Otway–Rees protocol

About: Otway–Rees protocol is a research topic. Over the lifetime, 1975 publications have been published within this topic receiving 40569 citations.

Understanding the intruder through attacks on cryptographic protocols

Abstract: The vulnerability and importance of computers, robots, internet etc, demand the employment of exceedingly reliable methods in the design of secure systems. Security protocols are one of the most important design parameters. History has proven security protocols to be vulnerable even after they enjoyed circumspect design and meticulous review by experts. We posit that understanding the subtle issues in security protocols is important when designing a protocol. In particular, understanding a penetrator and the knowledge of different attack strategies that a penetrator can apply are among the most important issues that affect the design of security protocols. We describe the notion of a penetrator and specify his characteristics. Our purpose is to emphasize the design criteria of an authentication protocol through the use of some nice and subtle attacks that existed in the literature in the field of the design of security protocols.

Security of the TCG Privacy-CA Solution

Abstract: The privacy-CA solution (PCAS) is a protocol designed by the Trusted Computing Group (TCG) as an alternative to the Direct Anonymous Attestation scheme for anonymous authentication of Trusted Platform Module (TPM). The protocol has been specified in TPM Specification Version 1.2. In this paper we offer a rigorous security analysis of the protocol. We first design an appropriate security model that captures the level of security offered by PCAS. The model is justified via the expected uses of the protocol in real applications. We then prove, assuming standard security notions for the underlying primitives that the protocol indeed meets the security notion we design. Our analysis sheds some light on the design of the protocol. Finally, we propose a strengthened protocol that meets a stronger notion of security where the adversary is allowed to adaptively corrupt TPMs.

Compositional Analysis of Authentication Protocols

Abstract: We propose a new method for the static analysis of entity authentication protocols. We develop our approach based on a dialect of the spi-calculus as the underlying formalism for expressing protocol narrations. Our analysis validates the honest protocol participants against static (hence decidable) conditions that provide formal guarantees of entity authentication. The main result is that the validation of each component is provably sound and fully compositional: if all the protocol participants are successfully validated, then the protocol as a whole guarantees entity authentication in the presence of Dolev-Yao intruders.

Attacks on a lightweight mutual authentication protocol under EPC C-1 G-2 standard

Abstract: Yeh et al. have recently proposed a mutual authentication protocol based on EPC Class-1 Gen.-2 standard. They claim their protocol is secure against adversarial attacks and also provides forward secrecy. In this paper we show that the proposed protocol does not have cited security features properly. A powerful and practical attack is presented on this protocol whereby the whole security of the protocol is broken. Furthermore, Yeh et al.'s protocol does not assure the untraceabilitiy and backwarduntraceabilitiy attributes. We also will propose our revision to safeguard the Yeh et al.'s protocol against cited attacks.

Provably secure and pairing-free identity-based handover authentication protocol for wireless mobile networks

Abstract: This study presented an efficient design of identity-based handover authentication protocol for wireless mobile networks under the prime-order elliptic curve cryptosystem. The present work does not include the time-consuming and expensive bilinear pairing and map-to-point hash functions. The proposed protocol is analyzed in the random oracle model and also demonstrated to have other security properties, including protection against replay attack and denial-of-service attack, user anonymity and unlinkability, subscription validation, conditional privacy preservation, and mutual authentication. Our handover authentication protocol is examined to be more efficient from the size of the security parameter and computation costs than the previous protocols. Copyright © 2014 John Wiley & Sons, Ltd.