Topic
Otway–Rees protocol
About: Otway–Rees protocol is a research topic. Over the lifetime, 1975 publications have been published within this topic receiving 40569 citations.
Papers published on a yearly basis
Papers
More filters
••
TL;DR: It is found that the STPKE protocol is still vulnerable to undetectable on-line password guessing attacks by using formal description, BPR model, and a countermeasure is suggested to resist these attacks.
57 citations
••
TL;DR: A secure ECC-based authentication mechanism to conquer many forms of attacks in previous schemes is proposed and it is shown that it is suitable for applications with higher security requirements.
57 citations
••
TL;DR: A secure protocol for spontaneous wireless ad hoc networks which uses an hybrid symmetric/asymmetric scheme and the trust between users in order to exchange the initial data and the secret keys that will be used to encrypt the data is presented.
Abstract: This paper presents a secure protocol for spontaneous wireless ad hoc networks which uses an hybrid symmetric/asymmetric scheme and the trust between users in order to exchange the initial data and to exchange the secret keys that will be used to encrypt the data. Trust is based on the first visual contact between users. Our proposal is a complete self-configured secure protocol that is able to create the network and share secure services without any infrastructure. The network allows sharing resources and offering new services among users in a secure environment. The protocol includes all functions needed to operate without any external support. We have designed and developed it in devices with limited resources. Network creation stages are detailed and the communication, protocol messages, and network management are explained. Our proposal has been implemented in order to test the protocol procedure and performance. Finally, we compare the protocol with other spontaneous ad hoc network protocols in order to highlight its features and we provide a security analysis of the system.
57 citations
•
31 Dec 2012
TL;DR: The protocol evaluation by using security protocol verification tool shows that IECAC is secure against these attacks, and performance analysis of the protocol in terms of computational time and compared with other existing solutions is discussed.
Abstract: Internet of Things (IoT) become discretionary part of everyday life and could befall a threat if security is not considered before deployment. Authentication and access control in IoT is equally important to establish secure communication between devices. To protect IoT from man in middle, replay and denial of service attacks, the concept of capability for access control is introduced. This paper presents Identity establishment and capability based access control (IECAC) protocol using ECC (Elliptical Curve Cryptography) for IoT along with protocol evaluation, which protect against the aforementioned attacks. The protocol evaluation by using security protocol verification tool shows that IECAC is secure against these attacks. This paper also discusses performance analysis of the protocol in terms of computational time and compared with other existing solutions.
56 citations
••
05 Jun 1989TL;DR: A framework for designing a type of distributed authentication protocol, whose security and availability are higher compared to those of centralized ones, and which uses the technique of secret sharing and introduces a cross checksum scheme to achieve secure replication.
Abstract: A framework for designing a type of distributed authentication protocol is given, whose security and availability are higher compared to those of centralized ones. It uses the technique of secret sharing and introduces a cross checksum scheme to achieve secure replication. Fewer than a certain number of malicious servers cannot damage security except by causing denial of service, and this only happens when too many honest servers accidentally fail at the same time. The protocol is suited to an environment where no trustworthiness of any server is permanently guaranteed. The approach is general enough not to rely on any particular authentication protocol. Existing implementations need minor modification. Only a short piece of code is needed to run the implementations as many times as required. Hence, different centralized protocols can be incorporated into one distributed protocol. >
56 citations