Topic
Otway–Rees protocol
About: Otway–Rees protocol is a research topic. Over the lifetime, 1975 publications have been published within this topic receiving 40569 citations.
Papers published on a yearly basis
Papers
More filters
01 Jan 2012
TL;DR: An analysis of security and simulation of the related response time to prove that the proposed enhanced protocol for authentication and key agreement on the UMTS has the same security properties as the proposed cocktail protocol, but also can satisfy mobile computation requirement with high efficiency.
Abstract: Recently Ou et al. proposed a cocktail protocol for authentication and key agreement on the UMTS. However, our investigation noticed, their protocol has a weakness. It cannot prevent HLR or mobile users’ overcharges from the malicious VLR by forging the authentication messages. This paper will illustrate this weakness and propose an enhanced protocol to solve this problem. In addition, an analysis of security and simulation of the related response time to prove that our protocol not only has the same security properties as the proposed cocktail protocol, but also can satisfy mobile computation requirement with high efficiency.
15 Apr 2011
TL;DR: The result shows that the CHAP protocol with double-factor authentication has some security holes and can't achieve the security requirement of the design.
Abstract: The method of double-factor authentication is usually embedded in CHAP (Challenge Handshake Authentication Protocol) to enhance the security of the authentication service. The CHAP protocol with double-factor authentication is formally verified from the intruder's aspect, and some data structures is abstracted from the protocol to build up the framework of reasoning-logic. By the means of adverse deduction, the framework of reasoning-logic is analyzed thoroughly, the flaws of the CHAP protocol is found and the corresponding attacking scenario is given. The result shows that the CHAP protocol with double-factor authentication has some security holes and can't achieve the security requirement of the design.
21 May 2016
TL;DR: To against the attacks which threat seriously security of Ad Hoc network, a new authentication scheme is proposed, which involves three main stages and some advantages and drawbacks are discussed.
Abstract: In this paper, some typical wireless attacks are considered, such as masquerade attack, black hole attack and replay attacks. To against the attacks which threat seriously security of Ad Hoc network, a new authentication scheme is proposed. The proposed scheme involves three main stages. Some advantages and drawbacks are discussed compared with other solutions presented in previous researches.
01 Jan 2007
TL;DR: This work introduces an explicit notion of security objectives for a security protocol, and builds a formal model that provides basis for the formal verification of security protocols, and presents a formal proof of authentication of the 4-way handshake of the 802.11i protocol.
Abstract: The security objectives enforce the security policy, which defines what is to be protected in a network environment. The violation of these security objectives induces security threats. We introduce an explicit notion of security objectives for a security protocol. This notion should precede the formal verification process. In the absence of such a notion, the security protocol may be proven correct despite the fact that it is not equipped to defend against all potential threats. In order to establish the correctness of security objectives, we present a formal model that provides basis for the formal verification of security protocols.
We also develop the modal logic, proof based, and multi-agent approaches using the Strand Space framework. In our modal logic approach, we present the logical constructs to model a protocol’s behavior in such a way that the participants can verify different security parameters by looking at their own run of the protocol. In our proof based model, we present a generic set of proofs to establish the correctness of a security protocol. We model the 802.11i protocol into our proof based system and then perform the formal verification of the authentication property. The intruder in our model is imbued with powerful capabilities and repercussions to possible attacks are evaluated. Our analysis proves that the authentication of 802.11i is not compromised in the presented model. We further demonstrate how changes in our model will yield a successful man-in-the-middle attack.
Our multi-agent approach includes an explicit notion of multi-agent, which was missing in the Strand Space framework. The limitation of Strand Space framework is the assumption that all the information available to a principal is either supplied initially or is contained in messages received by that principal. However, other important information may also be available to a principal in a security setting, such as a principal may combine information from different roles played by him in a protocol to launch a powerful attack. Our presented approach models the behavior of a distributed system as a multi-agent system. The presented model captures the combined information, the formal model of knowledge, and the belief of agents over time. After building this formal model, we present a formal proof of authentication of the 4-way handshake of the 802.11i protocol.