and an improvement to the protocol is presented, in order to isolate such a problem.
Abstract: In 2006, Ma et al. found flaws in the original and fixed versions of the PAP protocol by using a new knowledge-based framework, and presented an enhanced PAP (MPAP) protocol. The current paper, however, demonstrates that Ma et al.?s M-PAP protocol is still vulnerable to off-line password guessing attacks. Then, we present an improvement to the protocol, in order to isolate such a problem.
5 citations
Journal Article•
TL;DR: The proposed protocol can complete entity authentication and dynamic key agreement in real time and efficiently while the forgery, the malicious replay and the de-synchronization attack are effectively resisted.
Abstract: Since electricity consumption information acquisition system relates to such core data as the billing information and the privacy of residential electricity consumption and so on, a higher demand in confidentiality, integrity and adaptability for the generation, transmission and storage of data has to be put forward. Based on the certificate authority(CA) system of State Grid Corporation of China(SGCC) and utilizing the idea of digital signature and challenge-response mechanism combined with MAC dynamic key negotiation, a mutual authentication protocol suitable for electricity consumption information acquisition system is proposed. Using non-formalized method and colored Petri net theory based formal analysis method, the state transition analysis and the security demonstration of the proposed protocol are implemented to prove that the proposed protocol can realize such security attributes as multiple authentication, forward security, backward security and so on under the premise of achieving the expected state of operation successfully. Besides, the proposed protocol can complete entity authentication and dynamic key agreement in real time and efficiently while the forgery, the malicious replay and the de-synchronization attack are effectively resisted. Finally, the applicability and availability of the proposed protocol in electricity consumption information acquisition system are analyzed.
5 citations