Otway–Rees protocol

About: Otway–Rees protocol is a research topic. Over the lifetime, 1975 publications have been published within this topic receiving 40569 citations.

A computational analysis of the Needham-Schroeder-(Lowe) protocol

Abstract: The Needham Schroeder protocol and its repaired verdion due to Lowe are the main test cases used by symbolic methods for cryptographic protocol analysis. In this paper we proved the first computational analysis of the protocol. We start by translating Lowe's attack against the orginal protocol into the computational framework that we use in our analysis. Then we prove that the repaired protocol may not be secure. even when the encryption scheme that is used in its implementation satisfies indistinguishability under chosen-plaintext attack, This shows that symbolic security analysis is not sound for protocols that use this kind of encryption. Our main result is to prove that the Needham-schroeder-Lowe protocol is secure if it is Implemented with an encryption scheme that satisfies the stronger notion of indistinguishability under chosen-ciphertext attack.

Security Analysis and Improvement on Two RFID Authentication Protocols

Abstract: Several lightweight RFID authentication protocols have been proposed to settle the security and privacy problems. Nevertheless, most of these protocols are analyzed and they are not successful in their attempt to achieve the claimed security objectives. In this paper, we consider the security of two recently proposed typical RFID authentication protocols: RAPLT protocol and SRP+ protocol. RAPLT protocol is a new ultra-lightweight RFID protocol based on two new operations named $$merge$$merge and $$separation$$separation. Utilizing the linear property of the $$merge$$merge operation, we present a passive disclosure attack on RAPLT protocol, and we can deduce the shared secrets with overwhelming probability after eavesdropping about 100 round authentication sessions. SRP+ protocol is a novel secure RFID authentication protocol conforming to the EPC C-1 G-2 standard, and we present efficient de-synchronization attack and passive disclosure attack through exhaustive search. Our disclosure attack only needs one run of the protocol, and the attack complexity is $$O(2^{16})$$O(216) evaluation of the PRNG function in off-line analysis mode. In addition, to counteract the vulnerabilities, we propose a new modified version of SRP+ protocol, denoted by $$ SRP ^{++}$$SRP++, conforming to the EPC C-1 G-2 standard. Our security analysis demonstrates that $$ SRP ^{++}$$SRP++ protocol can resist the exhaustive search attack with the complexity $$O(2^{32})$$O(232), which is the optimal security bound.

Protocol agnostic request response pattern

Abstract: A system and method for facilitating communications over a protocol is provided. The system includes a class factory that holds identifiers associated with determining which, if any, registered protocol object creator should be employed to create a protocol object. The protocol object implements an abstract network protocol base class. The protocol object is employed to abstract details of communicating over a protocol and to provide a byte stream interface to communications occurring over the protocol, while removing protocol specific code from an application program. The method includes creating an instance of a protocol object from a source of registered protocol handlers based on a request to communicate over a protocol and using a base class API to communicate over the protocol through the protocol object.