Topic
Otway–Rees protocol
About: Otway–Rees protocol is a research topic. Over the lifetime, 1975 publications have been published within this topic receiving 40569 citations.
Papers published on a yearly basis
Papers
More filters
01 Jan 2002
TL;DR: This paper proves the efficacy of a simple and general scheme in defending a protocol against replay attacks and believes that this work will be particularly useful in security critical applications and to protocol analyzers that are unable to detect some or all of the attacks in this class.
Abstract: : Replay attacks on security protocols have been discussed for quite some time in the literature However, the efforts to address these attacks have been largely incomplete, lacking generality and many times in fact, proven unsuccessful In this paper we address these issues and prove the efficacy of a simple and general scheme in defending a protocol against these attacks We believe that our work will be particularly useful in security critical applications and to protocol analyzers that are unable to detect some or all of the attacks in this class
84 citations
TL;DR: It is shown that Farash’s protocol is insecure against impersonation attack, password guessing attack, lacks user anonymity and is vulnerable to session-specific temporary information attack, and an upgraded protocol is proposed to enhance the security.
Abstract: Sessioninitiation protocol (SIP) reformed the controlling routine of voice over Internet Protocol based communication over public channels. SIP is inherently insecure because of underlying open text architecture. A number of solutions are proposed to boost SIP security. Very recently Farash (Peer to Peer Netw. Appl. 1–10, 2014) proposed an enhanced protocol to improve the security of Tu et al.’s protocol (Peer to Peer Netw. Appl. 1–8, 2014). Further, Farash claimed his protocol to be secure against all known attacks. However, in this paper we show that Farash’s protocol is insecure against impersonation attack, password guessing attack, lacks user anonymity and is vulnerable to session-specific temporary information attack. Further, we have proposed an upgraded protocol to enhance the security. The security and performance analysis shows that the proposed protocol reduced one point multiplication as compared with Farash’s protocol, while resisting all known attacks. We have proved the security of proposed protocol using automated tool ProVerif.
83 citations
22 Nov 1977
TL;DR: The Network Voice Protocol (NVP) as mentioned in this paper was developed by the Network Secure Communications group at ISI at the host-to-host protocol level, since the'regular' H2H protocol was found unsuitable for real-time network voice communication.
Abstract: : The Network Voice Protocol (NVP) described in this report was developed by the Network Secure Communications group at ISI at the host-to-host protocol level, since the 'regular' host-to-host protocol was found unsuitable for real-time network voice communication. The report describes in detail the control and data components of the protocol. Appendix 1 defines associated tables, and Appendix 2 presents some implementation recommendations.
82 citations
20 May 2007
TL;DR: This work presents attacks against two cognitive authentication schemes, designed to be secure against eavesdropping attacks while relying only on human cognitive skills, that are not secure against an eavesdropping adversary.
Abstract: We present attacks against two cognitive authentication schemes [9] proposed at the 2006 IEEE Symposium on Security and Privacy. These authentication schemes are designed to be secure against eavesdropping attacks while relying only on human cognitive skills. They achieve authentication via challenge response protocols based on a shared secret set of pictures. Our attacks use a SAT solver to recover a user's secret key in a few seconds, after observing only a small number of successful logins. These attacks demonstrate that the authentication schemes of [9] are not secure against an eavesdropping adversary.
81 citations
18 May 2015
TL;DR: This paper proposes a Key Management Protocol for mobile and industrial Internet of Things systems, targeting, at the same time, robust key negotiation, lightweight node authentication, fast re-keying, and efficient protection against replay attacks.
Abstract: This paper proposes a Key Management Protocol for mobile and industrial Internet of Things systems, targeting, at the same time, robust key negotiation, lightweight node authentication, fast re-keying, and efficient protection against replay attacks. The proposed approach pragmatically leverages widely accepted Elliptic Curve Cryptography constructions, specifically the (Elliptic Curve) "Fixed" Diffie Hellman key exchange and the (Elliptic Curve) Qu-Vanstone implicit certificates. Our value added is their suitable integration into a security protocol exchange, designed at layer 2, in the 802.15.4 protocol stack, which permits to i) avoid Elliptic Point multiplications upon rekeying of previously paired devices, and ii) support mutual authentication while securing the protocol exchange. To prove its viability, the proposed Key Management Protocol has been implemented and assessed on severely constrained devices. As expected, but made explicit and quantified by our experimental performance evaluation, the usage of implicit certificates in conjunction with an optimized message exchange yields impressive gains in terms of airtime consumption with respect to state of the art schemes.
81 citations